Flag files

TYPO3 uses a set of special files known as flag files or indicator files to control and manage low-level configurations, behaviors, and security settings of the system. These files act as triggers that enable or disable specific features or functionalities in TYPO3, often without requiring direct modifications to the core configuration files.

Flag files are typically placed in specific locations within the TYPO3 file system and are usually named in a way that reflects their purpose.

Below is a list of commonly used TYPO3 flag files, along with explanations of their functions and typical use cases.

Name Location Legacy Location
var/lock/LOCK_BACKEND config/LOCK_BACKEND
public/FIRST_INSTALL FIRST_INSTALL
config/ENABLE_INSTALL_TOOL typo3conf/ENABLE_INSTALL_TOOL

LOCK_BACKEND

LOCK_BACKEND
Content
empty or Uri to forward to
Location
var/lock/LOCK_BACKEND
Legacy Location
config/LOCK_BACKEND
Location configuration
$GLOBALS['TYPO3_CONF_VARS']['BE']['lockBackendFile']
TYPO3 Commands
vendor/bin/typo3 backend:lock, vendor/bin/typo3 backend:unlock

Changed in version 13.3

If the file exists in the location specified by $GLOBALS['TYPO3_CONF_VARS']['BE']['lockBackendFile'] or the default and is empty, an error message is displayed when you try to log into the backend:

Console commands to lock/unlock the backend
# Lock the TYPO3 Backend for everyone including administrators
vendor/bin/typo3 backend:lock

# Unlock the TYPO3 Backend after it has been locked
vendor/bin/typo3 backend:unlock
Copied!

This file locks access to the TYPO3 backend. When present, it prevents users from logging into the backend, often used during maintenance or for security reasons.

If the file contains an URI, users will be forwarded to that URI when they try to lock into the backend.

If you want locked backend state to persist between deployments, ensure that the used directory (var/lock by default) is shared between deployment releases.

The backend locking functionality is now contained in a distinct service class \TYPO3\CMS\Backend\Authentication\BackendLocker to allow future flexibility.

Use Case: Temporarily restrict backend access to prevent unauthorized changes or when performing critical updates.

FIRST_INSTALL

FIRST_INSTALL
Content
empty or arbitrary text file
Location
public/FIRST_INSTALL
Legacy Location
FIRST_INSTALL
TYPO3 Commands
vendor/bin/typo3 setup

This file initiates the TYPO3 installation process. If the file exists, TYPO3 directs the user to the installation wizard.

Use Case: Automatically initiate the installation process on a fresh TYPO3 setup.

See also: Installing TYPO3.

There is also a console command available to do the first installation:

Console command for first install
# Lock the TYPO3 Backend for everyone including administrators
vendor/bin/typo3 setup
Copied!

ENABLE_INSTALL_TOOL

ENABLE_INSTALL_TOOL
Content
empty or "KEEP_FILE"
Location
config/ENABLE_INSTALL_TOOL
Legacy Location
typo3conf/ENABLE_INSTALL_TOOL
TYPO3 Commands
None

Changed in version 12.2

The location of this file has been changed for Composer-based installations from typo3conf/ENABLE_INSTALL_TOOL to config/ENABLE_INSTALL_TOOL or var/transient/ENABLE_INSTALL_TOOL

When this file is set, it allows access to the TYPO3 Install Tool. See also The ENABLE_INSTALL_TOOL file.

  • var/transient/ENABLE_INSTALL_TOOL
  • config/ENABLE_INSTALL_TOOL
  • typo3temp/var/transient/ENABLE_INSTALL_TOOL
  • typo3conf/ENABLE_INSTALL_TOOL

This file unlocks the Install Tool, allowing access for configuration and maintenance tasks.

Use Case: Temporarily enable the Install Tool for performing system configurations or updates, then remove the file to re-secure the tool.

If you are working with the helhum/typo3-console there are also console commands available to enable or disable the install tool: