Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Symfony2: How to restrict / deny access to certain routes by IP address?

I'd like to disallow access to /login and /register if a client's IP address has been banned.

The (black-) list of banned IPs is stored in the database.

How can I solve this?

like image 367
Einius Avatar asked Mar 28 '15 10:03

Einius


2 Answers

Since symfony 2.4 you can use the Expression Language Component in your config-files.

Now implementing a simple IP check is easy:

  • create a service (i.e. access_manager) with a method (i.e. getBannedIPs()) that fetches the list of banned IPs from your storage layer
  • Add an expression to your security configuration that compares the returned array against the client's IP address
  • That's it.

example

# app/config/security.yml
security:
    # ...
    access_control:
        - path: ^/(login|register)$
          allow_if: "request.getClientIp() not in @=service('access_manager').getBannedIPs()"
like image 63
Nicolai Fröhlich Avatar answered Nov 12 '22 12:11

Nicolai Fröhlich


Use controllers events (preferred)

You can subscribe to events on registration controller.

For registration, you can subscribe to REGISTRATION_INITIALIZE event.

Here is the doc for controller events.

Overriding controller methods

The second solution is to override login and register controller methods but you will have to duplicate all code of the login/register action.

like image 2
Fidan Hakaj Avatar answered Nov 12 '22 13:11

Fidan Hakaj