Force SSL / https on Typo3’s Backend

Pages that contain sensitive forms or serve personal information are many times secure. It is a wide trend on the internet to look for the lock icon on a page to see if your information is secure. Typo3 is no different, especially when it comes to the back end. Sometimes it is appropriate to secure Typo3’s back end login page and editing pages. This is done very easily in your server’s .htaccess file.

Try adding this code, with your domain, to your root .htaccess file:

RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^typo3(/(.*))?$ https://www.example.com/typo3/$2 [R=301,L]

Once working, your /typo3 directory should be secure.

Comments

1. Stas Kobzar(November 30, 2009)

   Hi,
   Optionally it is also possible to set lockSSL configuration variable to 2
   [BE][lockSSL] = 2
   in install tool.
   Besides, this option allows limit SSL only to BE login page if set to 3