How to hide the source of a download on a webpage

Question

I'm looking for a way to hide the source of my download. I'm surprised this is not more covered, but it also makes me wonder whether it's possible.

(Edit: By hide I mean make it difficult or impossible for end user to find a direct link to the file. They will thus be forced to actually be on the page, clicking it, for it to work.)

I found a script to force download files that are locally stored. The way I see it, it hides the true source (at least it's not in view source or download history).

http://w-shadow.com/blog/2007/08/12/how-to-force-file-download-with-php/

So this works, I made it into a function that gets a linkID, and check that with a DB for the actual file-source. Hooray!

Only what if your downloads are on another server? Then you can't use most of the functions used here (like filesize, isreadable, fopen, ...). I'm not proficient enough to decide whether it is possible/feasible to make this work cross-server.

I realize that probably my webserver will lose bandwidth even though files aren't stored there, that's not a big issue.

Any info on the subject would be greatly appreciated. I prefer PHP, but I can work with whatever you give me, I really have no idea about this one.

Answer 1

You mean you want to hide the path of files stored on your server? If this is the case, simply store the files outside of your web root, and serve the files with a PHP script which will make use of readfile() + header() of appropriate headers depending on whether you are serving the file for opening or forced download. See http://php.net/readfile for plenty of examples on forced download scripts.