This is a simple and fairly thin extension that makes it easy to protect file downloads using nginx’s internal redirects. It works something like this:

  • You upload a file using the admin interface and grant access to a couple of reader groups. The file is stored outside the /public folder and can’t be reached with a web browser
  • A thin public-facing controller takes download requests and checks them against group membership
  • If you’re not allowed, it redirects you to reader login or just tells you off
  • If you are allowed, it returns an attachment-download response pointing to a fictional address in /secure_download but with the `X-Accel-Redirect` header set to the real address of your file
  • Your nginx configuration intercepts the `X-Accel-Redirect` header, ignores the request address and returns the file
  • Your web browser reads the request address and gets the right file name
  • Your nginx configuration also makes sure that typing in the /secure_download address doesn’t g
Author William Ross
Repository git://
Supports Radiant 0.8.1
Record Created November 9, 2009 (over 9 years ago)


At the command prompt, in the root of your Radiant project, type:

script/extension install downloads