TYPO3 Core

When a TYPO3 administrator configures either [BE][adminOnly] > 0 or [BE][adminOnly] = -1, the LockedBackendGuard throws an exception. This exception is only shown to the user, when TYPO3 in configured to DEBUG mode. When TYPO3 is in LIVE mode, only "Oops, an error occurred!" is shown to the user. Also, the HTTP response status for this configuration is 500, which is wrong, since access to the backend is denied and thus a 403 status code should be sent.

When a TYPO3 administrator configures [BE][IPmaskList] to a valid IP Mask, the LockedBackendGuard also throws an exception when the current IP address does not match the configured pattern. Again, a 500 HTTP response status is sent by TYPO3 and only a "Oops, an error occurred!" message shown to the user, when TYPO3 is in LIVE mode.

Both scenarios should show the messages thrown by the exceptions in LockedBackendGuard and also the HTTP response code should be 403 instead of 500.