Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Releases and Announcements

Latest news about the SilverStripe software.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

SecureFiles 0.30 Released

Go to End

17 Posts   4220 Views


8 April 2010 at 9:09am Community Member, 712 Posts

Hi everyone,

SecureFiles 0.30 has been tagged and released. See: [url][/url]

New features:

  • Compatibility fixes for 2.4
  • Localisation for German, Spanish, Finnish, French and Swedish (thanks everyone who contributed)
  • Basic unit tests, "rebuild secure file rules" build task
  • Support for Apache x-sendfile headers (for best performance)
  • New permission method: Access tokens (assign time limited unique access tokens for anonymous users)
  • Developer hooks: onAccessGranted and onAccessDenied

It is likely that this will form the basis of a 1.0 release candidate. Bug reports, further translations and suggestions welcome.



13 May 2010 at 1:56am Community Member, 150 Posts


Have tried your module on 2.3.7 and 2.4.0 but receive error when doing the following:

- Setup clean SS installation
- Add securefiles folder and rebuild
- Unquote individual member and member group in _config
- Add user group under Security tab and add 'access to secure files'
- Add 'SecureUploads' folder, tick 'secure folder'
- Add Group Access Permissions to all groups (just for testing)
- Add file
- Go to files-tab and try to open file
- Error (using Google Chrome):

This webpage is not found.

No webpage was found for the web address: http://localhost:8888/

+ More information on this error
Below is the original error message

Error 6 (net::ERR_FILE_NOT_FOUND): The file or directory could not be found.

Please note that all seems to work fine when I unquote SecureFileController::use_ss_sendfile_method(); in _config, but it says "Not recommended for production sites"

What may have caused this problem?


18 May 2010 at 12:52pm Community Member, 712 Posts

That's odd - it uses essentially the same file path regardless of sending method, so I'm not sure why you're getting that error.

What type of server are you running?


18 May 2010 at 8:56pm Community Member, 150 Posts

Tested both on MAMP and on a shared hosting PHP/apache webserver. Both give the same result.


7 July 2010 at 4:33am Community Member, 10 Posts

I'm having a similar problem. I installed the module fine, and the backend is working properly. After securing a folder called "members" and adding administrator access, when I try to access a file from the frontend I'm met with a simple "Not Found" or a 404 error. The same files are available without any trouble when I turn off security for that folder. At times it tried to send me to the Security (login) page with a BackURL to the file, but that didn't work, plus I was already logged in.


7 July 2010 at 9:56am Community Member, 712 Posts

Please log a ticket at:


With as much as information you an provide about how to replicate. I've been unable to recreate the issue, so if you can give me a step my step outline that would be useful.



Carbon Crayon

24 August 2010 at 6:37am Community Member, 598 Posts

Hi guys, did you ever find the solution to this?

I am having the same issue, as soon as I secure a file/folder it becomes unavailable on the front end even when logged in as an ADMIN, just gives a 404. Unsecure it and the file can be accessed again.

Strangely it works fine on my local enviroment (WAMP), but not on a Cpanel VPS or Cpanel shared hosting env.

I have tried both v0.30 and trunk both with the same results. Using SS v2.4.0.

any help would be most appreciated :)


Carbon Crayon

24 August 2010 at 6:58am Community Member, 598 Posts

Just to (possibly) add a bit more info to this, when I added the
<Directory /www/assets>
Options None
to my httpd.conf file as suggested in the README, I got this error in apache:

[Mon Aug 23 19:08:43 2010] [error] [client] Options FollowSymLinks or SymLinksIfOwnerMatch is off which implies that RewriteRule directive is forbidden: /home/aabweb/public_html/sfx/assets/Uploads/Testfile.0001.jpg

and a SilverStripe 404 page when trying to access the file.

Not sure what that means in terms of the problem but thought it worth reporting.....

Go to Top