|
|
symfony developers |
I put the following by default in the htaccess files of my symfony
applications to limit access to _dev-files to my machine only:
<FilesMatch "_dev\.php$">
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</FilesMatch>
In the "Allow from" line you can also put multiple IPs or masks.
I don't think this should be configurable in a yaml file because yaml
it is too error-prone for security-related options: One whitespace
character too much and the configuration line is ignored.
Michel
On 1/23/08, Ian P. Christian <poo...@pookey.co.uk> wrote:
> Fabian Lange wrote:
> > Hi,
> > as I am still running across symfony pages that have their dev env in
> > production I want to bring this up to dev-list notice. Any thoughts of
> > integrating a combination of Ant's and my idea?
> > I really think that enabling _dev on production should be a conscious step.
> I vote for having IP's (well, CIDR's preferably) defined somewhere for
> limting access to the dev controller.
> I would advise, by default, it allowed 127.0.0.1/32. Maybe if there is
> no /, it should assume a /32 mask. Also, it would be nice if it
> supported the syntax:
> 192.168.0.0/255.255.255.0
> as not everyone knows that that means /24.
> So... in summary, this should be allowed:
> dev:
> addresses:
> - 127.0.0.1
> - 192.168.0.0/24
> - 70.249.110.0/255.255.255.0
> It's a great idea, but... we just need to find someone sufficiently
> motivated to implement it :)