Downloads & Security

Customer Documents supports:

• Local file downloads (stored in pub/media/...)
• External URL redirects (for files hosted elsewhere)

Storage & Direct Access

Files are stored under pub/media// (configured in Admin).

Even though the module serves downloads via controllers, you should block direct web access to the upload folder in production.

Example (nginx):

location ~* ^/pub/media/customerdocuments/ { deny all; }

If you changed the upload path in Admin, adjust this server rule to match your configured folder.

Public Download URLs

If a document is public (is_public = 1), it can be downloaded without login:

/customerdocuments/download/file?id=

If the document also has a password:

/customerdocuments/download/file?id=&password=

Public downloads are rate-limited (per document and requester) to reduce brute-force attempts.

Customer Account Downloads

In the “My Documents” area, protected downloads use a short-lived token flow:

1. The customer starts a download (and enters a password if required).
2. The system validates access and creates a temporary token.
3. The file is streamed only while this token is still valid (about 60 seconds).

External Documents (Redirect Mode)

Documents can be marked as external (is_external = 1) with an external_url.

Security rules:

• Only http/https URLs are accepted.
• The hostname can be restricted via Allowed External Domains (customerdocuments/general/external_allowed_domains).
  • Empty list means “allow all” (not recommended in production).

Obscure Filename

If Obscure Filename is enabled (customerdocuments/general/obscure_filename), customers download files with a generated filename instead of the original basename.

ZIP Download

ZIP downloads exclude:

• password-protected documents
• external documents

See: ZIP Download