[TYPO3-english] Proxy with more than one connection pool breaks TYPO3 backend

Michael Schams typo3 at 2016.schams.net
Fri Jan 29 00:23:43 CET 2016

On Thu, 2016-01-28 at 18:56 +0000, Éric Thibault wrote:

> Strangely, we were no longer able to connect to the backend...

This means what exactly? Are you kicked out of the BE from time to time
or are you unable to login at all or don't you even see the BE login
form or... ?!

> Different tries producing different errors!

What are the errors you get?

> The IP mask configured in TYPO3 allows all those "machines".

Are you referring to the configuration "[BE][IPmaskList]"?
In this case, this is possibly the wrong config option :-)

Go to the Install Tool and open "All configuration". Unfold section
$TYPO3_CONF_VARS['BE'] and locate "[BE][lockIP]".

Assuming, your BE users get kicked out of the session and/or can't login
at all, I would start here. This is the session IP locking for backend
users. A value >0 locks the session to (a part of) the REMOTE_ADDR.
Default value is "4", which means the session is locked to the full IP
address (recommended setting for best security).

If during a session the IP changes (that's what your sys admin pointed
out, right?) the session gets terminated and the user kicked out of the

I suggest you try to find a pattern of the remote IP addresses (your sys
admin should be able to tell you which IP addresses the requests are
coming from). If only the last number changes, set this value to "3". If
the last two numbers changes, set this value to "2", etc. 0 (zero)
disables the IP address checking (last resort).

If this works, you may want to set "[BE][IPmaskList]" back to its
previous value :-)


More information about the TYPO3-english mailing list