Attention

TYPO3 v10 has reached end-of-life as of April 30th 2023 and is no longer being maintained. Use the version switcher on the top left of this page to select documentation for a supported version of TYPO3.

Need more time before upgrading? You can purchase Extended Long Term Support (ELTS) for TYPO3 v10 here: TYPO3 ELTS.

File Storages

File Storages can be administered through the List module. They have a few properties which deserve further explanation.

The Access tab of a File Storage

Special properties in the Access tab of a File Storage

Is browsable?

If this box is not checked, the Storage will not be browsable by users via the FILE > Filelist module, not via the link browser window.

Is publicly available?

When this box is unchecked, the "publicUrl" property of files is replaced by an eID call pointing to a file dumping script provided by the TYPO3 CMS Core. The public URL looks something like index.php?eID=dumpFile&t=f&f=1230&token=135b17c52f5e718b7cc94e44186eb432e0cc6d2f. Behind the scene, class \TYPO3\CMS\Core\Controller\FileDumpController is invoked to manage the download. The class itself does not implement any access check, but provides a hook for doing so.

Warning

This does not protect your files, if the configured storage folder is within your web root. They will still be available to anyone who knows the path to the file. To implement a strict access restriction, the storage must point to some path outside the web root. Alternatively, the folder it points to must contain web server restrictions to block direct access to the files it contains (for example, in an Apache .htaccess file).

Is writable?

This property simply enables to make any Storage read-only.

Is online?

A storage that is not online cannot be accessed in the backend. This flag is set automatically when files are not accessible (for example, when a third-party storage service is not available) and the underlying driver detects someone trying to access files in that storage.

The important thing to note is that a Storage must be turned online again manually.

Warning

This does not protect your files, if the configured storage folder is within your web root or accessible via a third-party storage service which is publicly available. The files will still be available to anyone who knows the path to the file.