@@ -23,7 +23,7 @@ access control should be used on this request. The following ``access_control``
2323options are used for matching:
2424
2525* ``path ``
26- * ``ip `` or ``ips ``
26+ * ``ip `` or ``ips `` (netmask is supported)
2727* ``host ``
2828* ``methods ``
2929
@@ -176,7 +176,7 @@ pattern so that it is only accessible by requests from the local server itself:
176176 # ...
177177 access_control :
178178 #
179- - { path: ^/internal, roles: IS_AUTHENTICATED_ANONYMOUSLY, ips: [127.0.0.1, ::1] }
179+ - { path: ^/internal, roles: IS_AUTHENTICATED_ANONYMOUSLY, ips: [127.0.0.1, ::1, 192.168.0.1/24 ] }
180180 - { path: ^/internal, roles: ROLE_NO_ACCESS }
181181
182182code-block :: xml
@@ -193,7 +193,7 @@ pattern so that it is only accessible by requests from the local server itself:
193193 <!-- ... -->
194194 <rule path =" ^/internal"
195195 role =" IS_AUTHENTICATED_ANONYMOUSLY"
196- ips =" 127.0.0.1, ::1"
196+ ips =" 127.0.0.1, ::1, 192.168.0.1/24 "
197197 />
198198
199199 <rule path =" ^/internal" role =" ROLE_NO_ACCESS"
@@ -209,7 +209,7 @@ pattern so that it is only accessible by requests from the local server itself:
209209 array(
210210 'path' => '^/internal',
211211 'role' => 'IS_AUTHENTICATED_ANONYMOUSLY',
212- 'ips' => '127.0.0.1, ::1',
212+ 'ips' => '127.0.0.1, ::1, 192.168.0.1/24 ',
213213 ),
214214 array(
215215 'path' => '^/internal',
@@ -239,6 +239,8 @@ address):
239239
240240* The second access rule is not examined as the first rule matched.
241241
242+ IP netmask is supported. You can write ``ip `` or ``ips `` with ``192.168.0.1/24 `` or ``192.168.0.1/32 ``.
243+
242244.. _security-allow-if :
243245
244246Securing by an Expression
0 commit comments