Bug #18476

Cannot login into the backend over SSL

Added by David Frster over 13 years ago. Updated about 13 years ago.

Should have
Target version:
Start date:
Due date:
% Done:


Estimated time:
TYPO3 Version:
PHP Version:
Is Regression:
Sprint Focus:


Whenever I try to log into the backend of a Typo3 installation, accessible over https only, the typo3/index.php Script redirects me to typo3/backend.php with the http protocol instead of https.

I noticed the lockSSL setting but it's purpose seems to be to disable the backend login over plain http.

The login over https should work without a problem if the server just sends the redirect path without the protocol information included.

I'm using the 4.2 branch from subversion.

(issue imported from #M7899)


Updated by Christian Kuhn over 13 years ago

I can't confirm that.

All my Backends use ssl, some 4.2 installations also with the new reverse proxy patch.

Maybe you have a mod_rewrite that forces a redirect back to http?


Updated by Christian Kuhn over 13 years ago

If you use lockSSL = 1, try to disable it and configure your virtualhost to force a backend call to rewrite to your ssl domain.

A typical apache vhost looks like (a rewrite in .htaccess would be similar):

ServerName bar.de
RewriteEngine On

  1. Rewrite backend to ssl as subpath of ssl-domain
    RewriteCond %{REQUEST_URI} ^/typo3/
  2. Do not rewrite requests on images, as images may also be linked in FE for ext an sysext extensions (like indexed_search, maybe .js should also be added)
    RewriteCond %{REQUEST_FILENAME} !(.*)\.gif$
    RewriteCond %{REQUEST_FILENAME} !(.*)\.jpg$
    RewriteCond %{REQUEST_FILENAME} !(.*)\.png$
    RewriteRule ^/(.*) https://ssldomain.tld/bar.de/$1 [R=301,NC]

This way you do not need lockSSL, there is afaik no way to circumvent the backend ssl redirect. You can also communicate "http://bar.de/typo3/" as BE link with your customers, and they will be magically rewritten to a secure connection for the backend.


Updated by Christian Kuhn over 13 years ago

Any news here?


Updated by Christian Kuhn about 13 years ago

No reply for a long time. Closed.

Also available in: Atom PDF