Sharing is caring

Here is where we like to share our knowledge with you

With the growth of concerns about the cyber security consider equipping your website with basic defence mechanism.

The first step to secure your site, content and user privacy is to implement HTTPS protocol.

What is HTTPS?

HTTPS (also called HTTP over Transport Layer Security (TLS),[1] HTTP over SSL,[2] and HTTP Secure[3][4]) is a communication protocol for the WEB for secure communication. Every time a message or package is sent between end user and the server where site is hosted they are encrypted and decrypted, avoiding any interruptions or additions on the way by the 3rd party.

When the site is properly secured you will get a green sign(chrome) or a lock-icon(safari) in the address bar of the browser, like on our own website.

Google Chrome:

Apple Safari:

As of June 2017, 21.7% of Alexa top 1,000,000 websites use HTTPS as default.

Implementation of the HTTPS on the website or app requires a set of certificates that are revalidated every year, proper configuration of the web server and might require changes in content.

[av_notification title=’Keep in mind’ color=’orange’ border=’solid’ custom_bg=’#444444′ custom_font=’#ffffff’ size=’large’ icon_select=’yes’ icon=’ue814′ font=’entypo-fontello’]
Your website cannot have any resources from unsecured websites (HTTP). In this case your site will be not considered as secured
[/av_notification]

In 4bis.nl we migrating all our clients to the secured HTTPS environment.

To consider implementing HTTPS in Symfony 3:

To force the HTTPS connection in a single route, use the schemes options and set it to https

#app/config/routing.yml

appbundle_route_identifier:
    path:     /route-name
    defaults: { _controller: fbismainBundle:Default:action_controller}
    # Force HTTPS
    schemes: [https]

The Security component provides another way to enforce HTTP or HTTPS via the requires_channel setting. This alternative method is better suited to secure an “area” of your website (all URLs under /admin) instead of specify manually every route.

#app/config/security.yml
security:
    # ... #
    access_control:
        - { path: ^/, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }

[av_notification title=’Using absolute_url in TWIG will lead to an issue’ color=’orange’ border=’solid’ custom_bg=’#444444′ custom_font=’#ffffff’ size=’large’ icon_select=’yes’ icon=’ue825′ font=’entypo-fontello’]
In twig using absolute_url will lead to HTTP and not to HTTPS, that can cause the issue of partial security.

Example:
{{ absolute_url(‘assets/images/podium/partners/partners-02.png’) }}
Result:
http://podium.presentyourstartup.nl/assets/images/podium/partners/partners-02.png

As a result you might need to go for a workaround solution of compiling the full link manually:
Example:
{{app.request.scheme ~ ‘://’ ~ app.request.host ~ asset(‘assets/images/podium/partners/partners-02.png’)}}
Result:
https://podium.presentyourstartup.nl/assets/images/podium/partners/partners-02.png

[/av_notification]