2

I just bought some shared hosting (OVH.com - PHP 5.6.21) to host a Symfony 3 project (version 3.1.3).

When uploading the config.php file of Symfony on the server, it only displays 2 recommandation messages to improve the site speed, but nothing that could prevent the site from working. So, the hosting seems good enough to run this project properly.

I sent all the files and folders on the server, but when I try to reach the app_dev.php page, I have this error message :

You are not allowed to access this file. Check app_dev.php for more information.

I know I have to add my IP addresss to the allowed IPs array in the app_dev.php file, so here's what I did (XXX.XXX.XXX.XXX being my IP address) : 

if (isset($_SERVER['HTTP_CLIENT_IP'])
    || isset($_SERVER['HTTP_X_FORWARDED_FOR'])
    || !(in_array(@$_SERVER['REMOTE_ADDR'], ['127.0.0.1', 'XXX.XXX.XXX.XXX', 'fe80::1', '::1']) || php_sapi_name() === 'cli-server')
) {
    header('HTTP/1.0 403 Forbidden');
    exit('You are not allowed to access this file. Check '.basename(__FILE__).' for more information.');
}

I tried different things to see where the problem could come from :

  • remove the !(in_array) part from the condition => Error 500
  • remove the whole condition block => I can reach the site (even if there are still some MySQL related errors)

The var/logs/dev.log file is totally empty, even if the rights are 777.

If you have any idea about where the problem might come from, i'd be glad if you could help me.

Thanks in advance for your help !

PS : when I try to reach the prod environment (app.php), i get an error 500, but the var/logs/prod.log file contains lines about MySQL errors... so i guess this is fine.

Improve this question
4
  • for a starter; dump each part of your if condition to see what is failing, or try one condition at a time Commented Aug 17, 2016 at 11:34
  • Thanks. It seems the problem is from the $_SERVER['HTTP_X_FORWARDED_FOR'] condition. Not sure of the consequences if i remove it. Commented Aug 17, 2016 at 11:51
  • Are you still getting 500 errors in PROD even with @Gerry 's answer? The above configuration looks correct for allowing DEV access. Commented Aug 17, 2016 at 16:16
  • Thank you, no more errors, everything is working fine now (but i still can't access the dev, because of the HTTP_X_FORWARDED_FOR condition) Commented Aug 18, 2016 at 10:18

1 Answer 1

Reset to default
7

Reading the code you know exactly what the problem is :) Or at least, it can be one of 2 reasons:

  • Your request contains a Client-IP or X-Forwarded-For header, which may be set by a reverse proxy (like Varnish) installed before your website.
  • You are not configuring the right IP address.

Regardless the actual cause, it's advisable to NOT open up your app_dev.php front controller on your production server. Development should be done on your local machine. Tampering with this check might accidentally open up the development environment to the outside world.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

I know i shouldn't be using the app_dev.php in production, but that's the first time i try putting a Symfony project in prod. Everything is working fine in my local machine, so i wanted to be sure that it was the same in the distant machine. It seems the problem is from the $_SERVER['HTTP_X_FORWARDED_FOR'] condition. Not sure of the consequences if i remove it.
In case there is a proxy (which seems to be the case), REMOTE_ADDR would normally contain the IP address of the proxy server, not your own public IP address. Why exactly do you want to use the dev environment on production?
I just wanted to be sure that everything on the production was like my local machine : working in both prod and dev environments.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.