@@ -93,11 +93,10 @@ Take the following ``access_control`` entries as an example:
93
93
]);
94
94
95
95
For each incoming request, Symfony will decide which ``access_control ``
96
- to use based on the URI (without the ``GET `` parameters), the
97
- client's IP address, the incoming host name, and the request method.
98
- Remember, the first rule that matches is used, and if ``ips ``, ``host ``
99
- or ``methods `` are not specified for an entry, that ``access_control ``
100
- will match any ``ips ``, ``host `` or ``methods ``:
96
+ to use based on the URI, the client's IP address, the incoming host name, and
97
+ the request method. Remember, the first rule that matches is used, and if
98
+ ``ips ``, ``host `` or ``methods `` are not specified for an entry, that
99
+ ``access_control `` will match any ``ips ``, ``host `` or ``methods ``:
101
100
102
101
+-----------------+-------------+-------------+------------+--------------------------------+-------------------------------------------------------------+
103
102
| URI | IP | HOST | METHOD | ``access_control `` | Why? |
@@ -127,6 +126,12 @@ will match any ``ips``, ``host`` or ``methods``:
127
126
| | | | | | URI doesn't match any of the ``path `` values. |
128
127
+-----------------+-------------+-------------+------------+--------------------------------+-------------------------------------------------------------+
129
128
129
+ .. caution ::
130
+
131
+ Matching the URI is done without ``$_GET `` parameters.
132
+ :ref: `Deny access in PHP code <security-securing-controller >` if you want
133
+ to disallow access based on ``$_GET `` parameter values.
134
+
130
135
.. _security-access-control-enforcement-options :
131
136
132
137
2. Access Enforcement
0 commit comments