This is the documentation for concrete5 version 5.6 and earlier. View Current Documentation

Note :: It is important to know that these methods will create noticeable performance/speed issues. So be extremely selective of your method, why&what you chose to protect. While these methods do block direct access they do not stop a user with access from downloading the files they have permission to see.

File protection is next to impossible. If you have sensitive content you can take steps to restrict access to those files.

The first step which I will not go into detail is to create a file set and set permissions for users in C5.

This simple level of protection satisfies most. However users can still get to your protected files if they get the files direct url. They can then share your link. These next steps are for people who need to go a step further

The objective of this How-To is put up a roadblock for users who do not have permission. To do this you have to make sure that the server will not send the file out unless the user has permission granted from C5. Basically, what you are doing is asking the server to only serve files unless C5 approves the user.

Protect your sensitive Url by not creating a direct Url

The easiest way to do this would be to simply move the files you wanted to protect into a new folder outside of your public_html. If the file doesn't live in a public file location then there should be no way for the server to create a url outside of C5


The first step would be to ftp into your server and create a new folder do not place it in your public_html (or any other public folder)


The second step would be to set up an Alternate Storage location in C5 so C5 will know to use your new storage location.

you can find this setting at: index.php/dashboard/system/environment/file_storage_locations/

Location Name - this name will be used in your file manager

Path location - will look something like this: /home/serverfoldername/limitedfiles


The Third step is to move your files from the default files folder to the new one behind your public_html with in C5, do not move them manually

To do this in C5 go to your file manager click on a file and select “Access & Permissions” tab over to “Storage Locations” and set the access

And you're done!!

you have to do this for each file separately

To double check your progress check the URL to the File it should be something like this /index.php/download_file/view_inline/566/0/ instead of /files/324523/23423/2/hat.jpg

Another way to attack this problem is though editing your .htaccess This method prevents hot-linking of specific filetypes this means the direct url to the file will only work if the user is on a site you allow through HTTP_REFERER

This will be in Protect File Url's : Part 2

Loading Conversation