Configuration

Attention

To establish complete security, the secure file storage must be located outside the public directory. TYPO3 can work with file storages outside of its own system, so there are no problems to be editorially active in the backend. A file store outside the public directory increases the security of the system by design rather than by configuration.

Steps

create a local storage (outside TYPO3 public)

mkdir -p ${TYPO3_PUBLIC_PATH}/../private/secure_fileadmin/

Create a File Storage in backend

Be aware of the Base URI, as this field needs to be set up. This ensures speaking URLs in the frontend and the middleware accessing the right storage.
Optional: Set up an access group for this file storage. This Access group is working as fallback, if no access is defined in file list module.

Note

According to your web server, there should be settings done to redirect the access to files to the TYPO3 instead of answering with a 404 - Not found

Backend Users and groups

Attention

Due to core restrictions on table access, it is highly needed to allow all backend users access to table tx_securefilemount_folder. Users will never see this table in a list, as the table is located on root level and hidden (like sys_file_metadata, sys_file).

Server Configuration

nginx Web Server

nginx example configuration

location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
    # your configuration here
    try_files $uri /index.php?$uri;
}

Apache2 Web Server

Apache2 example configuration

RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
RewriteRule ^/(.*)$ /index.php?%{REQUEST_URI} [P,QSA,L]