What is Symfony?
Get started
Documentation
Community
Services
News

Latest News

Symfony 2.0.14 released

by Fabien Potencier – May 18, 2012

What happened last week in Symfony?

This week, Symfony 2.1 updated its minimum required PHP version to 5.3.3, which contains a lot of bug fixes. Meanwhile, Dependency Injection and Session were the most active components in the repository.

Upcoming Events

The Symfony Community organizes events all over the world on a regular basis. Here are the next ones.

France, Paris — Symfony Live Paris 2012

from June 06, 2012 to June 09, 2012

Spain, Castellón — deSymfony 2012

from June 15, 2012 to June 16, 2012

Brazil, Belo Horizonte — sfcon 2012

on June 23, 2012, from 08:00 to 18:00

United Kingdom, London — Symfony2 Lightning Talks - London

on June 28, 2012, from 19:00 to 22:00
About

Questions & Feedback

Found a typo or an error?
Open a ticket.

Need support or have a technical question?
Post to the user mailing-list.

This work is licensed under a
Creative Commons
Attribution-Share Alike 3.0
Unported License.

Master Symfony2 fundamentals

Be trained by SensioLabs experts (2 to 6 day sessions -- French or English).

trainings.sensiolabs.com

Symfony hosting done right

ServerGrove, outstanding support at the right price for your Symfony hosting needs.

servergrove.com

L'audit Qualité par SensioLabs

200 points de contrôle de votre applicatif web.

audit.sensiolabs.com

2.0 version

master version

Italian

How to force HTTPS or HTTP for Different URLs

How to force HTTPS or HTTP for Different URLs¶

You can force areas of your site to use the HTTPS protocol in the security config. This is done through the access_control rules using the requires_channel option. For example, if you want to force all URLs starting with /secure to use HTTPS then you could use the following config:

YAML

access_control:
    - path: ^/secure
      roles: ROLE_ADMIN
      requires_channel: https

XML

<access-control>
    <rule path="^/secure" role="ROLE_ADMIN" requires_channel="https" />
</access-control>

PHP

'access_control' => array(
    array('path' => '^/secure',
          'role' => 'ROLE_ADMIN',
          'requires_channel' => 'https'
    ),
),

The login form itself needs to allow anonymous access otherwise users will be unable to authenticate. To force it to use HTTPS you can still use access_control rules by using the IS_AUTHENTICATED_ANONYMOUSLY role:

YAML

access_control:
    - path: ^/login
      roles: IS_AUTHENTICATED_ANONYMOUSLY
      requires_channel: https

XML

<access-control>
    <rule path="^/login"
          role="IS_AUTHENTICATED_ANONYMOUSLY"
          requires_channel="https" />
</access-control>

PHP

'access_control' => array(
    array('path' => '^/login',
          'role' => 'IS_AUTHENTICATED_ANONYMOUSLY',
          'requires_channel' => 'https'
    ),
),

It is also possible to specify using HTTPS in the routing configuration see How to force routes to always use HTTPS or HTTP for more details.

NEWS FROM THE BLOG

Visit Symfony's blog

IN THE NEWS

Announcing the next Symfony Live Conference 2012 in Paris - June 6-9

UPCOMING TRAINING SESSIONS

View all sessions

Latest News

Symfony 2.0.14 released

What happened last week in Symfony?

Upcoming Events

France, Paris — Symfony Live Paris 2012

Spain, Castellón — deSymfony 2012

Brazil, Belo Horizonte — sfcon 2012

United Kingdom, London — Symfony2 Lightning Talks - London

Questions & Feedback

Master Symfony2 fundamentals

Symfony hosting done right

L'audit Qualité par SensioLabs

How to force HTTPS or HTTP for Different URLs

How to force HTTPS or HTTP for Different URLs¶

NEWS FROM THE BLOG

Symfony 2.0.14 released
May 18, 2012

Symfony Community Survey 2012
May 14, 2012

Symfony Live Paris 2012: Some great news
May 07, 2012

IN THE NEWS

Announcing the next Symfony Live Conference 2012 in Paris - June 6-9

UPCOMING TRAINING SESSIONS

is a trademark of Fabien Potencier. All rights reserved.

What is Symfony?

Get Started

Learn Symfony

Marketplace

Community

Services

Blog

About