Home/ Questions/Q 7867907
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-03T00:50:07+00:00

I’m using the Symfony 2 php framework, which has a couple of different usage

  • 0

I’m using the Symfony 2 php framework, which has a couple of different usage environments: development, production and test. The app.php front controller accesses the production environment and the app_dev.php front controller accesses the development environment. Can anyone familiar with Symfony advise what is the best way to restrict the development environment to developers? I don’t want the development version of my web application to be viewable by users of my site, they should be restricted to using the production environment.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Well, out of the box, the standard distribution has an IP-based guard check at the top of the dev controller.

    // This check prevents access to debug front controllers that are deployed by accident to production servers.
// Feel free to remove this, extend it, or make something more sophisticated.
if (isset($_SERVER['HTTP_CLIENT_IP'])
    || isset($_SERVER['HTTP_X_FORWARDED_FOR'])
    || !in_array(@$_SERVER['REMOTE_ADDR'], array(
        '127.0.0.1',
        '::1',
    ))
) {
    header('HTTP/1.0 403 Forbidden');
    exit('You are not allowed to access this file. Check '.basename(__FILE__).' for more information.');
}

    However, as the comments indicate, you aren’t beholden to that approach. For example, if you’re running Apache, you can add basic HTTP Authentication to the dev and test controllers.

    • 0