How to disable profiler in Symfony2 in production?

Question

How to disable profiler in Symfony2 in production?

I do not mean the toolbar - I mean the profiler.

I want to disable it in production, I use it extensively for development so the solution with removing its bundle is a no-go.

I have tried setting framework.profiler.only_exceptions to true. I have tried removing the framework.profiler section altogether. No matter what the profiler.db is growing after every request and every response contains x-debug-token header.

I have double-checked the config files (config.yml and config_prod.yml) and everything seems to be fined.

What's more the command app/console router:dump-apache --no-debug always dumps the _wdt and _profiler routes, but I don't have them in my routing_prod.yml and they don't seem to be present when trying to access them from the browser (404).

I'm running symfony 2.0 and I won't upgrade right now because of some major changes in 2.1 which would require a rewrite of many elements. It wouldn't be wise to start it just before initial deployment.

Answer 1

Symfony >= 2.2

As of Symfony 2.2 the profiler supports an enabled flag in the framework's configuration and is disabled by default in the test environment.

# app/config/config_test.yml
framework:
    profiler:
        enabled: false

See this Blog entry about Profiling by Fabien Potencier and the FrameworkBundle configuration reference for more details.

Update: This flag is still valid in Symfony 4.0.

---

Symfony <= 2.1

In Symfony <= 2.1 The profiler is disabled entirely if there's no framework.profilerkey in the configuration.

You can see this in the ProfilerPass of the Symfony2 FrameworkBundle configuration.

This is the case for the default config.yml and config_prod.yml (which includes the former). So if you didn't tinker with the default configurations you're fine.

In config_dev.yml however the default setting is:

framework:
    profiler: { only_exceptions: false }

Which enables profiling for the dev environment and all enviroments that import config_dev.yml like config_test.yml.

If you want to unset the profiler value in a subsequent configuration use:

framework:
    profiler: false

Values like {} or ~ won't unset the value. You have to use false.

Answer 2

Did you try this (enable only for development)

As the profiler adds some overhead, you might want to enable it only under certain circumstances in the production environment. The only-exceptions settings limits profiling to 500 pages, but what if you want to get information when the client IP comes from a specific address, or for a limited portion of the website? You can use a request matcher:

framework:
    profiler:
        matcher: { ip: 192.168.0.0/24 }

http://symfony.com/doc/current/book/internals.html#profiler

or

the profiler can be disabled on a per-action basis by doing something like:

if(in_array($this->container->get('kernel')->getEnvironment(), array('prod'))) {
    $this->container->get('profiler')->disable();
}

Answer 3

I figured it out, but still I'm not sure why the profiler settings didn't work. I did clear the cache with --no-debug after each change of the configuration.

Firstly I examined the Configuration of FrameworkBundle and found out that profiler conf node has canBeDisabled(). Then I checked what does it mean exactly.

It turns out that each canBeDisabled node has an implied child node enabled with default value set to true. You can either override it or set the parent node directly to false or null to disable the section. If you simply omit the profiler section then it is enabled by default.

Maybe I missed it in the docs, but I'm pretty sure it should be mentioned here. Also, in my opinion profiler should be disabled by default in production. I can't imagine a scenario when it would be beneficial to run profiler in production in the long run. I'll be happy if anybody proves me wrong.

BTW I noticed then as the profiler.db grows then each request becomes slower, but that may not be the case in prod.