diff --git a/src/main/java/de/devloop/mavor/AuthenticatedServlet.java b/src/main/java/de/devloop/mavor/AuthenticatedServlet.java
index a9cf26e..e2970e1 100644
--- a/src/main/java/de/devloop/mavor/AuthenticatedServlet.java
+++ b/src/main/java/de/devloop/mavor/AuthenticatedServlet.java
@@ -20,7 +20,21 @@ public class AuthenticatedServlet extends HttpServlet {
         }
     }
 
+    @Override
+    protected final void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
+        session = new Session(req.getSession(true));
+        if (!session.isAuthenticated()) {
+            resp.sendRedirect("/mavor/authenticate");
+        } else {
+            doAuthenticatedPost(req, resp);
+        }
+    }
+
     protected void doAuthenticatedGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
         // nooooothing
     }
-}
+
+    protected void doAuthenticatedPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
+        // nooooothing
+    }
+}
\ No newline at end of file
diff --git a/src/main/java/de/devloop/mavor/servlet/Download.java b/src/main/java/de/devloop/mavor/servlet/DownloadJars.java
similarity index 90%
rename from src/main/java/de/devloop/mavor/servlet/Download.java
rename to src/main/java/de/devloop/mavor/servlet/DownloadJars.java
index 5973b73..dde4ea1 100644
--- a/src/main/java/de/devloop/mavor/servlet/Download.java
+++ b/src/main/java/de/devloop/mavor/servlet/DownloadJars.java
@@ -22,8 +22,8 @@ import jakarta.servlet.annotation.WebServlet;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 
-@WebServlet("/download")
-public class Download extends AuthenticatedServlet {
+@WebServlet("/download/jars")
+public class DownloadJars extends AuthenticatedServlet {
 
     private static final String PARAMETER_SITE = "site";
     private static final String PARAMETER_GROUP_ID = "groupId";
@@ -31,7 +31,6 @@ public class Download extends AuthenticatedServlet {
     private static final String PARAMETER_VERSION = "version";
     private static final String PARAMETER_POM = "pom";
     private static final String PARAMETER_TYPE = "type";
-    private static final String PARAMETER_ZIP = "zip";
 
     // TODO: set as property
     private static final String MAVEN_CMD = "/usr/bin/mvn";
@@ -39,6 +38,11 @@ public class Download extends AuthenticatedServlet {
 
     private File tempDir = new File(TEMP_DIR);
 
+    @Override
+    protected void doAuthenticatedPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
+        doAuthenticatedGet(req, resp);
+    }
+
     @Override
     protected void doAuthenticatedGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
         // TODO: implement a lot of checks:
@@ -53,13 +57,6 @@ public class Download extends AuthenticatedServlet {
             generatePomXmlByArtifact(site, groupId, artifactId, version);
         } else if (type.equals("pom")) {
             writePomXml(req.getParameter(PARAMETER_POM));
-        } else if (type.equals("zip")) {
-            String zipFilename = req.getParameter(PARAMETER_ZIP);
-            File zipFile = new File(tempDir, zipFilename);
-            resp.setContentType("application/zip");
-            FileInputStream fileInputStream = new FileInputStream(zipFile);
-            fileInputStream.transferTo(resp.getOutputStream());
-            fileInputStream.close();
         } else {
             throw new ServletException("Unknown download type: " + type);
         }
@@ -121,7 +118,11 @@ public class Download extends AuthenticatedServlet {
 
             @Override
             public boolean accept(File dir, String name) {
-                return dir.getAbsolutePath().equals(TEMP_DIR) && name.endsWith(".jar");
+                try {
+                    return dir.getCanonicalPath().equals(tempDir.getCanonicalPath()) && name.endsWith(".jar");
+                } catch (IOException e) {
+                    return false;
+                }
             }
             
         });
@@ -136,7 +137,7 @@ public class Download extends AuthenticatedServlet {
         }
 
         zipStream.close();
-        return zipFile.getAbsolutePath();
+        return zipFile.getName();
     }
 
     /**
diff --git a/src/main/java/de/devloop/mavor/servlet/DownloadZip.java b/src/main/java/de/devloop/mavor/servlet/DownloadZip.java
new file mode 100644
index 0000000..266246f
--- /dev/null
+++ b/src/main/java/de/devloop/mavor/servlet/DownloadZip.java
@@ -0,0 +1,37 @@
+package de.devloop.mavor.servlet;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+
+import de.devloop.mavor.AuthenticatedServlet;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.annotation.WebServlet;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+
+@WebServlet("/download/zip")
+public class DownloadZip extends AuthenticatedServlet {
+
+    // TODO: set as property
+    private static final String TEMP_DIR = "/home/damage/Temp/mavor";
+
+    private static final String PARAMETER_FILENAME = "file";
+    private File tempDir = new File(TEMP_DIR);
+
+    @Override
+    protected void doAuthenticatedGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
+        String zipFilename = req.getParameter(PARAMETER_FILENAME);
+        File zipFile = new File(tempDir, zipFilename);
+        if (zipFile.getParentFile().getCanonicalPath().equals(tempDir.getCanonicalPath())) {
+            resp.addHeader("Content-Disposition", String.format("attachment; filename=\"%s\"", zipFilename));
+            resp.setContentType("application/zip");
+            resp.setContentLengthLong(zipFile.length());
+            FileInputStream fileInputStream = new FileInputStream(zipFile);
+            fileInputStream.transferTo(resp.getOutputStream());
+            fileInputStream.close();
+        } else {
+            throw new ServletException("-.-");
+        }
+    }
+}
diff --git a/src/main/webapp/download.jsp b/src/main/webapp/download.jsp
index d7a6cd7..4a15f09 100644
--- a/src/main/webapp/download.jsp
+++ b/src/main/webapp/download.jsp
@@ -4,7 +4,7 @@
     <body style="background-color:black; color:white">
         Output:<br/>
         <pre>${stdout}</pre><br/>
-        File: <a href="/mavor/download?type=zip&file=${zipFilename}">${zipFilename}</a><br/>
+        File: <a href="/mavor/download/zip?file=${zipFilename}">${zipFilename}</a><br/>
         <a href="/mavor/logout">logout</a> | <a href="/mavor">back</a>
     </body>
 </html>
diff --git a/src/main/webapp/main.jsp b/src/main/webapp/main.jsp
index 76040b2..0a066b8 100644
--- a/src/main/webapp/main.jsp
+++ b/src/main/webapp/main.jsp
@@ -3,7 +3,7 @@
 <html>
 <body style="background-color:black; color:white">
 <h2>Hello ${username}</h2>
-<form method="get" action="/mavor/download">
+<form method="get" action="/mavor/download/jars">
     <input type="hidden" name="type" value="artifact"/>
     Site: <input type="text" name="site" value="https://source.devloop.de/api/packages/damage/maven/" /><br/>
     Group ID: <input type="text" name="groupId" value="org.apache.activemq"/><br/>
@@ -11,7 +11,7 @@
     Version: <input type="text" name="version" value="2.39.0"/><br/>
     <input type="submit"/>
 </form>
-<form method="get" action="/mavor/download">
+<form method="post" action="/mavor/download/jars">
     <input type="hidden" name="type" value="pom"/>
     POM: <textarea name="pom"></textarea><br/>
     <input type="submit"/>