Introduction¶

What does it do?¶

This extension protects everything within /fileadmin/ based on associated folder and file restrictions (visibility, user groups and dates of publication):

Protecting a folder and a few individual files

Unlike other similar extensions securing the File Abstraction Layer (FAL) of TYPO3, this extension aims at making it straightforward to block direct access to your sensitive assets and to keep the exact same URL as if your /fileadmin/ would not be protected; this is thus totally transparent from a user perspective.

No need to configure anything, just install and enable as usual, block direct access at the server level (Apache/Nginx see below) and… that’s it!

Our motto? KISS!

How does it work?¶

The idea is to block direct access at the server level so that your Apache or Nginx web server delegates the handling of static assets to a small script within this extension which ensures any file and folder restrictions are enforced.

By design, the “_processed_” folder (/fileadmin/_processed_/) is not protected and its content (thumbnails or resized/cropped images) is always freely accessible.

Differences with similar extensions¶

We have found two similar extensions with their own differences to this extensions:

fal_securedownload:
- changes the download URL (using the eID concept from TYPO3 core, non-public storages);
- only file links from non-public (protected) storages go through security proxy
- provides Frontend-related components (a File tree JS component);
- is able to keep track of a count of downloads.
secure_downloads:
- requires relatively complex configuration at the server level and as administrator in TYPO3 Backend;
- changes the download URL;
- supports more advanced use-cases like one-time download link.