not found - 404 pages in TYPO3

TYPO3 offers the possibility to play an editorially maintained "Page not found" page if a visitor visits a wrong URL. However, this results in unsightly error messages if the website is hidden behind a password protection (.htaccess), e.g. on a STAGING environment.

Deliver error 404 pages if the website is password protected

Why should you hide a website?

There is a good reason to hide websites behind a basic HTTP auth. New features should be reviewed and approved by the customer. Editors are preparing content that will go live later. Of course, search engines should not find this content too early - or better: not at all, after all, no duplicate content should be created.

Such a password protection is quickly set up: on web servers with the Apache web server, a .htaccess file can simply be deposited and the server takes care of the rest.

404 - we have a problem!

If a URL is called that TYPO3 does not know, the system delivers the configured "Page not found" page and the corresponding 404 header. However, TYPO3 tries to retrieve exactly this page by making a call to its own web server, and this does not work if the server is password protected. A dilemma! Of all things, the page that is supposed to handle an error leads to a visible error in the frontend!

So to get around this, we have to teach the web server to deliver requests from its own host without password protection. And this is indeed very simple:


AuthUserFile /path/to/.htpasswd
AuthGroupFile /dev/null
Require valid-user
Order deny,allow
Deny from all
Allow from
Allow from server.public.ip.address
Satisfy any


The first part is probably familiar to many people: here, the password protection is simply configured as usual.

Then, certain IP addresses are allowed and with Satisfy Any we accept any way of authentication. So all requests are simply delivered from the local system; all others get the password dialog and have to log in.

If you have a fixed IP address, you can use this same mechanism to avoid having to enter your password from your office every time.

By the way: the .htaccess protection is well suited to hide pages from search engines or similar. For development environments this is therefore well suited. But if you want to provide content to your regular visitors only after registration, you should refrain from using .htaccess; the frontend user authentication available in TYPO3 is much better suited for this!

Take a look to the Apache .htaccess documentation

Comments (0)

No comments found!

Write new comment