TYPO3 Extension restrictfe¶

What does it do?¶

This extension blocks access to frontend and allows to show it only to some defined exception's like if the request is from an authorized backend user, has specific IP, header, domain, language or GET/POST vars. Useful to protect your staging and production instances.

How this can be useful for me?¶

It will be useful whenever you want to protect whole or part of website from being public. See following examples for staging and production instances.

For staging instances

You will find restrictfe useful if you have staging instances and you want to protect frontend content form public but at the same time:

• allow to show frontend to authorized backend users,
• allow to show frontend to IP of your VPN,
• allow to show frontend to your external spiders for crawling,
• allow some payment systems to send confirm link to your application endpoint,
• allow Google Page Speed to make tests,
• etc.

For production instances

You will find restrictfe useful if you have production instance which is already live but access to some part of website must be yet hidden for regular frontend users. At the same time is must be accessible in frontend for logged backend users which must be able to edit content on that hidden part.

The best example is multilanguage website. Lets assume there is production with only one language - let it be English. After few months website owner decided to have new language - Chines. The translation will be done on live directly and will be long process - like few weeks. During that process client must check content on frontend but at the same time the translated website must be inaccessible for regular users. The solution is to use restrictfe and set it to show all frontend except sysLanguageUid=1 (the uid of new language). In such case even if some frontend user will switch to new language by forcing L parameter in url address then he will see warning "Login to see the content of this page". The content of the warning can be change by setting path to Fluid template so you can show whatever you like when frontend user is requesting restricted content.

Installation¶

Just use composer or download by Extension Manager.

composer require sourcebroker/restrictfe

Be aware that after installation restrictfe blocks all traffic to frontend by default. This is by design because if you will add new staging instances they will be blocked by default so there is no risk that you forgot to protect it and someone will see new staging instance or google will index it. Of course you must remember to unblock production instance with simple line:

$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['restrictfe']['exceptions'] = ['*' => true];

Put this config in the file that is included only on live instance!

Notice! restrictfe protection is not working if $_SERVER['REMOTE_ADDR'] == 127.0.0.1 so if you are working on your local instance restrictfe is disabled. If you want to to make testing and enable it on your local instance insert following line in typo3conf/AdditionalConfiguration.php or in some extension ext_localconf.php: $GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['restrictfe']['exceptions']['ip'] = '__UNSET';

Documentation¶

Configuration examples¶

Some most useful real live configuration examples:

$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['restrictfe']['exceptions'] = [
        '!sysLanguageUid' => 1,
];

$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['restrictfe']['exceptions'] = [
        '!domain' => 'sub.example.com',
];

$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['restrictfe']['exceptions'] = [
       'get' => 'secret=91009123',
];

$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['restrictfe']['exceptions'] = [
      'ip' => '11.11.11.11',
];

$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['restrictfe']['exceptions'] = [
        'AND' => [
             'ip' => [
                '66.249.64.0/19'
                '66.249.44.0/19'
                ],
             'header' => [
                'HTTP_USER_AGENT=Google Page Speed Insights'
                'HTTP_USER_AGENT=Google Page Speed'
               ],
             ]
        ]
];

[
  'templatePath' => ExtensionManagementUtility::siteRelPath('restrictfe').'Resources/Private/Templates/Restricted.html',
  'cookie'       => [
      'expire'   => time() + 86400 * 30,
      'path'     => '/',
      'domain'   => null,
      'secure' => ((int)$GLOBALS['TYPO3_CONF_VARS']['SYS']['cookieSecure'] === 1 || GeneralUtility::getIndpEnv('TYPO3_SSL')),
      'httponly' => $GLOBALS['TYPO3_CONF_VARS']['SYS']['cookieHttpOnly'],
  ],
  'exceptions' => [
      'backendUser' => true,
      'ip'          => '127.0.0.1',
  ],
];

FAQ¶

• Extension does not work. The frontend is not blocked at all. What is wrong? Be sure you are logged from BE and the cookie "restrictfe" is deleted. Remember also that restrictfe protection is not working if $_SERVER['REMOTE_ADDR'] == 127.0.0.1 so if you are working on your local instance restrictfe is disabled. To enable it on your local instance insert folowing line: $GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['restrictfe']['exceptions']['ip'] = '__UNSET';
• I am logged out from BE but still frontend is not blocked, why? From 3.0.0. version after first successful login a cookie is set (name tx_restrictfe). If that cookie is present then user do not have to authorize again. So delete that cookie and then your frontend should be blocked again.

Known problems¶

None.

To-Do list¶

1. Add userFunc for conditions
2. Add pregmatch for all conditions like '~domain'
3. Add support for detecting browser language to see proper lang on "you must log to see the website" warning screen.
4. Make unit tests for conditions array.

Changelog¶

See https://github.com/sourcebroker/restrictfe/blob/master/CHANGELOG.rst