PHPackages zhortein/dev-security-bundle - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. zhortein/dev-security-bundle ActiveSymfony-bundle[Security](/categories/security) zhortein/dev-security-bundle ============================ Secure your Symfony dev environment without losing comfort. 1.0.2(7mo ago)03MITPHPPHP >=8.3CI passing Since Oct 18Pushed 7mo agoCompare [ Source](https://github.com/Zhortein/dev-security-bundle)[ Packagist](https://packagist.org/packages/zhortein/dev-security-bundle)[ Docs](https://github.com/zhortein/dev-security-bundle)[ RSS](/packages/zhortein-dev-security-bundle/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (2)Dependencies (14)Versions (5)Used By (0) Zhortein Dev Security Bundle ============================ [](#zhortein-dev-security-bundle) > 🔒 Secure your Symfony dev environment without losing comfort. [![CI](https://github.com/zhortein/dev-security-bundle/actions/workflows/ci.yml/badge.svg)](https://github.com/zhortein/dev-security-bundle/actions/workflows/ci.yml)[![codecov](https://camo.githubusercontent.com/a8880ca0178d88c3c1c3715e49e223bf4a313d2352c8c870edd33763239beb30/68747470733a2f2f636f6465636f762e696f2f67682f7a686f727465696e2f6465762d73656375726974792d62756e646c652f6272616e63682f646576656c6f702f67726170682f62616467652e737667)](https://codecov.io/gh/zhortein/dev-security-bundle)[![PHP Version](https://camo.githubusercontent.com/9872fd8f457b3bbce616d8826c0bebc67a8a9b46fa0ca7318857404d3cb816d3/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f5048502d2533453d382e332d626c75652e737667)](https://php.net)[![Symfony Version](https://camo.githubusercontent.com/df7ec9ef99fccb3900e97104e0fcc6f3ea91d16aa5b61d6464a456b945377574/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f53796d666f6e792d372e302b2d6f72616e67652e737667)](https://symfony.com)[![License: MIT](https://camo.githubusercontent.com/fdf2982b9f5d7489dcf44570e714e3a15fce6253e0cc6b5aa61a075aac2ff71b/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4c6963656e73652d4d49542d79656c6c6f772e737667)](https://opensource.org/licenses/MIT) This bundle protects Symfony development environments from accidental exposure of sensitive data. It restricts access to the **Web Debug Toolbar**, **Profiler**, and other **debug routes** to a whitelist of IPs or reverse hostnames. --- 🚀 Installation -------------- [](#-installation) ``` composer require --dev zhortein/dev-security-bundle ``` Then register it (Symfony Flex usually handles this automatically): ``` // config/bundles.php return [ Zhortein\DevSecurityBundle\ZhorteinDevSecurityBundle::class => ['dev' => true, 'test' => true], ]; ``` --- ⚙️ Configuration ---------------- [](#️-configuration) Create `config/packages/zhortein_dev_security.yaml` with configuration options: ``` zhortein_dev_security: enabled: true allowed_ips: - 127.0.0.1 - ::1 - 192.168.1.0/24 - 10.8.0.0/16 allowed_hosts: - "*.mydomain.fr" - "*.otherdomain.com" log_blocked_attempts: true ``` --- 🧠 Features ---------- [](#-features) ✅ Restricts Symfony Web Debug Toolbar & Profiler to allowed IPs / CIDR / hostnames ✅ Logs blocked attempts for audit ✅ Optional `#[RestrictedToDevWhitelist]` attribute to secure sensitive routes (e.g. `/dev/info`) ✅ Zero dependency, works out of the box --- 🧰 Usage Example --------------- [](#-usage-example) ``` use Zhortein\DevSecurityBundle\Attribute\RestrictedToDevWhitelist; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\Routing\Annotation\Route; #[Route('/dev/info')] #[RestrictedToDevWhitelist] public function devInfo(): Response { return new Response('This route is visible only to authorized developer IPs.'); } ``` If accessed from an unauthorized IP, the bundle throws `AccessDeniedHttpException` (403). --- 🛠️ Roadmap ---------- [](#️-roadmap) VersionFeature1.0.0Base security (profiler restriction, route attribute)1.1.0Command-line helper to list current IPs and detect reverses1.2.0Middleware to disable exception stacktraces in preprod2.0.0Audit dashboard & metrics integration--- 🧑‍💻 Author ---------- [](#‍-author) [David Renard](https://www.david-renard.fr/?utm_source=github&utm_medium=banner&utm_campaign=david-renard-fr&utm_content=zhortein-dev-security-bundle)CEO at [Isatis Concept](https://www.isatis-concept.fr?utm_source=github&utm_medium=banner&utm_campaign=isatis-concept&utm_content=zhortein-dev-security-bundle) 📝 License --------- [](#-license) MIT © David Renard ### Health Score 34 — LowBetter than 77% of packages Maintenance65 Regular maintenance activity Popularity3 Limited adoption so far Community6 Small or concentrated contributor base Maturity53 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~2 days Total 3 Last Release 210d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/44929672bbed3e80606355419b928ded5440ec6260ecc1013bd543d7bc4d1ec5?d=identicon)[Zhortein](/maintainers/Zhortein) --- Top Contributors [![Zhortein](https://avatars.githubusercontent.com/u/82563246?v=4)](https://github.com/Zhortein "Zhortein (35 commits)") --- Tags symfonydevsecuritydevelopmentSymfony Bundle ### Code Quality TestsPHPUnit Static AnalysisPHPStan Code StylePHP CS Fixer Type Coverage Yes ### Embed Badge ![Health badge](/badges/zhortein-dev-security-bundle/health.svg) ``` [![Health](https://phpackages.com/badges/zhortein-dev-security-bundle/health.svg)](https://phpackages.com/packages/zhortein-dev-security-bundle) ``` ### Alternatives [behat/behat Scenario-oriented BDD framework for PHP 4.0k96.8M2.0k](/packages/behat-behat)[sulu/sulu Core framework that implements the functionality of the Sulu content management system 1.3k1.3M152](/packages/sulu-sulu)[tilleuls/url-signer-bundle Create and validate signed URLs with a limited lifetime in Symfony 81340.1k](/packages/tilleuls-url-signer-bundle)[scheb/2fa Two-factor authentication for Symfony applications (please use scheb/2fa-bundle to install) 578630.7k1](/packages/scheb-2fa)[cmsig/seal-symfony-bundle An integration of CMS-IG SEAL search abstraction into Symfony Framework. 15195.8k5](/packages/cmsig-seal-symfony-bundle)[symfony/ai-mate AI development assistant MCP server for Symfony projects 1624.9k11](/packages/symfony-ai-mate) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)