Bug #18476
closedCannot login into the backend over SSL
0%
Description
Whenever I try to log into the backend of a Typo3 installation, accessible over https only, the typo3/index.php Script redirects me to typo3/backend.php with the http protocol instead of https.
I noticed the lockSSL setting but it's purpose seems to be to disable the backend login over plain http.
The login over https should work without a problem if the server just sends the redirect path without the protocol information included.
I'm using the 4.2 branch from subversion.
(issue imported from #M7899)
Updated by Christian Kuhn about 16 years ago
I can't confirm that.
All my Backends use ssl, some 4.2 installations also with the new reverse proxy patch.
Maybe you have a mod_rewrite that forces a redirect back to http?
Updated by Christian Kuhn about 16 years ago
If you use lockSSL = 1, try to disable it and configure your virtualhost to force a backend call to rewrite to your ssl domain.
A typical apache vhost looks like (a rewrite in .htaccess would be similar):
<VirtualHost 123.1.2.3:80>
ServerName bar.de
...
RewriteEngine On
- Rewrite backend to ssl as subpath of ssl-domain
RewriteCond %{REQUEST_URI} ^/typo3/ - Do not rewrite requests on images, as images may also be linked in FE for ext an sysext extensions (like indexed_search, maybe .js should also be added)
RewriteCond %{REQUEST_FILENAME} !(.*)\.gif$
RewriteCond %{REQUEST_FILENAME} !(.*)\.jpg$
RewriteCond %{REQUEST_FILENAME} !(.*)\.png$
RewriteRule ^/(.*) https://ssldomain.tld/bar.de/$1 [R=301,NC]
</VirtualHost>
This way you do not need lockSSL, there is afaik no way to circumvent the backend ssl redirect. You can also communicate "http://bar.de/typo3/" as BE link with your customers, and they will be magically rewritten to a secure connection for the backend.