Skip to content

The given value "127.0.0.1,127.0.0.2" in the "security.access_control" config option is not a valid IP address #40864

New issue
New issue
Closed
Closed
The given value "127.0.0.1,127.0.0.2" in the "security.access_control" config option is not a valid IP address#40864
Labels
BugSecurityStatus: Needs Review
@zidaneus

Description

@zidaneus
zidaneus
opened on Apr 19, 2021

Symfony version(s) affected: 5.2.6

Description
https://symfony.com/doc/current/security/access_control.html#matching-options
ip or ips: netmasks are also supported (can be a comma-separated string)

But if you specify ip with a comma separator, then we get an error: "The given value "127.0.0.1,127.0.0.2" in the "security.access_control" config option is not a valid IP address" in \Symfony\Bundle\SecurityBundle\DependencyInjection\SecurityExtension::createRequestMatcher
How to reproduce
config/packages/security.yaml

security:
  ...
  access_control:
      -
         path: "^/some/path/.*$"
         ips: '127.0.0.1,127.0.0.2'
         roles: ["IS_AUTHENTICATED_ANONYMOUSLY"]
         methods: ["POST"]

Validate security bundle configuration.

Metadata

Metadata

Assignees

No one assigned

    Labels

    BugSecurityStatus: Needs Review

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions