Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

General Questions

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

secure the assets folder

Go to End

19 Posts   5502 Views


12 May 2009 at 4:10pm Community Member, 23 Posts

Is it possible to secure files uploaded to the 'assets' folder?
The point would be that only logged in users that has access to a specifik page that links to these files can view them.

Could it be solved by moving the 'assets' folder outside apache DocumentRoot?

Other suggestions?


12 May 2009 at 5:03pm Community Member, 470 Posts

Have a dig around this module -


13 May 2009 at 9:45am Community Member, 23 Posts

Cool somebody made a module. I will have a look at that module:-)


7 June 2009 at 5:18pm Community Member, 140 Posts

I just tried out that module, and it worked okay once I fixed the .htaccess file that it generated in the secure folder. It's RewriteBase line was missing the base URL. Changing it to:

RewriteBase /

made it work.

There are a few things that I wish that it could do. The first being group access. Right now you have to add individual users to the list. In a lot of cases, it would be easier to define a user group, and then just select the group for folder access.

The other thing that would be great, is if this were expanded to work with the eCommerce module (which appears to be neglected of late), so that people selling digital products can easily create an online shop with downloads automatically activated once paid.



7 June 2009 at 6:24pm Community Member, 712 Posts

Hmm, I didn't need the rewrite base directive - my understanding is that you shouldn't need it. Can anyone else shed light on how that works?


7 June 2009 at 6:49pm Community Member, 140 Posts

RewriteBase sets the base URL for the rewrite rules. Your website is probably running on a different server program that behaves slightly differently. I'm using IIS-5, and it appears to assume that the URL base is whatever directory level the .htaccess file is in. This means that it's searching (I think) for /sapphire/main.php in whatever directory is the base to my secure assets. Setting RewriteBase to "/" means that it searches for /sapphire/main.php in the right place.



19 June 2009 at 2:21am Community Member, 57 Posts

Sorry to hijack the thread a little but I'm having trouble installing this module on SS 2.3.0/1/.

I have extracted the sourcefiles and run dev/build. It's created the SecureFilePermission table but I don't seem to get the extra tabs in the Files and Folders tabs that would allow me to specify which files should be secured. The secure files folder isn't created in the assets folder either. I don't get any errors at all.

Any ideas anyone?


19 June 2009 at 9:28am Community Member, 140 Posts


It doesn't create a secure folder, you have to choose one. When you first open the Files & Images tab, you won't see any security options; click on a folder that you wish to secure, and the security options should appear, allowing you to activate security for that folder.

It does make sense to create a folder called "secure," and stick all files and sub-directories that require secure access inside that.


Go to Top