How to force access globally via HTTPS (HTTP over SSL) in Symfony 1.4

How to force access globally via HTTPS (HTTP over SSL) in Symfony 1.4

A lot of project will need to run on a secured http context due to requirements in the client side. In a PHP application, this can be done through directives of Apache or Nginx, however a lot of us wouldn't do it due to lack of knowledge with this or just because you're lazy.

Such redirectioning from http to https can be done within your application as well. Thanks to the way that Symfony 1.4 works, this can be done globally and within seconds you will be able to redirect any URL of your project to its secured version. In this article we'll show you how to force HTTPS globally in your project.

1. Create a security filter

Create the sfSecureFilter.class.php file inside the lib directory of your application e.g  apps/frontend/lib/sfSecureFilter.class.php or if you use it globally on all of your applications inside the lib directory. This file will contain as the name of the file, sfSecureFilter class that extends the sfFilter class of Symfony:


// apps/frontend/lib/sfSecureFilter.class.php
// or for all apps
// lib/sfSecureFilter.class.php

class sfSecureFilter extends sfFilter
     * Implements a global redirect from the 'http' to the 'https' version.
     * @param type $filterChain
     * @return type
    public function execute($filterChain)
        $context = $this->getContext();
        $request = $context->getRequest();

        if (!$request->isSecure())
            $secure_url = str_replace('http', 'https', $request->getUri());

            return $context->getController()->redirect($secure_url);

The execute method will retrieve the context and request and will verify wheter the request is already secured or not. According to its protocol, it will be changed automatically to HTTPS if the request isn't secured yet. The class by itself does nothing if it isn't attached to a filter event of Symfony, so proceed with the last step after creating this file.

2. Register SSL Filter

Now that we have a filter class that changes the protocol if it isn't secured, we need to register it in the filters.yml file of your app, specifically in in the rendering filter by simply adding the class property with the name of our previously created class (sfSecureFilter):

# apps/<YourApp>/config/filters.yml

# You can find more information about this file on the symfony website:

# Run the sfSecureFilter before starting the rendering process
  class:  sfSecureFilter

# Don't enable 'sfSecureFilter' in the security filter as this is only
# executed when a module is secured by some rule on 'security.yml'
security: ~
cache:     ~
execution: ~

After saving the changes to the filters.yml, clear the cache of your project with php symfony cc and access any route of your project. Now, you will be redirected automatically to the HTTPS version of it always.

Happy coding !

Become a more social person