diff --git a/web/download/web-log/index.php b/web/download/web-log/index.php
index 79b5601cd0..35ebc335da 100644
--- a/web/download/web-log/index.php
+++ b/web/download/web-log/index.php
@@ -3,6 +3,13 @@
 error_reporting(NULL);
 session_start();
 include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
+
+// Check token
+if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) {
+    header('Location: /login/');
+    exit();
+}
+
 $v_domain = $_GET['domain'];
 $v_domain = escapeshellarg($_GET['domain']);
 if ($_GET['type'] == 'access') $type = 'access';
diff --git a/web/templates/admin/list_weblog.html b/web/templates/admin/list_weblog.html
index 1ca837e28c..b46e797996 100644
--- a/web/templates/admin/list_weblog.html
+++ b/web/templates/admin/list_weblog.html
@@ -23,8 +23,8 @@
       <div class="l-menu clearfix">
         <div class="l-menu__item <?php if($_GET['type'] == 'access') echo 'l-menu__item--active' ?>"><a href="/list/web-log/?domain=<?=htmlentities($_GET['domain'])?>&type=access"><?=__('AccessLog')?></a></div>
         <div class="l-menu__item <?php if($_GET['type'] == 'error') echo 'l-menu__item--active' ?>"><a href="/list/web-log/?domain=<?=htmlentities($_GET['domain'])?>&type=error"><?=__('ErrorLog')?></a></div>
-        <div class="l-menu__item"><a href="/download/web-log/?domain=<?=htmlentities($_GET['domain'])?>&type=access"><?=__('Download AccessLog')?></a></div>
-        <div class="l-menu__item"><a href="/download/web-log/?domain=<?=htmlentities($_GET['domain'])?>&type=error"><?=__('Download ErrorLog')?></a></div>
+        <div class="l-menu__item"><a href="/download/web-log/?domain=<?=htmlentities($_GET['domain'])?>&type=access&token=<?=$_SESSION['token']?>"><?=__('Download AccessLog')?></a></div>
+        <div class="l-menu__item"><a href="/download/web-log/?domain=<?=htmlentities($_GET['domain'])?>&type=error&token=<?=$_SESSION['token']?>"><?=__('Download ErrorLog')?></a></div>
       </div>
       <!-- /.l-menu -->
       <div class="l-profile">