Secure your web infrastructure with HTTPS protocol in Symfony 3

Tags: development, hosting, security, symfony, webdev
updated: Apr 14, 2021 at 11:41AM | published: Jun 30, 2017

 

With more and more of your business’ sensitive information being digitalised, come increasing cyber-security concerns. Equipping your website with a basic defence mechanism is paramount to protect your data, content and privacy. The first step to take in that direction is to implement the HTTPS protocol.

 

What is HTTPS?

 

HTTPS – HyperText Transfer Protocol Secure – is an HTTP extension used to ensure secure communication over a computer network and on the Internet. It is a communication protocol, encrypted with a cryptographic protocol like Transport Layer Security (TLS) or Secure Sockets Layer (SSL), and is therefore also called HTTP over TLS or HTTP over SSL.

The main incentive to use HTTPS is authentication of the accessed website (assurance that one isn’t dealing with an impostor), as well as protection of the privacy and integrity of the data exchanged between a user and a server. The bidirectional encryption of communications protects against third-party interference, like eavesdropping or tampering of the information. HTTPS connections were primarily used to secure payment transactions and e-mails. Since 2018, HTTPS is used more often by all web users, mostly to protect page authenticity, secure accounts, and keep user communications, identity and web browsing private.

You know your website is secure when your URL bar looks like this:

On Google Chrome

On Apple Safari

 

 

s

Important note

The implementation of the HTTPS protocol on a website or application requires a set of certificates that are revalidated every year. Certificate Authorities, or CAs, issue those Digital Certificates, which are verifiable small data files that contain identity credentials to help websites, people, and devices represent their authentic online identity.

Be aware that your website CANNOT link to or display, on any of its pages, any resources from an unsecured web source (HTTP). If such links are found it will compromise your accreditation and you will no longer be considered a secured site.

At 4BIS, we systematically implement strong cyber-security for our clients by migrating their sites to the secured HTTPS environment. Because we are web development specialists we have the possibility to take care of getting the necessary certificates. We also ensure the proper configuration of the web server and the compliance of content.

 

How to implement HTTPS in Symfony 3

 

To force the HTTPS connection in a single route, use the schemes option and set it to https

#app/config/routing.yml

appbundle_route_identifier:
    path:     /route-name
    defaults: { _controller: fbismainBundle:Default:action_controller}
    # Force HTTPS
    schemes: [https]

 

The Security component provides another way to enforce HTTP or HTTPS via the requires_channel setting. This alternative method is better suited to secure an “area” of your website (all URLs under /admin) instead of manually specifying every route.

#app/config/security.yml
security:
    # ... #
    access_control:
        - { path: ^/, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }

 

s

Warning

In Twig, the Symfony’s default template engine, using absolute_url will lead to HTTP and not to HTTPS, which causes a security threat.

Example:
{{ absolute_url(‘assets/images/img_logo_DEH.svg’) }}
Result:
https://digitaleconomyhub.com/assets/images/img_logo_DEH.svg

To resolve this, you might need to go for a workaround solution of compiling the full link manually.

Example:
{{app.request.scheme ~ ‘://’ ~ app.request.host ~ asset(‘assets/images/img_logo_DEH.svg’)}}
Result:
https://digitaleconomyhub.com/assets/images/img_logo_DEH.svg  

We hope you found this post useful, feel free to contact us if you have questions,

Until next time!

The 4BIS team.

 


Smart portal the answer for your company’s growth

Smart portal the answer for your company’s growth

In the beginning of my career I've dived directly into the world of enterprise management software development. ERP, CRM, interconnections, gateways, dashboard and what not more. It is always an interesting question that I still ask myself every time when I'm advising...

read more
greating.nl on #Horecava2020

greating.nl on #Horecava2020

Today is a nice day for Lagosse Chocolate. They are launching their new product greating.nl on the # Horecava2020 today.4BIS.nl worked together with StyleMathot on this e-commerce tool that allows customers to personalize the wraps of their chocolate!...

read more

No Results Found

The page you requested could not be found. Try refining your search, or use the navigation above to locate the post.

Software ontwikkeling op maat

Hoe werkt het?

Wat wonderen doet voor het ene bedrijf kan zinloos zijn voor een ander bedrijf. Daarom hebben we oplossingen op maat die het unieke karakter van jouw bedrijf respecteren. We werken in een positieve spiraal van testen, monitoren en verzamelen gegevens om precies te weten te komen wat voor jou werkt en wat niet. Het is onze ‘whole package’-mindset, een aandacht voor details die ons in staat stelt om elke keer jouw prestatiedoelstellingen te bereiken. Dus ontspan en geniet van de rit!