I would like to create a login form, and require https for all pages of my website.
My security.yml looks like this:
access_control:
#- { path: ^/, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/logout, roles: ROLE_USER }
It works, but if I remove the # sign from the beginnig of the first line, the authentication stops working. The security system does not intercept the request. I have many lines in my access_control, so it would be inpractical to define it for each page.
My main goal is: Require https for all pages. Each page should be only available for logged in users, except for login, index and a few
When Symfony read your access control, it takes the first path that match with the route called. So if you defined (as you did) the path ^/ (which match every routes) first, SF will just not read your login or logout access control. See this part of cookbook
If you want your website full https, I suggest to edit your nginx, apache config to redirect users who typed http to https :
# example with nginx
server {
listen 80;
server_name yourwebsite.com;
return 301 https://yourwebsite.com$request_uri;
}