如何在 Symfony2 中创建 IP 黑名单? [英] How to create IP blacklist in Symfony2?
问题描述
是的,我知道有食谱中的选民教程.但我正在寻找稍微不同的东西.我需要两层不同的黑名单:
Yes, I know there's Voter tutorial in cookbook. But I'm looking for something slightly different. I need two different layers of blacklisting:
- 拒绝某些 IP 访问整个站点
- 拒绝某些 IP 登录
我编写了 Voter 来检查用户的 IP 是否在数据库中.对于第一种情况,我编写了一个内核侦听器,用于检查每个请求并在遇到被禁止的用户时抛出 403:
I wrote Voter that checks if user's IP is in database. For first scenario, I wrote a kernel listener that checks every request and throws 403 in case it encounters banned user:
if (VoterInterface::ACCESS_DENIED === $this->voter->vote($token, $this, array())) {
throw new AccessDeniedHttpException('Blacklisted, punk!');
}
第一个问题在于VoterInterface 本身,这迫使我使用 TokenInterface $token,在这种情况下我真的不需要.但我想这并不重要.接下来是我实际上不得不使用 AccessDeniedHttpException 为 AccessDeniedException 总是尝试将我重定向到登录页面并在这种情况下导致无限重定向循环.我会接受它,因为它在 dev 环境中工作得很好,但是当我切换到 prod 时,我在 prod 日志中不断收到 503:
First problem lies in VoterInterface itself, which forces me to use TokenInterface $token, which I don't really need in this case. But that doesn't matter that much I guess. Next thing is that I actually had to use AccessDeniedHttpException as AccessDeniedException always tries to redirect me to login page and causes endless redirect loop in this case. I'd live with it as it works just fine in dev environment, but when I switch to prod I keep getting 503 with following in prod log:
[2011-11-21 20:54:04] security.INFO:用一个匿名令牌 [] []
[2011-11-21 20:54:04] security.INFO: Populated SecurityContext with an anonymous Token [] []
[2011-11-21 20:54:04] request.ERROR:Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException:黑名单,朋克!(未捕获的异常)在 xxx 第 28 行 [] []
[2011-11-21 20:54:04] request.ERROR: Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException: Blacklisted, punk! (uncaught exception) at xxx line 28 [] []
[2011-11-21 20:54:04] request.ERROR:处理异常时抛出异常例外(Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException:黑名单,朋克!) [] []
[2011-11-21 20:54:04] request.ERROR: Exception thrown when handling an exception (Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException: Blacklisted, punk!) [] []
据我所知,xdebug 可能有问题,但即使我关闭它也会发生.我也尝试过 vanilla \Exception 并且它做同样的事情.任何人都知道为什么会发生?或者可能是针对此类黑名单情况的其他解决方案.
From what I've read, it might be problem with xdebug, but it happens even when I turn it off. I also tried vanilla \Exception and it does the same thing. Anyone have any idea why it happens? Or maybe some other solution for such blacklisting case.
另外,我不知道如何解决第二种情况,因为我不知道如何在用户获得令牌分配之前阻止他.我目前的解决方案是处理 InteractiveLoginEvent,检查用户是否被列入黑名单,如果是,则删除他的令牌.它似乎并不安全,我对它不太满意.那么,知道如何解决这个问题吗?我想我只是错过了一些明显的登录前事件".
Also, I've no idea how to solve second case as I don't know how to stop user before he gets token assigned. My current solution is dealing with InteractiveLoginEvent, checking if user is blacklisted and if so, removing his token. It doesn't seem to be a safe one and I'm not really comfortable with it. So, any idea how to solve this one? I guess I'm just missing some obvious "pre login event".
推荐答案
要拒绝访问整个网站,您可以调整用于保护开发环境的白名单代码.在 app.php 中粘贴类似的内容:
To deny access to the entire website, you can adapt the whitelist code used to secure the dev environment. Stick something like this in app.php:
if (in_array(@$_SERVER['REMOTE_ADDR'], array('127.0.0.1', '1.2.3.4',))) {
header('HTTP/1.0 403 Forbidden');
exit('You are not allowed to access this site.');
}
这篇关于如何在 Symfony2 中创建 IP 黑名单?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
