From 2b46edbc3c9d2f5add2550748ce0ff70adbdd635 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Brz=C3=A1k?= Date: Mon, 26 Feb 2018 13:08:50 +0100 Subject: [PATCH] Update access_control.rst Extend documentation with IP netmask --- security/access_control.rst | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/security/access_control.rst b/security/access_control.rst index 15147f73970..c8d5fd4fd1f 100644 --- a/security/access_control.rst +++ b/security/access_control.rst @@ -23,7 +23,7 @@ access control should be used on this request. The following ``access_control`` options are used for matching: * ``path`` -* ``ip`` or ``ips`` +* ``ip`` or ``ips`` (netmask is supported) * ``host`` * ``methods`` @@ -176,7 +176,7 @@ pattern so that it is only accessible by requests from the local server itself: # ... access_control: # - - { path: ^/internal, roles: IS_AUTHENTICATED_ANONYMOUSLY, ips: [127.0.0.1, ::1] } + - { path: ^/internal, roles: IS_AUTHENTICATED_ANONYMOUSLY, ips: [127.0.0.1, ::1, 192.168.0.1/24] } - { path: ^/internal, roles: ROLE_NO_ACCESS } .. code-block:: xml @@ -193,7 +193,7 @@ pattern so that it is only accessible by requests from the local server itself: @@ -209,7 +209,7 @@ pattern so that it is only accessible by requests from the local server itself: array( 'path' => '^/internal', 'role' => 'IS_AUTHENTICATED_ANONYMOUSLY', - 'ips' => '127.0.0.1, ::1', + 'ips' => '127.0.0.1, ::1, 192.168.0.1/24', ), array( 'path' => '^/internal', @@ -239,6 +239,8 @@ address): * The second access rule is not examined as the first rule matched. +IP netmask is supported. You can write ``ip`` or ``ips`` with ``192.168.0.1/24`` or ``192.168.0.1/32``. + .. _security-allow-if: Securing by an Expression