Symfony 2 Securing Login with IP

Question

I have a firewall rule which together with annotations allows only access to actions as specific user.

Additionally I would love to block ANY login if it is not comi

Answer 1

If I am not mistaken, what Symfony does here, is try and match the role of the user to what is required for the path. If it doesn't match one of those roles, it sends the user to the login page.

The problem is, the login page is where the user has just come from. Thus the user gets into an infinite loop as their condition can never be met.

I would suggest putting the login page itself outside of the firewall and just put the IP check within the code of the LOGIN page and if not met, dump out somewhere else, which isn't within the firewall.