如何防止调试工具栏出现在prod环境中

时间:2010-11-02 12:44:59

标签: symfony1

我最近部署了一个Symfony 1.3.6网站。我已选择在服务器上保留frontend_dev.php,因此我可以在绝对需要时在本地计算机上进行调试。

我像这样修改了frontend_dev.php:

<?php

require_once(dirname(__FILE__).'/../config/ProjectConfiguration.class.php');

$configuration = ProjectConfiguration::getApplicationConfiguration('frontend', 'dev', true);

// this check prevents access to debug front controllers that are deployed by accident to production servers.
// feel free to remove this, extend it or make something more sophisticated.
if (!in_array(@$_SERVER['REMOTE_ADDR'], array('127.0.0.1', '::1')))
{
    //in case something screwy happens ...
    try
    {
       // die('You are not allowed to access this file. Check '.basename(__FILE__).' for more information.');
       sfContext::createInstance($configuration)->getController()->forward('security', 'error404');
       exit();
    }
    catch(Exception $e)
    {
        //if we got here, all bets are off anyway, just go away ....
        exit();
    }
}

sfContext::createInstance($configuration)->dispatch();

我正在做的是将请求定向到404错误页面。但是,当我输入http://www.mywebsite.com/frontend_dev.php/some_valid_url.html

时,我注意到了

我被引导到404页面(正如我想的那样) - 但是显示了调试工具栏 - 显然存在安全风险。从非本地计算机访问开发控制器时,禁用工具栏的最佳方法是什么?

我考虑将检查代码放在error404操作中,然后在需要时禁用调试工具栏,但我不确定这是否是最合适的方法。

这种情况下的最佳做法是什么?

3 个答案:

答案 0 :(得分:8)

sfConfig::set('sf_web_debug', false);

答案 1 :(得分:5)

您是不是只想在settings.yml文件中将其关闭?

dev:
  .settings:
    web_debug: false

答案 2 :(得分:2)

您正在启用调试的开环环境中初始化配置。尝试类似:

// this check prevents access to debug front controllers that are deployed by accident to production servers.
// feel free to remove this, extend it or make something more sophisticated.
if (!in_array(@$_SERVER['REMOTE_ADDR'], array('127.0.0.1', '::1')))
{
    //in case something screwy happens ...
    try
    {
       // die('You are not allowed to access this file. Check '.basename(__FILE__).' for more information.');
       $configuration = ProjectConfiguration::getApplicationConfiguration('frontend', 'prod', false);

       sfContext::createInstance($configuration)->getController()->forward('security', 'error404');
       exit();
    }
    catch(Exception $e)
    {
        //if we got here, all bets are off anyway, just go away ....
        exit();
    }
}
else
{
  $configuration = ProjectConfiguration::getApplicationConfiguration('frontend', 'dev', true);
  sfContext::createInstance($configuration)->dispatch();
}
相关问题
最新问题