开发者

How to implement SSL in symfony 1.4?

开发者 https://www.devze.com 2023-04-12 04:20 出处:网络
Currently our project is not having any SSL Security. All of the URLs in the project can be accessed by urls like http://www.something.com.

Currently our project is not having any SSL Security. All of the URLs in the project can be accessed by urls like http://www.something.com.

Now we want开发者_高级运维 to change the same to https://www.something.com.

Also, we have created some webservices which are returning Json data. These webservices are accessed thorugh the urls on mobile devices such as Apple iphone and Blackberry. Urls for the webservices begin with http://

Now we also want to secure the same in such a way that these webservices now can be accessed only through https protocol like https://


If you want to use HTTPS you have to setup your Apache to do so. There are many articles describing how can you do it on Ubuntu. Try searching "ubuntu setup ssl apache2" or so.

Example: http://www.linode.com/wiki/index.php/Apache2_SSL_in_Ubuntu

In few words: you have to create a new NameVirtualHost entry in your Apache configuration, and make it listen to port 443 (default https port) and setup a certification. If your website is a public website then I suppose you don't want a self signed certification (the browser will tell the user that the certification is signed by the server itself, therefore it cannot be trusted). Look for an SSL certification on the net, I have used Verisign for one of my projects. There shouldn't be any big differences between certifications, users normally not aware of what is happening under the hood, although I would suggest to buy it from a more well known name (users might like it better).

Symfony is not responsible handling your requests on HTTPS level, if your webserver is configured properly, the request comes through HTTPS and it will load PHP and Symfony to generate the response and send it back through HTTPS. What Symfony can do for you is to redirect pages between the http to the https site, if you wanted to (or wanted to limit some pages, like everything is unsecure except the login, register and change password pages). Unfortunately I don't know any good plugin to solve this, but basically you have to write a filter that triggers on any request, just before the request handling module/action is being processed.

This source looks to be good: http://blog.tigregroup.com/programming/creating-an-ssl-redirect-filter-in-symfony/

hth


Hej,

write this in your .htaccess and it works.

RewriteEngine On
RewriteCond %{SERVER_PORT}  !^443$
RewriteRule ^.*$    https://%{SERVER_NAME}%{REQUEST_URI}    [R=301,L]


There are two plugin for use:

sfSslRequirementPlugin : "Provides SSL encryption support for actions" and sfSslRequirementExtraPlugin: "Enhance your application security, using ssl protocol only when needed, via a fully parametrized architecture. This plugin is based on sfSslRequirementPlugin, adding new capabilities."

0

精彩评论

暂无评论...
验证码 换一张
取 消