PHPackages fritzmg/contao-file-access - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. fritzmg/contao-file-access ActiveContao-bundle[Security](/categories/security) fritzmg/contao-file-access ========================== Contao extension that allows file access restrictions for frontend users. 2.4.1(1y ago)105.1k↓50%1[1 issues](https://github.com/fritzmg/contao-file-access/issues)LGPL-3.0-or-laterPHPPHP >=8.1 Since Jan 5Pushed 12mo ago1 watchersCompare [ Source](https://github.com/fritzmg/contao-file-access)[ Packagist](https://packagist.org/packages/fritzmg/contao-file-access)[ Docs](https://github.com/fritzmg/contao-file-access)[ GitHub Sponsors](https://github.com/sponsors/fritzmg)[ RSS](/packages/fritzmg-contao-file-access/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (10)Dependencies (11)Versions (27)Used By (0) [![](https://camo.githubusercontent.com/4d1e866a2ddcb5f5e3b70a594ef3173a8e17efbb3cd5d378cfd85ec9e81af68f/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f667269747a6d672f636f6e74616f2d66696c652d6163636573732e737667)](https://packagist.org/packages/fritzmg/contao-file-access)[![](https://camo.githubusercontent.com/ddd5a36002e2a8363f748bdffcd9c9df8c4a14b9d047b7282ebac203e99ba79d/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f667269747a6d672f636f6e74616f2d66696c652d6163636573732e737667)](https://packagist.org/packages/fritzmg/contao-file-access) Contao File Access ================== [](#contao-file-access) Contao extension to allow direct file access to protected files for logged in front end users. Usage ----- [](#usage) After installing this extension, you will have the ability to allow members to access files, that are not made public. Simply edit a folder and enable the allowed member groups. If you select none, the file will not be accessible in general (but can still be accessed via the download content element for example). Users will have access to files, if they are allowed to access any parent folder, i.e. each folder inherits the member group access setting. [![Screenshot](https://raw.githubusercontent.com/fritzmg/contao-file-access/master/screenshot.png)](https://raw.githubusercontent.com/fritzmg/contao-file-access/master/screenshot.png) Since version `1.1.0` the script generates a regular Contao 401 page when a file is accessed without sufficient permissions (403 for older Contao versions). Thus you are able to do the following: 1. Create a page of the type `401 Not authenticated` in your site structure with no redirect setting. 2. Create a login module with no redirect setting. 3. Add this login module to the `401 Not authenticated` page. Now, when a user which has not logged in yet opens the link to a file, he will be presented with the login form instead. After he logged in, he will be "redirected back" to the file again (there is no redirect happening actually, the user stays on the same URL). Responses --------- [](#responses) - If a file is not present in the database of the file system, a `404` response is generated. - If none of the parent folders of a file have any member groups set, a `404` response is generated. - If the user is not logged in, a `401` response is generated in Contao 4.6 and up, otherwise a `403` response is generated. - If the user is logged in and he does not have access to any of the parent folders, a `403` reponse is generated. User Homes ---------- [](#user-homes) Since version `2.3.0` you are also able to grant front end users access to the files in their user home directory in the settings of the member. Protect Resized Images ---------------------- [](#protect-resized-images) Since version `2.4.0` it is possible to also automatically protect any resized images (thumbnails) of protected files which would otherwise be publicly available under `assets/images`. You can enable this feature in your config: ``` # config/config.yaml contao_file_access: protect_resized_images: true ``` Note that this will however put additional load on your application as all requests to any resized protected image must be processed by the application. Also note that due to technical limitations you will always have access to these images (i.e. see these images) if you are logged into the back end in your current browser session. Important Notes --------------- [](#important-notes) Since this access restriction is done via PHP, the file is also sent to the client via PHP. This means that the `max_execution_time` needs to be sufficiently large, so that any file can be transferred to the client before the script is terminated. Thus you should be aware that problems can occur if a file is either very large or the client's connection to the server is very slow, or both. The script tries to disable the `max_execution_time`, though there is no guarantee that this will work. Also there can be other timeouts in the webserver. If you did not enable `protect_resized_images` (see above) and you use thumbnails of protected images, the URL to these thumbnails can still be accessed by anyone. Acknowledgements ---------------- [](#acknowledgements) Development funded by [KASTNER](https://www.kastner.at/) and [ieQ-systems GmbH & Co. KG](https://www.ieq-systems.de/). ### Health Score 46 — FairBetter than 93% of packages Maintenance43 Moderate activity, may be stable Popularity29 Limited adoption so far Community10 Small or concentrated contributor base Maturity82 Battle-tested with a long release history Bus Factor1 Top contributor holds 91.8% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~130 days Recently: every ~215 days Total 26 Last Release 521d ago Major Versions 1.x-dev → 2.0.02019-03-28 PHP version history (5 changes)1.0.0PHP >=5.2 2.0.0PHP >=7.1 2.2.0PHP ^7.1 || ^8.0 2.4.0PHP ^7.4 || ^8.0 2.4.1PHP >=8.1 ### Community Maintainers ![](https://www.gravatar.com/avatar/25f6ec05570f72d0fcc4d0a4fef2309799d53badf8b30484284e73724661e0d8?d=identicon)[fritzmg](/maintainers/fritzmg) --- Top Contributors [![fritzmg](https://avatars.githubusercontent.com/u/4970961?v=4)](https://github.com/fritzmg "fritzmg (67 commits)")[![e-spin](https://avatars.githubusercontent.com/u/6942009?v=4)](https://github.com/e-spin "e-spin (6 commits)") --- Tags contaocontao-modulefilesaccesscontaoprotected ### Embed Badge ![Health badge](/badges/fritzmg-contao-file-access/health.svg) ``` [![Health](https://phpackages.com/badges/fritzmg-contao-file-access/health.svg)](https://phpackages.com/packages/fritzmg-contao-file-access) ``` ### Alternatives [sylius/sylius E-Commerce platform for PHP, based on Symfony framework. 8.4k5.6M651](/packages/sylius-sylius)[symfony/security-bundle Provides a tight integration of the Security component into the Symfony full-stack framework 2.5k172.9M1.8k](/packages/symfony-security-bundle)[shopware/platform The Shopware e-commerce core 3.3k1.5M3](/packages/shopware-platform)[codefog/contao-haste haste extension for Contao Open Source CMS 42650.8k139](/packages/codefog-contao-haste)[sulu/sulu Core framework that implements the functionality of the Sulu content management system 1.3k1.3M152](/packages/sulu-sulu)[contao/core-bundle Contao Open Source CMS 1231.6M2.3k](/packages/contao-core-bundle) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)