Bug #18476

Cannot login into the backend over SSL

Added by David Frster over 13 years ago. Updated about 13 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2008-03-19
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.2
PHP Version:
5.2
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

Whenever I try to log into the backend of a Typo3 installation, accessible over https only, the typo3/index.php Script redirects me to typo3/backend.php with the http protocol instead of https.

I noticed the lockSSL setting but it's purpose seems to be to disable the backend login over plain http.

The login over https should work without a problem if the server just sends the redirect path without the protocol information included.

I'm using the 4.2 branch from subversion.

(issue imported from #M7899)

#1

Updated by Christian Kuhn over 13 years ago

I can't confirm that.

All my Backends use ssl, some 4.2 installations also with the new reverse proxy patch.

Maybe you have a mod_rewrite that forces a redirect back to http?

#2

Updated by Christian Kuhn over 13 years ago

If you use lockSSL = 1, try to disable it and configure your virtualhost to force a backend call to rewrite to your ssl domain.

A typical apache vhost looks like (a rewrite in .htaccess would be similar):

<VirtualHost 123.1.2.3:80>
ServerName bar.de
...
RewriteEngine On

  1. Rewrite backend to ssl as subpath of ssl-domain
    RewriteCond %{REQUEST_URI} ^/typo3/
  2. Do not rewrite requests on images, as images may also be linked in FE for ext an sysext extensions (like indexed_search, maybe .js should also be added)
    RewriteCond %{REQUEST_FILENAME} !(.*)\.gif$
    RewriteCond %{REQUEST_FILENAME} !(.*)\.jpg$
    RewriteCond %{REQUEST_FILENAME} !(.*)\.png$
    RewriteRule ^/(.*) https://ssldomain.tld/bar.de/$1 [R=301,NC]
    </VirtualHost>

This way you do not need lockSSL, there is afaik no way to circumvent the backend ssl redirect. You can also communicate "http://bar.de/typo3/" as BE link with your customers, and they will be magically rewritten to a secure connection for the backend.

#3

Updated by Christian Kuhn over 13 years ago

Any news here?

#4

Updated by Christian Kuhn about 13 years ago

No reply for a long time. Closed.

Also available in: Atom PDF