Currently our project is not having any SSL Security. All of the URLs in the project can be accessed by urls like http://www.something.com.
目前我们的项目没有任何SSL安全性。项目中的所有URL都可以通过http://www.something.com等网址访问。
Now we want to change the same to https://www.something.com.
现在我们要将其更改为https://www.something.com。
Also, we have created some webservices which are returning Json data. These webservices are accessed thorugh the urls on mobile devices such as Apple iphone and Blackberry. Urls for the webservices begin with http://
此外,我们已经创建了一些返回Json数据的Web服务。这些网络服务可以通过Apple iphone和Blackberry等移动设备上的网址进行访问。网络服务的网址以http://开头
Now we also want to secure the same in such a way that these webservices now can be accessed only through https protocol like https://
现在我们也希望以这样的方式保护它们,即现在只能通过https协议访问这些Web服务,例如https://
3 个解决方案
#1
2
If you want to use HTTPS you have to setup your Apache to do so. There are many articles describing how can you do it on Ubuntu. Try searching "ubuntu setup ssl apache2" or so.
如果你想使用HTTPS,你必须设置你的Apache。有很多文章描述了如何在Ubuntu上实现它。尝试搜索“ubuntu setup ssl apache2”左右。
Example: http://www.linode.com/wiki/index.php/Apache2_SSL_in_Ubuntu
示例:http://www.linode.com/wiki/index.php/Apache2_SSL_in_Ubuntu
In few words: you have to create a new NameVirtualHost entry in your Apache configuration, and make it listen to port 443 (default https port) and setup a certification. If your website is a public website then I suppose you don't want a self signed certification (the browser will tell the user that the certification is signed by the server itself, therefore it cannot be trusted). Look for an SSL certification on the net, I have used Verisign for one of my projects. There shouldn't be any big differences between certifications, users normally not aware of what is happening under the hood, although I would suggest to buy it from a more well known name (users might like it better).
简而言之:您必须在Apache配置中创建一个新的NameVirtualHost条目,并使其侦听端口443(默认的https端口)并设置认证。如果您的网站是公共网站,那么我认为您不需要自签名认证(浏览器会告诉用户该认证是由服务器本身签名的,因此无法信任)。在网上寻找SSL认证,我已经将Verisign用于我的一个项目。认证之间应该没有任何重大差异,用户通常不会知道幕后发生的事情,尽管我建议从一个更知名的名称购买它(用户可能更喜欢它)。
Symfony is not responsible handling your requests on HTTPS level, if your webserver is configured properly, the request comes through HTTPS and it will load PHP and Symfony to generate the response and send it back through HTTPS. What Symfony can do for you is to redirect pages between the http to the https site, if you wanted to (or wanted to limit some pages, like everything is unsecure except the login, register and change password pages). Unfortunately I don't know any good plugin to solve this, but basically you have to write a filter that triggers on any request, just before the request handling module/action is being processed.
Symfony不负责处理您在HTTPS级别的请求,如果您的网络服务器配置正确,请求通过HTTPS发送,它将加载PHP和Symfony以生成响应并通过HTTPS发回。 Symfony可以为您做的是在http到https站点之间重定向页面,如果您愿意(或者想要限制某些页面,除了登录,注册和更改密码页面之外的一切都是不安全的)。不幸的是我不知道有什么好的插件可以解决这个问题,但基本上你必须编写一个在任何请求上触发的过滤器,就在处理请求处理模块/动作之前。
This source looks to be good: http://blog.tigregroup.com/programming/creating-an-ssl-redirect-filter-in-symfony/
这个来源看起来很好:http://blog.tigregroup.com/programming/creating-an-ssl-redirect-filter-in-symfony/
hth
心连心
#2
1
Hej,
HEJ,
write this in your .htaccess and it works.
