Restrict IP address to admin site


#1

Hi all,

I’m trying to apply an IP restriction to admin site. Ex: only ip 1.2.3.4 can access admin site.
I tried below setting in securiy.yml but it does not work:

access_control:
- { path: ^/admin/, role: IS_AUTHENTICATED_ANONYMOUSLY, ips: [1.2.3.4] }
- { path: ^/admin/, role: ROLE_ADMIN }

Please help.
Thanks.


#2

Why don’t you try it with an htaccess rule?


#3

i need it easy for maintenance then i put it there
thanks @scrummer for your point. i’m going to try it.


#4

Just force the use of 2 Factor Auth. It’s way better and more secure. Maybe add htaccess also.