For Administrators

This chapter describes how to install and how to configure this extension within the settings module of your TYPO3 instance.

Important

This extension cannot secure links to files that you include in CSS, PDF, ... files.

Installation

There are several ways to require and install this extension. We recommend getting this extension via composer.

Via Composer

If your TYPO3 instance is running in composer mode, you can simply require the extension by running:

composer req leuchtfeuer/secure-downloads:>=5.0

Via Extension Manager

Open the extension manager module of your TYPO3 instance and select "Get Extensions" in the select menu above the upload button. There you can search for secure_downlaods and simply install the extension. Please make sure you are using the latest version of the extension by updating the extension list before installing the Secure Downloads extension.

Via ZIP File

You need to download the Secure Downloads extension from the TYPO3 Extension Repository and upload the ZIP file to the extension manager of your TYPO3 instance and activate the extension afterwards. You can also download an archive from GitHub and put its content directly into the typo3conf/ext directory of your TYPO3 instance. But please keep in mind, that the name of the folder must be secure_downloads (the repository name will be default).

Best Practices

You can configure this extension to fit your specific needs. However, here are some "best practices" that may help you when first using Secure Downloads:

  • Install this extension as described above

  • Enable the create file storage option

  • Put your files into that storage

If you need to secure files outside of that directory, you still can adapt the securedDirs and securedFiletypes options.

The "Secure Downloads" file storage in the file list module

All files of the newly create "Secure Downloads" file storage are protected by default.

Access Configuration

You need to secure all the directories and file types by your server configuration. This can be done with .htaccess files. You find some example .htaccess files below and in the Resources/Private/Examples directory of this extension.

Example Configuration

Please make sure to adapt the file match pattern as configured in securedFiletypes.

.htaccess deny

# Apache 2.4
<IfModule mod_authz_core.c>
  <FilesMatch "\.([pP][dD][fF]|[jJ][pP][eE]?[gG]|[gG][iI][fF]|[pP][nN][gG]|[oO][dD][tT]|[pP][pP][tT][xX]?|[dD][oO][cC][xX]?|[xX][lL][sS][xX]?|[zZ][iI][pP]|[rR][aA][rR]|[tT][gG][zZ]|[tT][aA][rR]|[gG][zZ])$">
    Require all denied
  </FilesMatch>
</IfModule>

# Apache 2.2
<IfModule !mod_authz_core.c>
  <FilesMatch "\.([pP][dD][fF]|[jJ][pP][eE]?[gG]|[gG][iI][fF]|[pP][nN][gG]|[oO][dD][tT]|[pP][pP][tT][xX]?|[dD][oO][cC][xX]?|[xX][lL][sS][xX]?|[zZ][iI][pP]|[rR][aA][rR]|[tT][gG][zZ]|[tT][aA][rR]|[gG][zZ])$">
    Order Allow,Deny
    Deny from all
  </FilesMatch>
</IfModule>

.htaccess allow

# Apache 2.4
<IfModule mod_authz_core.c>
  <FilesMatch "\.([pP][dD][fF]|[jJ][pP][eE]?[gG]|[gG][iI][fF]|[pP][nN][gG]|[oO][dD][tT]|[pP][pP][tT][xX]?|[dD][oO][cC][xX]?|[xX][lL][sS][xX]?|[zZ][iI][pP]|[rR][aA][rR]|[tT][gG][zZ]|[tT][aA][rR]|[gG][zZ])$">
    Require all granted
  </FilesMatch>
</IfModule>

# Apache 2.2
<IfModule !mod_authz_core.c>
  <FilesMatch "\.([pP][dD][fF]|[jJ][pP][eE]?[gG]|[gG][iI][fF]|[pP][nN][gG]|[oO][dD][tT]|[pP][pP][tT][xX]?|[dD][oO][cC][xX]?|[xX][lL][sS][xX]?|[zZ][iI][pP]|[rR][aA][rR]|[tT][gG][zZ]|[tT][aA][rR]|[gG][zZ])$">
    Order Deny,Allow
    Allow from all
  </FilesMatch>
</IfModule>