remove link-local IPv6 address (fe80::1)

Henry Snoek · Henry Snoek · commit c9c33b54a0fb · 2016-03-11T14:16:51.000+01:00
diff --git a/cookbook/configuration/environments.rst b/cookbook/configuration/environments.rst
@@ -328,7 +328,7 @@ The new environment is now accessible via::
     aren't accessible, the front controller is usually protected from external
     IP addresses via the following code at the top of the controller::
 
-        if (!in_array(@$_SERVER['REMOTE_ADDR'], array('127.0.0.1', 'fe80::1', '::1'))) {
+        if (!in_array(@$_SERVER['REMOTE_ADDR'], array('127.0.0.1', '::1'))) {
             die('You are not allowed to access this file. Check '.basename(__FILE__).' for more information.');
         }
 
diff --git a/cookbook/security/access_control.rst b/cookbook/security/access_control.rst
@@ -176,7 +176,7 @@ pattern so that it is only accessible by requests from the local server itself:
             # ...
             access_control:
                 #
-                - { path: ^/internal, roles: IS_AUTHENTICATED_ANONYMOUSLY, ips: [127.0.0.1, fe80::1, ::1] }
+                - { path: ^/internal, roles: IS_AUTHENTICATED_ANONYMOUSLY, ips: [127.0.0.1, ::1] }
                 - { path: ^/internal, roles: ROLE_NO_ACCESS }
 
     .. code-block:: xml
@@ -193,7 +193,7 @@ pattern so that it is only accessible by requests from the local server itself:
                 <!-- ... -->
                 <rule path="^/internal"
                     role="IS_AUTHENTICATED_ANONYMOUSLY"
-                    ips="127.0.0.1, fe80::1, ::1"
+                    ips="127.0.0.1, ::1"
                 />
 
                 <rule path="^/internal" role="ROLE_NO_ACCESS" />
@@ -209,7 +209,7 @@ pattern so that it is only accessible by requests from the local server itself:
                 array(
                     'path' => '^/internal',
                     'role' => 'IS_AUTHENTICATED_ANONYMOUSLY',
-                    'ips' => '127.0.0.1, fe80::1, ::1'
+                    'ips' => '127.0.0.1, ::1'
                 ),
                 array(
                     'path' => '^/internal',
@@ -230,8 +230,8 @@ the external IP address ``10.0.0.1``:
   that does not match an existing role, it just serves as a trick to always
   deny access).
 
-But if the same request comes from ``127.0.0.1``, ``::1`` (the IPv6 loopback
-address) or ``fe80::1`` (the IPv6 link-local address):
+But if the same request comes from ``127.0.0.1`` or ``::1`` (the IPv6 loopback
+address):
 
 * Now, the first access control rule is enabled as both the ``path`` and the
   ``ip`` match: access is allowed as the user always has the

Original file line number	Diff line number	Diff line change
`@@ -328,7 +328,7 @@ The new environment is now accessible via::`
`328`	`328`	`aren't accessible, the front controller is usually protected from external`
`329`	`329`	`IP addresses via the following code at the top of the controller::`
`330`	`330`
`331`		`- if (!in_array(@$_SERVER['REMOTE_ADDR'], array('127.0.0.1', 'fe80::1', '::1'))) {`
	`331`	`+ if (!in_array(@$_SERVER['REMOTE_ADDR'], array('127.0.0.1', '::1'))) {`
`332`	`332`	`die('You are not allowed to access this file. Check '.basename(__FILE__).' for more information.');`
`333`	`333`	`}`
`334`	`334`