From db9c5c4c6af45c947e7a7f7d185a8ebc4303857f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Brz=C3=A1k?= Date: Mon, 26 Feb 2018 12:53:32 +0100 Subject: [PATCH 1/2] Update access_control.rst Extend documentation with IP range --- security/access_control.rst | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/security/access_control.rst b/security/access_control.rst index 2bbedd6781b..1034c63006b 100644 --- a/security/access_control.rst +++ b/security/access_control.rst @@ -23,7 +23,7 @@ access control should be used on this request. The following ``access_control`` options are used for matching: * ``path`` -* ``ip`` or ``ips`` +* ``ip`` or ``ips`` (IP range is supported) * ``host`` * ``methods`` @@ -176,7 +176,7 @@ pattern so that it is only accessible by requests from the local server itself: # ... access_control: # - - { path: ^/internal, roles: IS_AUTHENTICATED_ANONYMOUSLY, ips: [127.0.0.1, ::1] } + - { path: ^/internal, roles: IS_AUTHENTICATED_ANONYMOUSLY, ips: [127.0.0.1, ::1, 127.0.0.1/24] } - { path: ^/internal, roles: ROLE_NO_ACCESS } .. code-block:: xml @@ -193,7 +193,7 @@ pattern so that it is only accessible by requests from the local server itself: @@ -209,7 +209,7 @@ pattern so that it is only accessible by requests from the local server itself: array( 'path' => '^/internal', 'role' => 'IS_AUTHENTICATED_ANONYMOUSLY', - 'ips' => '127.0.0.1, ::1', + 'ips' => '127.0.0.1, ::1, 127.0.0.1/24', ), array( 'path' => '^/internal', @@ -239,6 +239,8 @@ address): * The second access rule is not examined as the first rule matched. +IP range is supported. You can write ``ip`` or ``ips`` with gateway submask like ``127.0.0.1/24`` or ``127.0.0.1/32``. + .. _security-allow-if: Securing by an Expression From 2484d88889c887b100c3841cf7ab45fd2f447447 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Brz=C3=A1k?= Date: Mon, 26 Feb 2018 13:02:57 +0100 Subject: [PATCH 2/2] Update access_control.rst Fix IP range to IP netmask --- security/access_control.rst | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/security/access_control.rst b/security/access_control.rst index 1034c63006b..1f9bd15eacc 100644 --- a/security/access_control.rst +++ b/security/access_control.rst @@ -23,7 +23,7 @@ access control should be used on this request. The following ``access_control`` options are used for matching: * ``path`` -* ``ip`` or ``ips`` (IP range is supported) +* ``ip`` or ``ips`` (netmask is supported) * ``host`` * ``methods`` @@ -176,7 +176,7 @@ pattern so that it is only accessible by requests from the local server itself: # ... access_control: # - - { path: ^/internal, roles: IS_AUTHENTICATED_ANONYMOUSLY, ips: [127.0.0.1, ::1, 127.0.0.1/24] } + - { path: ^/internal, roles: IS_AUTHENTICATED_ANONYMOUSLY, ips: [127.0.0.1, ::1, 192.168.0.1/24] } - { path: ^/internal, roles: ROLE_NO_ACCESS } .. code-block:: xml @@ -193,7 +193,7 @@ pattern so that it is only accessible by requests from the local server itself: @@ -209,7 +209,7 @@ pattern so that it is only accessible by requests from the local server itself: array( 'path' => '^/internal', 'role' => 'IS_AUTHENTICATED_ANONYMOUSLY', - 'ips' => '127.0.0.1, ::1, 127.0.0.1/24', + 'ips' => '127.0.0.1, ::1, 192.168.0.1/24', ), array( 'path' => '^/internal', @@ -239,7 +239,7 @@ address): * The second access rule is not examined as the first rule matched. -IP range is supported. You can write ``ip`` or ``ips`` with gateway submask like ``127.0.0.1/24`` or ``127.0.0.1/32``. +IP netmask is supported. You can write ``ip`` or ``ips`` with ``192.168.0.1/24`` or ``192.168.0.1/32``. .. _security-allow-if: