Spring naar hoofd-inhoud

How to Change the Entry Point in TYPO3 v13

As we look to the upcoming v13 release on October 15, we’re providing an additional key feature that addresses a critical issue: security. Prior to TYPO3 v13, the backend entry point path has always been /typo3. With the new release, the backend entry point can be changed with support for subdomains as well. This feature has been long requested and serves great significance for integrators.

What is OWASP and why is it important?

Knowing the backend entry point is the first step to gaining access to TYPO3’s backend. By changing the backend entry point, you’re making it harder for a bad actor to gain access to your TYPO3 installation. If you're upgrading to v13 or if you’re starting fresh, we highly recommend utilizing this feature as a first step in the process of hardening your installation. 

This feature helps to deliver additional protection against interface infrastructure enumeration WSTG-CONF-05.

Open Web Application Security Project (OWASP) is one of the most recognized documents in cybersecurity and serves as a benchmark for developers and security teams to understand and access vulnerabilities while simultaneously making their security efforts top priority.

OWASP’s mission is to raise awareness and underscore the importance of web application security through educational materials, events, and projects. They serve to educate those in the industry and provide free tools and resources to test and find vulnerabilities in web applications. These tools enable developers to identify and fix security issues they might have overlooked. As an industry benchmark.

Step-by-Step

  • First and foremost, you need to define what your new entry point will be. To do this, head over to Admin Tools > Settings > Configure Installation Wide Options.
  • Then select BE > EntryPoint and specify the desired entry point.

Our Tip: The key is to create a unique entry point as opposed to “login” or “admin” which are common backend entry points. Be sure to make it something that you and your team will remember.

As mentioned, you can also use a subdomain as your entry point, you only need to make one additional change and that’s to set your cookie domain as your second level domain in the same section where you defined your new entry point. Admin Tools module > Settings > Configure Installation Wide Options > BE > CookieDomain.

Configure your web server

After setting up the new backend entry point, you'll need to modify your web server’s configuration file. The Official Documentation details how to make the required changes for both nginx and Apache. 

Don't forget ...

  • If you have multipe sites in a single installation, they will all use the new entry point that you defined.
  • You can still only access the Installation Tool via /typo3/install.php

Further reading

The Official Documentation contains detailed instructions for enabling this feature. The Change Log and Deprecation Log contain useful information for users who wish to upgrade their TYPO3 installation and make use of this new feature.