@@ -726,7 +726,9 @@ Certain situations may arise when you may need to restrict access to a given
726726route based on IP. This is particularly relevant in the case of :ref: `Edge Side Includes<edge-side-includes> `
727727(ESI), for example, which utilize a route named "_internal". When
728728ESI is used, the _internal route is required by the gateway cache to enable
729- different caching options for subsections within a given page.
729+ different caching options for subsections within a given page. This route
730+ comes with the ^/_internal prefix by default in the standard edition (assuming
731+ you've uncommented those lines from the routing file).
730732
731733Here is an example of how you might secure this route from outside access:
732734
@@ -768,18 +770,18 @@ adding a new access_control entry:
768770 security :
769771 # ...
770772 access_control :
771- - { path: ^/_internal , roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
773+ - { path: ^/cart/checkout , roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
772774
773775code-block :: xml
774776
775777 <access-control >
776- <rule path =" ^/_internal " role =" IS_AUTHENTICATED_ANONYMOUSLY"
778+ <rule path =" ^/cart/checkout " role =" IS_AUTHENTICATED_ANONYMOUSLY"
777779 </access-control >
778780
779781code-block :: php
780782
781783 'access_control' => array(
782- array('path' => '^/_internal ', 'role' => 'IS_AUTHENTICATED_ANONYMOUSLY', 'requires_channel' => 'https'),
784+ array('path' => '^/cart/checkout ', 'role' => 'IS_AUTHENTICATED_ANONYMOUSLY', 'requires_channel' => 'https'),
783785 ),
784786
785787book-security-securing-controller :
0 commit comments