probably the best way to do it would be to store the page in question outside of the webroot. then on the page you will use to link to it, to generate some dynamic link that is only good one time, and store its name in a database. use a php script to determine if the page is valid...
example.
a user visits link.php. it creates a unique id like
hg32hg9832hg982hg8923hg892h9ghq23gh984hg2q3
for example, and stores it in the db. then the link on the page might look like
dynamic.php?hg32hg9832hg982hg8923hg892h9ghq23gh984hg2q3
on dynamic, query that value to the database and determine if its there, if so output the contents of the page, and the delete the value from the db, otherwise deny access to the resource.
other than a tactic like that there is not 100% way to truly mask a url. you could use frames or a redirection but its easy for anyone to discover the url.
internet explorer had some vulnerabilites a while back where putting the null character in your link could show the wrong url in the taskbar, but its fixed now and only worked for IE.
