Menu
In my Symfony2 project I want the app_dev.php only be accessible by my IP address. Like in the config.php i can set an array of IP's so this file is not accessible by everyone. Is this also possible for the app_dev.php ?
967
In app_dev.php you will find below code
if (isset($_SERVER['HTTP_CLIENT_IP'])
|| isset($_SERVER['HTTP_X_FORWARDED_FOR'])
|| !in_array(@$_SERVER['REMOTE_ADDR'], array('127.0.0.1', 'fe80::1', '::1'))
) {
header('HTTP/1.0 403 Forbidden');
exit('You are not allowed to access this file. Check '.basename(__FILE__).' for more information.');
}
You can set IP addresses from which you want to access here.
if (!in_array(@$_SERVER['REMOTE_ADDR'], array('Your IP address', '127.0.0.1', 'fe80::1', '::1'))
) {
header('HTTP/1.0 403 Forbidden');
exit('You are not allowed to access this file. Check '.basename(__FILE__).' for more information.');
}
This is a slight variation on @chanchal118 's answer. Our sites are behind a load balancer so IPs work slightly differently. Hopefully will be helpful for people with similar set ups.
I'd also be interested in hearing any thoughts on security concerns if IPs were spoofed.
//todo this may be a security concern if someone managed to spoof their IP as one of these
$allowedIPs = array('127.0.0.1', 'fe80::1', '::1', 'my.organisation.ip.address');
//allow app_dev.php only under these conditions (prevent for production environment) uses HTTP_X_FORWARDED_FOR because behind load balancer
if (
isset($_SERVER['HTTP_X_FORWARDED_FOR']) &&
( ! in_array(@$_SERVER['HTTP_X_FORWARDED_FOR'], $allowedIPs) )
){
header('HTTP/1.0 403 Forbidden');
exit('You are not allowed to access the development environment.');
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
