Secure Files
Secure Files allows site administrators to mark folders as secure, granting access to particular viewers to download the folder contents. This prevents search engines discovering your files, allows better management of site assets and will also provide hooks into more advanced file management.
Requirements
- SilverStripe 2.3+, 2.4
Installation
- Extract to a folder in your SilverStripe installation directory.
- Run /dev/build?flush=1
- Optionally apply the additional permission modes listed in _config.php
Configuration
Secure Files uses Apache htaccess rules to provide file security. If your webserver uses a non-standard htaccess file, you can configure it with the following line in your site _config.php:
SecureFileController::$htaccess_file = ".htaccess";
Recommendations
This module uses htaccess rules and mod_rewrite. If you're using SilverStripe? in rewriteless mode (using the base index.php) or via IIS, DO NOT USE THIS MODULE. Disable all Apache Option directives for your asset folders from your Apache configuration (eg httpd.conf). Prevents directory indexing, includes, symlinking and CGI execution:
<Directory /www/assets> Options None </Directory>
For large files, streaming media or a general performance boost, use mod_xsendfile (for apache) or lighttpd (uses xsendfile natively). Enable xsendfile headers with Secure Files by adding this to your _config.php:
SecureFileController::use_x_sendfile_method();
Developer Tips
Create new access methods by decorating File and implementing the canViewSecured method. If it returns true access to the file is granted. Hooks are provided for onAccessGranted and onAccessDenied. Implement these methods in your decorators to trigger actions when the file is requested.
