-1

I have developed a symfony2 project. I want to make this project password protected during testing and development. In other words, I want to make the project password protected until it is completely tested, and it has been published. Is there some way to do this? Please help. Thanks in advance.

frumious
  • 1,567
  • 15
  • 25
Muhammad Shaaban
  • 79
  • 2
  • 10
  • You mean you dont want people to access your website until its ready? – Rafał Cz. Nov 29 '16 at 06:14
  • yes. Actually it have different user type and admin which already are secure. But I want this security At upper level of all other security even public area. – Muhammad Shaaban Nov 29 '16 at 06:18
  • How do you want authentication to work? LDAP, database or by what means? – Alvin Bunk Nov 29 '16 at 06:20
  • It could be any simple type. Even hard coded to simple file or in security.yml in side symfony. – Muhammad Shaaban Nov 29 '16 at 06:23
  • 1
    TIP: if you post the same question after 4 hours because you don't have the knowledge to resolve this simple problem, maybe is better if you consider to hire a developer to check also the project that you've "developed". – gp_sflover Nov 29 '16 at 14:34

3 Answers3

2

If i understood right what you want to achieve is to block users other than authorized from accessing your site. You can achieve this with simple htaccess password protection.

It works by uploading two files called .htaccess and .htpasswd in the directory you want to password protect. The .htaccess file should contain:

AuthType Basic
AuthName "Password Protected Area"
AuthUserFile /path/to/.htpasswd
Require valid-user

You only need to change “/path/to/.htpasswd” with the full path to your .htpasswd.

The .htpasswd file should contain:

test:dGRkPurkuWmW2

The above code will allow the user “test” to access the password proteced area with the password “test”. The text “dGRkPurkuWmW2″ is a encrypted version of the password. You will need to use a htpasswd generator to create another password. Each line in the .htpasswd file contains a username and password combination, so feel free to add as many combinations as you like.

Password generator: http://www.htaccesstools.com/htpasswd-generator/

Source: http://www.htaccesstools.com/articles/password-protection/

For symfony2 project your new .htaccess file should be created in web directory:

project/
 -web/
Rafał Cz.
  • 735
  • 9
  • 19
  • give me idea little bit about full pat. How it should appear like in finnal – Muhammad Shaaban Nov 29 '16 at 06:27
  • Result should be two files: .htaccess and .htpasswd in the same directory where index.php file is. – Rafał Cz. Nov 29 '16 at 06:29
  • so final path for .htpasswd will be ./.htpasswd. Am I right? I already have .htaccess in my root as symfony required this to generate links. – Muhammad Shaaban Nov 29 '16 at 06:38
  • I think that for symfony project you need to create new .htaccess in /web directory. Then create .htpasswd in same directory, finding path will be easy afterwards. – Rafał Cz. Nov 29 '16 at 06:44
  • Im pretty sure it works with symfony aswell as with other frameworks. Are you sure you have correct path to .htpasswd? You can read more about it here http://stackoverflow.com/questions/39021233/symfony2-simple-htaccess-password-protect-for-dev-purpose. What is making you think it doesnt work? – Rafał Cz. Nov 29 '16 at 06:59
2

You can easily configure the Security component differently for each environment. Just open up the appropriate config file, for example config_dev.yml and add/overwrite the appropriate security configuration, for example:

security:
    providers:
        my_provider:
            memory:
                users:
                    foo: { password: foo, roles: ROLE_USER }
    firewalls:
        your_firewall_name:
            http_basic: ~
Gerry
  • 6,012
  • 21
  • 33
1

What I do usually to setup dev environments is to use a subdomain that is "private". By private I mean that there is no DNS record pointing to it. I add a line to my hosts file to make it reachable by my computer. If I need to expose it to external apis ( payment gateways responses for example ) then I create the DNS record but I configure the firewall to accept only certain ip addresses.

Take in mind that if you use any kind of authentication these kind of services( PayPal, credit card payment gateways... ) will not be able to connect to your site so you will not be able to test them.

Carlos
  • 1,411
  • 15
  • 21
  • 1
    Not having a DNS record hardly "secures" anything, so I would not advice this approach. – Gerry Nov 29 '16 at 14:20
  • I agree with you. My proposal is focused on having a usable pseudo private develop environment. – Carlos Nov 29 '16 at 14:59