files – How can I restrict access to a static HTML page served from a subfolder of my site to authenticated users only?


I have a Drupal 8 site that has all roles and permissions necessary for authenticated users. One of the new requirements is to serve a static microsite (like a campaign site, totally different design compare to Drupal site) which is a single folder with all the static assets (HTML, CSS, JS , images). We have to serve this site under the same domain drupal is hosted and should be accessed ONLY by authenticated users.

I tried to host it under sites/default/files/ directory, but it means it is public and anyone can access it.