Feature: #87889 - Configurable TYPO3 backend URL

See forge#87889

Description

The TYPO3 backend URL is made configurable in order to enable optional protection against application admin interface infrastructure enumeration (WSTG-CONF-05). Both, frontend and backend requests are now handled by the PHP script /index.php to enable virtual admin interface URLs.

The default TYPO3 backend entry point path /typo3 can be changed by specifying a custom URL path or domain name in $GLOBALS['TYPO3_CONF_VARS']['BE']['entryPoint'].

This change requires web server adaption. A silent migration and according documentation for custom web server configurations is added. A deprecation layer (for non-adapted systems) is in place that rewrites the server environment variables passed to /typo3/index.php as if /index.php was used directly. This layer will be removed in TYPO3 v14.

This change does not take assets into account, only routing is adapted. That means Composer mode will use assets provided via /_assets as before and TYPO3 classic mode will serve backend assets from /typo3/* even if another backend URL is used and configured.

Configure to a specific path

$GLOBALS['TYPO3_CONF_VARS']['BE']['entryPoint'] = '/admin';
Copied!

Now point your browser to https://example.com/admin to log into the TYPO3 backend.

Configure to use a distinct (sub)domain

$GLOBALS['TYPO3_CONF_VARS']['BE']['entryPoint'] = 'https://backend.example.com';
$GLOBALS['TYPO3_CONF_VARS']['SYS']['cookieDomain'] = '.example.com';
Copied!

Now point your browser to https://backend.example.com/ to log into the TYPO3 Backend.

Legacy-Free installation

The legacy entry point /typo3/index.php is no longer needed and deprecated in favor of handling all backend and frontend requests with /index.php. The entry point is still in place, in case webserver configuration has not been adapted yet. The maintenance and emergency tool is still available via /typo3/install.php in order to work in edge cases like broken web server routing.

In Composer mode there is an additional opt-out for the installation of the legacy entrypoint for that can be defined in your project's composer.json file:

"extra": {
  "typo3/cms": {
    "install-deprecated-typo3-index-php": false
  }
}
Copied!

Impact

The TYPO3 backend route path is made configurable in order to protected against application admin interface infrastructure enumeration (WSTG-CONF-05). Therefore, all requests are handled by the PHP script /index.php in order to allow for variable admin interface URLs.