Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
Sergey2016-06-29 10:54:55
symfony
Sergey, 2016-06-29 10:54:55

How to close the site admin?

Good day!
Faced with the need to close access to the site admin panel on symphony. It is entered from the page using a login-password, but you need to isolate it from unwanted people in principle.
At first I thought to use the standard htaccess tools, but the problem is that the login page looks like site.ru/login , and the admin panel site.ru/admin
Physically, these directories do not exist, so there is no way to put the htaccess file there.
Is there any way to solve this problem?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
B
BoShurik, 2016-06-29
@BoShurik

In order not to spread logic in different places and not be dependent on apache, I would use standard tools:
symfony.com/doc/2.0/book/security.html#basic-examp...

security:
    encoders:
        Symfony\Component\Security\Core\User\User: plaintext

    providers:
        admin:
            memory:
                users:
                    %admin_username%: # парметры admin_username и admin_password можно задавать в parameters.yml
                        password: %admin_password%
                        roles: 'ROLE_SYNC'

    firewalls:
        admin_area:
            provider: admin
            pattern:    ^/admin
            logout:
                path:   /admin/logout
                target: /admin
            http_basic: ~
            anonymous: false

    access_control:
        - { path: ^/admin/login, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/admin/administrator, role: IS_AUTHENTICATED_FULLY }
        - { path: ^/admin, role: IS_AUTHENTICATED_REMEMBERED }

Report
V
Viktor Taran, 2016-06-29
@shambler81

Denying access only to the private.zip file

<Files /admin/index.php> 
AuthType Basic 
AuthName "Private zone. Only for administrator!" 
AuthUserFile  /usr/host/mysite/.htpasswd 
require valid-user 
</Files>

Report
I
imhuman, 2016-06-29
@imhuman

php.net/manual/ru/features.http-auth.php
Take the second example as a sample and change it for yourself. Place the code at the beginning of index.php, as I understand it, everything goes through it. And set a condition so that this code works only when accessing the admin panel.

Similar questions
1
111ilya1112019-06-24 19:48:07
Authorized user and /login. how to redirect correctly? 2Reply
V
volia72019-06-26 11:21:39
How to set up api-platform filtering? 1Reply
G
grabbee2017-02-01 02:07:10
How to properly set link lifetime in REST Symfony? 0Reply
R
Roman Hinex2015-02-02 15:20:36
Symfony2: How to use doctrine in DependencyInjection Extension? 1Reply
M
Maxim Lagoysky2019-07-02 13:14:14
How to add violation for specific CollectionType element? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question