在你的.htaccess写这个,它的确有效。
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
#3
0
There are two plugin for use:
有两个插件可供使用:
sfSslRequirementPlugin : "Provides SSL encryption support for actions" and sfSslRequirementExtraPlugin: "Enhance your application security, using ssl protocol only when needed, via a fully parametrized architecture. This plugin is based on sfSslRequirementPlugin, adding new capabilities."
sfSslRequirementPlugin:“为操作提供SSL加密支持”和sfSslRequirementExtraPlugin:“通过完全参数化的体系结构,仅在需要时使用ssl协议增强应用程序安全性。此插件基于sfSslRequirementPlugin,添加了新功能。”
#1
2
If you want to use HTTPS you have to setup your Apache to do so. There are many articles describing how can you do it on Ubuntu. Try searching "ubuntu setup ssl apache2" or so.
如果你想使用HTTPS,你必须设置你的Apache。有很多文章描述了如何在Ubuntu上实现它。尝试搜索“ubuntu setup ssl apache2”左右。
Example: http://www.linode.com/wiki/index.php/Apache2_SSL_in_Ubuntu
示例:http://www.linode.com/wiki/index.php/Apache2_SSL_in_Ubuntu
In few words: you have to create a new NameVirtualHost entry in your Apache configuration, and make it listen to port 443 (default https port) and setup a certification. If your website is a public website then I suppose you don't want a self signed certification (the browser will tell the user that the certification is signed by the server itself, therefore it cannot be trusted). Look for an SSL certification on the net, I have used Verisign for one of my projects. There shouldn't be any big differences between certifications, users normally not aware of what is happening under the hood, although I would suggest to buy it from a more well known name (users might like it better).
简而言之:您必须在Apache配置中创建一个新的NameVirtualHost条目,并使其侦听端口443(默认的https端口)并设置认证。如果您的网站是公共网站,那么我认为您不需要自签名认证(浏览器会告诉用户该认证是由服务器本身签名的,因此无法信任)。在网上寻找SSL认证,我已经将Verisign用于我的一个项目。认证之间应该没有任何重大差异,用户通常不会知道幕后发生的事情,尽管我建议从一个更知名的名称购买它(用户可能更喜欢它)。
Symfony is not responsible handling your requests on HTTPS level, if your webserver is configured properly, the request comes through HTTPS and it will load PHP and Symfony to generate the response and send it back through HTTPS. What Symfony can do for you is to redirect pages between the http to the https site, if you wanted to (or wanted to limit some pages, like everything is unsecure except the login, register and change password pages). Unfortunately I don't know any good plugin to solve this, but basically you have to write a filter that triggers on any request, just before the request handling module/action is being processed.
Symfony不负责处理您在HTTPS级别的请求,如果您的网络服务器配置正确,请求通过HTTPS发送,它将加载PHP和Symfony以生成响应并通过HTTPS发回。 Symfony可以为您做的是在http到https站点之间重定向页面,如果您愿意(或者想要限制某些页面,除了登录,注册和更改密码页面之外的一切都是不安全的)。不幸的是我不知道有什么好的插件可以解决这个问题,但基本上你必须编写一个在任何请求上触发的过滤器,就在处理请求处理模块/动作之前。
This source looks to be good: http://blog.tigregroup.com/programming/creating-an-ssl-redirect-filter-in-symfony/
这个来源看起来很好:http://blog.tigregroup.com/programming/creating-an-ssl-redirect-filter-in-symfony/
hth
心连心
#2
1
Hej,
HEJ,
write this in your .htaccess and it works.
在你的.htaccess写这个,它的确有效。
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
#3
0
There are two plugin for use:
有两个插件可供使用:
sfSslRequirementPlugin : "Provides SSL encryption support for actions" and sfSslRequirementExtraPlugin: "Enhance your application security, using ssl protocol only when needed, via a fully parametrized architecture. This plugin is based on sfSslRequirementPlugin, adding new capabilities."
sfSslRequirementPlugin:“为操作提供SSL加密支持”和sfSslRequirementExtraPlugin:“通过完全参数化的体系结构,仅在需要时使用ssl协议增强应用程序安全性。此插件基于sfSslRequirementPlugin,添加了新功能。”