Before deploying my website (running on Symfony 2.7) on the production server, I do it on a development server (but in prod
environment too). As I don't want anybody to see it, I would like to secure it with a simple HTTP Basic Authentication.
I've seen that I can add a host parameter to a firewall so that it only applies when the site is run on a given host. It looks like this could help me here, but as I understand it I would have to duplicate my firewall, which is not so interesting (DRY):
firewalls:
main:
host: www\.mysite\.com
pattern: ^/
form_login:
// ...
logout:
// ...
anonymous: true
remember_me:
key: %secret%
main_dev:
host: dev\.mysite\.com
http_basic: true
// paste here the exact same content as in `main`
Is there a solution that doesn't involve maintaining two identical firewalls?
I propose to use two different configuration files, see: http://symfony.com/doc/current/cookbook/configuration/configuration_organization.html
So having a security.yml and a security_dev.yml -> all your stages use security.yml and only in dev you have your additional/different parameter loaded.