PHPackages bitmotion/secure-downloads - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. bitmotion/secure-downloads Abandoned → [leuchtfeuer/secure-downloads](/?search=leuchtfeuer%2Fsecure-downloads)Typo3-cms-extension[Security](/categories/security) bitmotion/secure-downloads ========================== "Secure Download": Apply TYPO3 access rights to ALL file assets (PDFs, TGZs or JPGs etc. - configurable) - protect them from direct access. v14.0.1(1mo ago)2479.7k↓50%40[3 issues](https://github.com/Leuchtfeuer/typo3-secure-downloads/issues)GPL-2.0-or-laterPHPPHP >= 8.2 <= 8.5.99CI failing Since Mar 13Pushed 2mo ago9 watchersCompare [ Source](https://github.com/Leuchtfeuer/typo3-secure-downloads)[ Packagist](https://packagist.org/packages/bitmotion/secure-downloads)[ Docs](https://www.Leuchtfeuer.com)[ Fund](https://www.Leuchtfeuer.com)[ RSS](/packages/bitmotion-secure-downloads/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (10)Dependencies (16)Versions (67)Used By (0) [![Latest Stable Version](https://camo.githubusercontent.com/779d6d8dbedfe9e42bfd48b6488747e3b74992eb30f6a6aa28bd8531c627b3fc/68747470733a2f2f706f7365722e707567782e6f72672f6c657563687466657565722f7365637572652d646f776e6c6f6164732f762f737461626c65)](https://packagist.org/packages/leuchtfeuer/secure-downloads)[![Total Downloads](https://camo.githubusercontent.com/0f24419a1cc3bd7bb199218b4e2b91507655cfd45b1029c6cfbb3bda72bb1a02/68747470733a2f2f706f7365722e707567782e6f72672f6c657563687466657565722f7365637572652d646f776e6c6f6164732f646f776e6c6f616473)](https://packagist.org/packages/leuchtfeuer/secure-downloads)[![Latest Unstable Version](https://camo.githubusercontent.com/94e5dfe3b074c982258bb2ea98ea4db261fa2d74638c29c763b7accac461544c/68747470733a2f2f706f7365722e707567782e6f72672f6c657563687466657565722f7365637572652d646f776e6c6f6164732f762f756e737461626c65)](https://packagist.org/packages/leuchtfeuer/secure-downloads)[![Code Climate](https://camo.githubusercontent.com/06d28905eb19416dbf022b5a3550698977e38d2d5163adb0c9df4cfaec498569/68747470733a2f2f636f6465636c696d6174652e636f6d2f6769746875622f4c657563687466657565722f7479706f332d7365637572652d646f776e6c6f6164732f6261646765732f6770612e737667)](https://codeclimate.com/github/Leuchtfeuer/typo3-secure-downloads)[![License](https://camo.githubusercontent.com/aaa9384d0bd3f155dd1837711b6392862dd8fcea61d3aa754a3f81c3ba6f54b3/68747470733a2f2f706f7365722e707567782e6f72672f6c657563687466657565722f7365637572652d646f776e6c6f6164732f6c6963656e7365)](https://packagist.org/packages/leuchtfeuer/secure-downloads) TYPO3 Extension "Secure Downloads" ================================== [](#typo3-extension-secure-downloads) In TYPO3, assets like PDFs, TGZs or JPGs etc. are normally just referenced by a URL e.g. to `fileadmin/...`. The file itself is delivered directly by the web server, and is therefore not part of the TYPO3 access control scheme – files remain unprotected, since URLs can be re-used, emailed, Search engine included or even guessed. The "Secure Downloads" extension (`EXT:secure_downloads`) changes this behavior: Files will now be accessed through a script that honors TYPO3 access rights. The converted URL's will then look like this: ``` https://www.example.com/securedl/sdl-eyJ0eXAiOiJKV1QiLCJhbGciO[...]vcM5rWxIulg5tQ/protected_image.jpg ``` This works regardless of where the files come from and is not limited to special plugins, etc. Since in most cases you will not want to protect everything (which means that everything undergoes rather performance-consuming access right checking), Secure Downloads is highly configurable. You may choose: - what directories to protect (e.g. you can include typo3temp or not) - what file types to protect (do you want to protect JPGs or not? etc.) As a complementary measure, you will of course need to configure your web server not to deliver these things directly (e.g. using .htaccess settings). Requirements ------------ [](#requirements) We are currently supporting following TYPO3 versions: Extension VersionTYPO3 v13TYPO3 v127.xx-6.x-x### Outdated Versions [](#outdated-versions) For the following versions no more free bug fixes and new features will be provided by the authors: Extension VersionTYPO3 v11TYPO3 v10TYPO3 v9TYPO3 v8TYPO3 v7TYPO3 v6.2TYPO3 v4.55.x1)xx-----4.x-xx----3.x--xx---2.0.4 - 2.x---xx--2.0.0 - 2.0.3----xx-1.x2)-----xx- 1) Upcoming release as `leuchtfeuer/secure-downloads` (vendor name changed). - 2) As [`EXT:naw_securedl`](https://extensions.typo3.org/extension/naw_securedl) or `typo3-ter/naw-securedl`. Installation ------------ [](#installation) There are several ways to require and install this extension. We recommend getting this extension via [composer](https://getcomposer.org/). ### Via Composer [](#via-composer) If your TYPO3 instance is running in composer mode, you can simply require the extension by running: ``` composer req leuchtfeuer/secure-downloads:^7.0 ``` ### Via Extension Manager [](#via-extension-manager) Open the extension manager module of your TYPO3 instance and select "Get Extensions" in the select menu above the upload button. There you can search for `secure_downlaods` and simply install the extension. Please make sure you are using the latest version of the extension by updating the extension list before installing the Secure Downloads extension. ### Via ZIP File [](#via-zip-file) You need to download the Secure Downloads extension from the [TYPO3 Extension Repository](https://extensions.typo3.org/extension/secure_downloads/) and upload the ZIP file to the extension manager of your TYPO3 instance and activate the extension afterwards. You can also download an archive from [GitHub](https://github.com/Leuchtfeuer/typo3-secure-downloads/releases/latest) and put its content directly into the `typo3conf/ext` directory of your TYPO3 instance. But please keep in mind, that the name of the folder must be `secure_downloads` (the repository name will be default). Configuration ------------- [](#configuration) After installation you need to configure this extension. Take a look at the corresponding section of the official [manual](https://docs.typo3.org/p/leuchtfeuer/secure-downloads/main/en-us/Admin/ExtensionConfiguration/Index.html). ### Best Practice [](#best-practice) You can configure this extension to fit your specific needs. However, here are some "best practices" that may help you when first using Secure Downloads: - Install this extension as described above - Create a new "File Storage" of type "Local filesystem" on page 0 of your TYPO3 instance and set the "Is publicly available?" option to false - Create a directory on your filesystem which matches the previously configured "Base Path" - Put an `.htaccess` file into that folder that denies the access to all files within and underneath this path - Configure the extension in the admin section of your TYPO3 Backend to match all files (use an astrix for the [securedFiletypes](https://docs.typo3.org/p/leuchtfeuer/secure-downloads/main/en-us/Admin/ExtensionConfiguration/Index.html#securedfiletypes)option) in your newly created file storage (use the path for the [securedDirs](https://docs.typo3.org/p/leuchtfeuer/secure-downloads/main/en-us/Admin/ExtensionConfiguration/Index.html#secureddirs)option). ### Access Configuration [](#access-configuration) You also need to secure all the directories and file types by your server configuration. This can be done with `.htaccess` files. Some example .htaccess files can be found in the [Resources/Private/Examples](https://github.com/Leuchtfeuer/typo3-secure-downloads/tree/main/Resources/Private/Examples)folder. **Note**: This extension cannot secure links to files that you include in your CSS file. For example, you can secure `/fileadmin`with the default `.htaccess_deny` file by putting the file in `/fileadmin`. You can allow `/fileadmin/templates/` with the default `.htaccess_allow` file by putting this file to `/fileadmin/template/`. Documentation ------------- [](#documentation) A detailed documentation can be found in the [official TYPO3 documentation](https://docs.typo3.org/p/leuchtfeuer/secure-downloads/main/en-us/Index.html)of this extension. Changelog --------- [](#changelog) The changelog can be found in the changelog chapter of the [official TYPO3 documentation](https://docs.typo3.org/p/leuchtfeuer/secure-downloads/master/en-us/About/ChangeLog/Index.html)of this extension. Contributing ------------ [](#contributing) You can contribute by making a **pull request** to the master branch of this repository, by using the "❤️ Sponsor" button on the top of this page, or just send us some **beers** 🍻... ### Health Score 66 — FairBetter than 99% of packages Maintenance83 Actively maintained with recent releases Popularity40 Moderate usage in the ecosystem Community29 Small or concentrated contributor base Maturity95 Battle-tested with a long release history Bus Factor2 2 contributors hold 50%+ of commits