Discussion:
[TYPO3] Fix for changing the BE admin url
Darren Clark
2006-03-23 17:21:50 UTC
Permalink
Hi

The procedure documented to alter the backend url from /typo3 to a new
one involves alterations to the main source code.

http://typo3.org/documentation/document-library/core-documentation/doc_core_inside/current/view/3/10/

On investigation all that needs changing is the defined value
"TYP03_maindir". In php a defined value can only be done once, therefore
instead of changing the scripts in the source I used the
auto_prepend_option to set the value first via .htaccess file

This appears to work correctly, please see:

http://cwebd.co.uk/typo3doc/prepend.phps

Therefore all you need to do is update the .htaccess file to prepend the
file above and alter the symlink typo3 to the new value.

You can then access the admin interface via:

http://yoursite/newadminurl

This should improve security as the admin interface could be any url and
not just /typo3.

I'm still testing this, but I'd welcome your thoughts and if deemed a
good solution the documentation and wiki page
(http://wiki.typo3.org/index.php/Security#Change_the_TYPO3_BE_directory)
could be updated.

--
Darren
Clark Web Development Ltd
Matthew Manderson
2006-03-23 21:02:52 UTC
Permalink
Post by Darren Clark
I'm still testing this, but I'd welcome your thoughts and if deemed a
good solution the documentation and wiki page
(http://wiki.typo3.org/index.php/Security#Change_the_TYPO3_BE_directory)
could be updated.
I think this is a really good idea. Thanks for your effort. Both from a
client facing perspective and from a 'security' perspective. Typo3 itself
is about as secure as it can be. Anything to allow installations to be a
little more unique will help.

It would be particulary useful to hear from the dev team if this approach
you suggest is a technically a good one and ideally if it can be included
in the BE install tool.

Matthew
Darren Clark
2006-03-25 11:07:22 UTC
Permalink
Post by Darren Clark
Hi
The procedure documented to alter the backend url from /typo3 to a new
one involves alterations to the main source code.
http://typo3.org/documentation/document-library/core-documentation/doc_core_inside/current/view/3/10/
On investigation all that needs changing is the defined value
"TYP03_maindir". In php a defined value can only be done once, therefore
instead of changing the scripts in the source I used the
auto_prepend_option to set the value first via .htaccess file
http://cwebd.co.uk/typo3doc/prepend.phps
Therefore all you need to do is update the .htaccess file to prepend the
file above and alter the symlink typo3 to the new value.
http://yoursite/newadminurl
This should improve security as the admin interface could be any url and
not just /typo3.
I'm still testing this, but I'd welcome your thoughts and if deemed a
good solution the documentation and wiki page
(http://wiki.typo3.org/index.php/Security#Change_the_TYPO3_BE_directory)
could be updated.
In addition the BACK_PATH variable also needs to be updated in the local
extensions. I've added this into the documentation in the file at:

http://cwebd.co.uk/typo3doc/prepend.phps

--
Darren
Post by Darren Clark
--
Darren
Clark Web Development Ltd
_______________________________________________
TYPO3-english mailing list
TYPO3-english at lists.netfielders.de
http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-english
Loading...