Prevent URL access to the "app" directory in Symfony 3.3

Question

Prevent URL access to the "app" directory in Symfony 3.3

Navigation

#1 by (0 votes)
#2 by (0 votes)

0

I have been with Symfony for a short time and I am developing an application.

Everything works perfectly but I realized that I can access the configuration files located in "app / config" just by putting the path in the browser (for example, putting link ).

In the "security.yml" itself, I have access control defined by users in this way:

firewalls:
    dev:
        pattern: ^/(_(profiler|wdt)|css|images|js)/
        security: false

    main:
        anonymous: ~
        provider: our_db_provider
        form_login:
            login_path: /login
            check_path: /login_check
            default_target_path: /panel
            target_path_parameter: /panel
        logout:
            path: /logout
            target: /login

access_control:
        - { path: ^/langAdmin, roles: ROLE_ADMIN, requires_channel: https }
        - { path: ^/config, roles: ROLE_ADMIN, requires_channel: https }
        - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
        - { path: ^/$, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
        - { path: ^/, roles: IS_AUTHENTICATED_FULLY, requires_channel: https }

All this works. It does not allow unregistered users to enter, and in the defined zones that start with "langAdmin" and "config" it only lets administrators enter.

I have tried both in DEV environment and in PROD environment and the same thing happens.

How can I protect the files located inside "app"?

Thank you.

symfony3 symfony

asked by Angainor 11.01.2018 в 12:41

source

2 answers

Because when I search by name does not find the name inside the ArrayList? I try to modify a data in SQLite from a custom ListView item but they are all changed when modifying one

score 0 · Answer 1

This is because you are currently working in local, when you upload it to a production server, you must configure the url of your web to the web folder and not to the folder that you point now (usually htdocs or public_html or something in that line )

That is, your url when pointing to the symfony web folder will not allow access to any of the folders that are at the level of the web folder and will be protected. That's why it's important to put your images, css, etc in the web folder when you're creating your project.

score 0 · Answer 2

I think I know what your problem is, it has to do with the configuration of your local server, you do not explain anything about it but I'm almost 100% that what happens is that the rules that are configured in Apache / Nginx are wrong, I leave a link with examples of official documentation:

link

They are only in English.

Greetings,