我有一个使用Symfony 2.8构建的现有站点,我想通过仅在parameters.yml中将参数设置为true 时启用HTTP基本身份验证来添加额外的安全性。有可能吗?
该站点已启用表单登录,但是如果参数为true,我想使用基本身份验证完全隐藏该站点。
这是我的security.yml:
main:
pattern: .*
context: user
form_login:
provider: fos_userbundle
login_path: /user/login
use_forward: false
check_path: /user/login_check
failure_path: null
default_target_path: /
logout:
path: /user/logout
target: /user/login
anonymous: true
答案 0 :(得分:0)
由于我不想干扰现有的身份验证,所以我最终使用了Apache:
<VirtualHost *:80>
ServerName mysite.com
ServerAlias www.mysite.com
DocumentRoot /var/www/html/mysite/current/web
<Directory /var/www/html/mysite/current/web>
AllowOverride None
Order Allow,Deny
Allow from All
FallbackResource /app.php
# THIS IS THE INTERESTING PART
# --->
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
# <---
</Directory>
# uncomment the following lines if you install assets as symlinks
# or run into problems when compiling LESS/Sass/CoffeeScript assets
# <Directory /var/www/project>
# Options FollowSymlinks
# </Directory>
# optionally disable the fallback resource for the asset directories
# which will allow Apache to return a 404 error when files are
# not found instead of passing the request to Symfony
<Directory /var/www/html/mysite/current/web/bundles>
FallbackResource disabled
</Directory>
ErrorLog ${APACHE_LOG_DIR}/mysite_error.log
CustomLog ${APACHE_LOG_DIR}/mysite_access.log combined
</VirtualHost>
我使用以下命令创建了HTTP用户和密码:
sudo htpasswd -c /etc/apache2/.htpasswd stage
-c参数仅在您第一次创建文件时才在此处。