Skip to content

Commit 02a814e

Browse files
wouterjwouterj
committed
feature #14219 Added ability to use csv ips in security.access_control (a-menshchikov)
This PR was merged into the master branch. Discussion ---------- Added ability to use csv ips in security.access_control Commits ------- 082923b Added ability to use csv ips in security.access_control
2 parents b515661 + 082923b commit 02a814e

File tree

1 file changed

+67
-0
lines changed

1 file changed

+67
-0
lines changed

security/access_control.rst

+67
Original file line numberDiff line numberDiff line change
@@ -133,6 +133,73 @@ if ``ip``, ``port``, ``host`` or ``method`` are not specified for an entry, that
133133
:ref:`Deny access in PHP code <security-securing-controller>` if you want
134134
to disallow access based on ``$_GET`` parameter values.
135135

136+
.. versionadded:: 5.2
137+
138+
Environment variables can be used to pass comma separated ip addresses
139+
(as a single value or as one of array values):
140+
141+
.. configuration-block::
142+
143+
.. code-block:: yaml
144+
145+
# config/packages/security.yaml
146+
parameters:
147+
env(TRUSTED_IPS): '10.0.0.1, 10.0.0.2'
148+
security:
149+
# ...
150+
access_control:
151+
- { path: '^/admin', ips: '%env(TRUSTED_IPS)%' }
152+
- { path: '^/admin', ips: [127.0.0.1, ::1, '%env(TRUSTED_IPS)%'] }
153+
154+
.. code-block:: xml
155+
156+
<!-- config/packages/security.xml -->
157+
<?xml version="1.0" encoding="UTF-8"?>
158+
<srv:container xmlns="http://symfony.com/schema/dic/security"
159+
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
160+
xmlns:srv="http://symfony.com/schema/dic/services"
161+
xsi:schemaLocation="http://symfony.com/schema/dic/services
162+
https://symfony.com/schema/dic/services/services-1.0.xsd
163+
http://symfony.com/schema/dic/security
164+
https://symfony.com/schema/dic/security/security-1.0.xsd">
165+
166+
<parameters>
167+
<parameter key="env(TRUSTED_IPS)">10.0.0.1, 10.0.0.2</parameter>
168+
</parameters>
169+
170+
<config>
171+
<!-- ... -->
172+
<rule path="^/admin" ip="%env(TRUSTED_IPS)%"/>
173+
<rule path="^/admin">
174+
<ip>127.0.0.1</ip>
175+
<ip>::1</ip>
176+
<ip>%env(TRUSTED_IPS)%</ip>
177+
</rule>
178+
</config>
179+
</srv:container>
180+
181+
.. code-block:: php
182+
183+
// config/packages/security.php
184+
$container->setParameter('env(TRUSTED_IPS)', '10.0.0.1, 10.0.0.2');
185+
$container->loadFromExtension('security', [
186+
// ...
187+
'access_control' => [
188+
[
189+
'path' => '^/admin',
190+
'ips' => '%env(TRUSTED_IPS)%',
191+
],
192+
[
193+
'path' => '^/admin',
194+
'ips' => [
195+
'127.0.0.1',
196+
'::1',
197+
'%env(TRUSTED_IPS)%',
198+
],
199+
],
200+
],
201+
]);
202+
136203
.. _security-access-control-enforcement-options:
137204

138205
2. Access Enforcement

0 commit comments

Comments
 (0)