How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~93 days Recently: every ~6 days Total 48 Last Release 59d ago Major Versions v5.0.7 → v6.1.22025-11-06 v6.1.2 → v7.0.22025-11-06 v6.1.3 → v7.0.42026-02-24 v6.1.4 → v7.1.02026-03-05 v7.1.0 → v14.0.02026-03-06 PHP version history (6 changes)v5.0.0-rc1PHP ^7.2 || ^8.0 v6.0.0-rc1PHP ^8.1 v6.1.0PHP >= 8.1 < 8.4 v7.0.0PHP >= 8.2 < 8.5 v6.1.2PHP >= 8.1 <= 8.4.99 v14.0.0PHP >= 8.2 <= 8.5.99 ### Community Maintainers ![](https://avatars.githubusercontent.com/u/20301893?v=4)[Leuchtfeuer Digital Marketing](/maintainers/LeuchtfeuerDigitalMarketing)[@LeuchtfeuerDigitalMarketing](https://github.com/LeuchtfeuerDigitalMarketing) --- Top Contributors [![flossels](https://avatars.githubusercontent.com/u/8256874?v=4)](https://github.com/flossels "flossels (93 commits)")[![balasch](https://avatars.githubusercontent.com/u/68707177?v=4)](https://github.com/balasch "balasch (45 commits)")[![bmafeldt](https://avatars.githubusercontent.com/u/33094668?v=4)](https://github.com/bmafeldt "bmafeldt (19 commits)")[![bmgrieger](https://avatars.githubusercontent.com/u/55093258?v=4)](https://github.com/bmgrieger "bmgrieger (17 commits)")[![bmheins](https://avatars.githubusercontent.com/u/32935316?v=4)](https://github.com/bmheins "bmheins (13 commits)")[![helhum](https://avatars.githubusercontent.com/u/904370?v=4)](https://github.com/helhum "helhum (12 commits)")[![jpmschuler](https://avatars.githubusercontent.com/u/12411176?v=4)](https://github.com/jpmschuler "jpmschuler (4 commits)")[![georgringer](https://avatars.githubusercontent.com/u/1905663?v=4)](https://github.com/georgringer "georgringer (3 commits)")[![bmack](https://avatars.githubusercontent.com/u/165630?v=4)](https://github.com/bmack "bmack (2 commits)")[![markuspoerschke](https://avatars.githubusercontent.com/u/1222377?v=4)](https://github.com/markuspoerschke "markuspoerschke (2 commits)")[![hahrens](https://avatars.githubusercontent.com/u/16990102?v=4)](https://github.com/hahrens "hahrens (2 commits)")[![ste101](https://avatars.githubusercontent.com/u/359959?v=4)](https://github.com/ste101 "ste101 (2 commits)")[![sypets](https://avatars.githubusercontent.com/u/13206455?v=4)](https://github.com/sypets "sypets (2 commits)")[![neufeind](https://avatars.githubusercontent.com/u/910025?v=4)](https://github.com/neufeind "neufeind (1 commits)")[![nsd0skapitza](https://avatars.githubusercontent.com/u/171925546?v=4)](https://github.com/nsd0skapitza "nsd0skapitza (1 commits)")[![Patta](https://avatars.githubusercontent.com/u/2151127?v=4)](https://github.com/Patta "Patta (1 commits)")[![ayacoo](https://avatars.githubusercontent.com/u/5963331?v=4)](https://github.com/ayacoo "ayacoo (1 commits)")[![tmaroschik](https://avatars.githubusercontent.com/u/771756?v=4)](https://github.com/tmaroschik "tmaroschik (1 commits)")[![cedricziel](https://avatars.githubusercontent.com/u/418970?v=4)](https://github.com/cedricziel "cedricziel (1 commits)")[![DavidBruchmann](https://avatars.githubusercontent.com/u/999146?v=4)](https://github.com/DavidBruchmann "DavidBruchmann (1 commits)") --- Tags downloadsextensionhashingsecuretypo3typo3-extensiondownloadssecuretypo3 ### Code Quality Code StylePHP CS Fixer ### Embed Badge ![Health badge](/badges/bitmotion-secure-downloads/health.svg) ``` [![Health](https://phpackages.com/badges/bitmotion-secure-downloads/health.svg)](https://phpackages.com/packages/bitmotion-secure-downloads) ``` ### Alternatives [leuchtfeuer/secure-downloads "Secure Download": Apply TYPO3 access rights to ALL file assets (PDFs, TGZs or JPGs etc. - configurable) - protect them from direct access. 22234.7k1](/packages/leuchtfeuer-secure-downloads)[typo3/testing-framework The TYPO3 testing framework provides base classes for unit, functional and acceptance testing. 675.0M775](/packages/typo3-testing-framework)[aimeos/aimeos-typo3 Professional, full-featured and high performance TYPO3 e-commerce extension for online shops and complex B2B projects 1.5k91.2k4](/packages/aimeos-aimeos-typo3)[fluidtypo3/vhs This is a collection of ViewHelpers for performing rendering tasks that are not natively provided by TYPO3's Fluid templating engine. 1954.1M49](/packages/fluidtypo3-vhs)[pagemachine/typo3-formlog Form log for TYPO3 23225.3k6](/packages/pagemachine-typo3-formlog)[netresearch/rte-ckeditor-image Image support in CKEditor for the TYPO3 ecosystem - by Netresearch 63991.3k4](/packages/netresearch-rte-ckeditor-image) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)