Symfony 2 使用 IP 保护登录 [英] Symfony 2 Securing Login with IP
问题描述
我有一个防火墙规则,它与注释一起只允许以特定用户的身份访问操作.
I have a firewall rule which together with annotations allows only access to actions as specific user.
此外,如果不是来自某个网络,我很想阻止任何登录.在寻找解决方案时,我遇到了遵循此指南的其他访问控制规则.
Additionally I would love to block ANY login if it is not coming from a certain network. Searching for a solution I came across additional access_control rules following this guide.
问题是,如果我通过 IP 规则限制我的登录页面.如果有人试图访问它,我总是会收到 ERR_TOO_MANY_REDIRECTS 错误.我宁愿有一个找不到页面"的消息,甚至不让外部的人知道可能有任何登录.
The problem there is, if I restrict my login page via IP rules. I always get an ERR_TOO_MANY_REDIRECTSerror if someone tries to reach it. I would rather love to have a "Page not Found" message to not even make someone from outside aware there could be any login.
我怎样才能用 Symfony 做到这一点?
How can I do this with Symfony?
security.yml:
security:
...
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
default:
form_login:
provider: fos_userbundle
login_path: /login
use_forward: false
logout: true
anonymous: true
access_control:
- { path: ^/logout$, role: ROLE_ADMIN }
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https, ips: [127.0.0.1, fe80::1, ::1]}
- { path: ^/login$, roles: ROLE_NO_ACCESS }
- { path: ^/admin, role: ROLE_ADMIN, requires_channel: https}
推荐答案
如果我没记错的话,Symfony 在这里所做的就是尝试将用户的角色与路径所需的内容相匹配.如果它不匹配这些角色之一,它会将用户发送到登录页面.
If I am not mistaken, what Symfony does here, is try and match the role of the user to what is required for the path. If it doesn't match one of those roles, it sends the user to the login page.
问题是,登录页面是用户刚来的地方.因此,用户进入无限循环,因为他们的条件永远无法满足.
The problem is, the login page is where the user has just come from. Thus the user gets into an infinite loop as their condition can never be met.
我建议将登录页面本身放在防火墙之外,并将 IP 检查放在登录页面的代码中,如果不符合,则转储到不在防火墙内的其他地方.
I would suggest putting the login page itself outside of the firewall and just put the IP check within the code of the LOGIN page and if not met, dump out somewhere else, which isn't within the firewall.
这篇关于Symfony 2 使用 IP 保护登录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
