Symfony 2使用IP保护登录 [英] Symfony 2 Securing Login with IP
问题描述
我有一个防火墙规则,它与注释一起仅允许以特定用户的身份访问操作。
I have a firewall rule which together with annotations allows only access to actions as specific user.
此外,如果不是来自任何用户,我想阻止任何登录。某个网络。在寻找解决方案的过程中,我根据此指南遇到了其他access_control规则。
Additionally I would love to block ANY login if it is not coming from a certain network. Searching for a solution I came across additional access_control rules following this guide.
如果我通过IP规则限制登录页面,就会出现问题。如果有人尝试达到此错误,则总是会出现 ERR_TOO_MANY_REDIRECTS
错误。我宁愿收到找不到页面消息,甚至不让外界知道有人可以登录。
The problem there is, if I restrict my login page via IP rules. I always get an ERR_TOO_MANY_REDIRECTS
error if someone tries to reach it. I would rather love to have a "Page not Found" message to not even make someone from outside aware there could be any login.
如何用Symfony做到这一点?
How can I do this with Symfony?
security.yml:
security:
...
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
default:
form_login:
provider: fos_userbundle
login_path: /login
use_forward: false
logout: true
anonymous: true
access_control:
- { path: ^/logout$, role: ROLE_ADMIN }
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https, ips: [127.0.0.1, fe80::1, ::1]}
- { path: ^/login$, roles: ROLE_NO_ACCESS }
- { path: ^/admin, role: ROLE_ADMIN, requires_channel: https}
推荐答案
如果我没记错的话Symfony在这里所做的是尝试使用户的角色与路径所需的角色匹配。
如果与这些角色之一不匹配,它将把用户发送到登录页面。
If I am not mistaken, what Symfony does here, is try and match the role of the user to what is required for the path. If it doesn't match one of those roles, it sends the user to the login page.
问题是,登录页面是用户所在的位置刚刚来自。因此,用户将陷入无限循环,因为永远无法满足他们的条件。
The problem is, the login page is where the user has just come from. Thus the user gets into an infinite loop as their condition can never be met.
我建议将登录页面本身置于防火墙之外,而仅将IP检查置于LOGIN页面的代码,如果不符合,则转储到不在防火墙内的其他位置。
I would suggest putting the login page itself outside of the firewall and just put the IP check within the code of the LOGIN page and if not met, dump out somewhere else, which isn't within the firewall.
这篇关于Symfony 2使用IP保护登录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!