I’m reading the page here:
At the bottom I noticed this note:
The process described here doesn’t prevent access to your assets (images, video, documents etc., which will still be accessible to anyone who guesses the URL to these files). We will deal with this in a separate recipe.
Could I please ask if there is a link to a separate recipe on this topic? I’d be interested to see an example of how one might use Kirby to restrict access to static assets.
Maybe the best way is to use a server like nginx to serve the static assets? And then use something like authentication based on subrequest result to check if a user is authenticated with Kirby and allowed to visit some other URL in the Kirby site?
Hello and welcome to the Kirby Forum!
You can have a look at this article for additional information:
The introductory text block explains the problem and how it works in an understandable way.
Thanks, that is indeed helpful.
After reading the “Protecting files” recipe, I can see that Kirby is designed to be friendly for many common use cases.
For the use case that I am envisioning, I think I would prefer to use authentication based on subrequest, because I want to protect an entire directory with hundreds of nested files, and I do not want Kirby see these files at all. And I think it’s probably better if nginx or some other HTTP server is providing the files directly, instead of passing the files through PHP.
I guess I’ll have to play around with Kirby and see if I can get something working the way I am envisioning. But I was hoping to find an example with authentication based on subrequest, just so I can try to get started more quickly.
If anyone can share a quick recipe for authentication based on subrequest, I would appreciate that very much.
@texnixe Do you have a solution for @slowkow that he can realise with Kirby features?
I think I’m missing some context here, like how are the files supposed to be served? As long as they are not Kirby files (i.e. they live outside the content folder and no file methods/urls called that publish them to the media folder), such an approach shouldn’t be a problem, I guess.