[TYPO3-english] Restrict access to files referenced on pages

[Alexander Stehlik]

Hi Christoph,

there is a mechanism in TYPO3 that is called jumpUrl. This feature 
causes a lot of confusion because it contains actually two features:

The first one is the redirection to an external page or email address. 
The link will not directly point to the target domain but to your TYPO3 
page with the jumpUrl parameter set. I think this can be used for 
tracking, but I'm not sure what the original purpose of this was.

The second feature is the secure access to files. And this is how you 
use it.

1. Place the files inside a folder that is protected by .htaccess, so no 
direct access is allowed.

2. Use those files in a uploads (file list content element.

3. In your TypoScript template, activate these settings:

tt_content.uploads.20.renderObj.10.stdWrap.typolink.jumpurl = 1
tt_content.uploads.20.renderObj.10.stdWrap.typolink.jumpurl.secure = 1

tt_content.uploads.20.renderObj.20.typolink.jumpurl = 1
tt_content.uploads.20.renderObj.20.typolink.jumpurl.secure = 1

Then TYPO3 fill not generate links that point directly to the files but 
generated jumpUrl links which will make sure that the user has access to 
the related page / content element.

Please note that this feature might be removed in future TYPO3 versions, 
see the discussion in [1]

I hope this helps.

Kind regards,
Alex

[1] https://review.typo3.org/#/c/23940/

-- 
Alexander Stehlik
alexander.stehlik at gmail.com