stackoom
  简体   繁体   中英

Symfony 2: protect login page and administrator with ip

 原文  2013-09-10 21:01:56       php/ security/ symfony

Question

I would like to protect my administrator folder like this: 

access_control:
    - { path: ^/administrator/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY, ip: myip }
    - { path: ^/administrator, roles: ROLE_SUPER_ADMIN, ip: myip }
    - { path: ^/administrator, roles: ROLE_NO_ACCESS }

when accessing the administrator folder from another ip address it throws me to the login page and reports a redirect loop. Can someone explain me why don't i get an Access forbidden error instead of the redirect loop error?

1 answers

solution1
 1 ACCPTED  2013-09-10 21:29:27

Your login is also secured with your ip requirement, so an access denied error you get redirect to the login page, but you get an acces denied too, redirect to the same page, access denied, redirect, and so on.

Remove the IP requirement from your login page.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to login to the Administrator page in PHP how to protect Symfony login against timing attacks? Hacked Joomla 3.1 administrator login page Include Wordpress Login Form into a Page to protect it How to protect files with .htaccess and a login page? Symfony + Angular: redirect to login page Problem to login in a page with GuzzleHTTP ( Symfony ) symfony route redirecting to login page Symfony security redirect to login page Protect Plesk login page from search engine eyes
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM