I have recently deployed a Symfony 1.3.6 website. I have chosen to keep frontend_dev.php on the server, so I can debug on the local machine when absolutely required.
I modified frontend_dev.php like this:
<?php
require_once(dirname(__FILE__).'/../config/ProjectConfiguration.class.php');
$configuration = ProjectConfiguration::getApplicationConfiguration('frontend', 'dev', true);
// this check prevents access to debug front controllers that are deployed by accident to production servers.
// feel free to remove this, extend it or make something more sophisticated.
if (!in_array(@$_SERVER['REMOTE_ADDR'], array('127.0.0.1', '::1')))
{
//in case something screwy happens ...
try
{
// die('You are not allowed to access this file. Check '.basename(__FILE__).' for more information.');
sfContext::createInstance($configuration)->getController()->forward('security', 'error404');
exit();
}
catch(Exception $e)
{
//if we got here, all bets are off anyway, just go away ....
exit();
}
}
sfContext::createInstance($configuration)->dispatch();
What I was doing was to direct the request to a 404 error page. However, I notice that when I typed in http://www.mywebsite.com/frontend_dev.php/some_valid_url.html
I was directed to the 404 page (as I wanted) - BUT the debug toolbar was shown - ehich is obviously a security risk. What is the best way to disable the toolbar when the dev controller is accessed from a non-local machine?
I thought of putting checking code in the error404 action, and then disabling the debug toolbar as and when needed, but I am not sure if this is the most symfonic way to do it.
Whats the best practice in this instance?
