TechQA.

Securing APIs by IP address - API Platform & Symfony

66 views Asked by At

I've got my API made with API platform and Symfony but I'm having problems securing my endpoints. I have my documentation on the basic URL: api.domaine.com and access points: /articles/stocks for example. I have this in my security file:

access_control:
        - { path: ^/$, roles: PUBLIC_ACCESS }
        - { path: ^/*, roles: IS_AUTHENTICATED_ANONYMOUSLY, ips: [ 109.239.112.139, 45.10.152.49 ] }

For the documentation, it works well, and my endpoints are all open even with IP restriction. I can't understand why my endpoints are open even with the IPS rules.

Do you have an idea?

I tried to work with the roles like this:

access_control:
        - { path: ^/$, roles: PUBLIC_ACCESS }
        - { path: ^/*, roles: ROLE_IP_USER, ips: [ 109.239.112.139, 45.10.152.49 ] }

and I have also tried this in my entities :

#[ApiResource(
    operations: [
        new Get(),
        new GetCollection(),
    ],
    order: ['createdAt' => 'DESC'],
    paginationClientItemsPerPage: true,
    paginationItemsPerPage: 30,
    security: 'is_granted(\'ROLE_IP_USER\')'
)]
symfony security api-platform.com ips
Original Q&A
0

There are 0 answers

Related Questions in SYMFONY

Related Questions in SECURITY

Related Questions in API-PLATFORM.COM

Related Questions in IPS

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions