Question on Header()

VladTheImpaled

I have a site that serves media, and I want to restrict access to the raw files and ensure all requests for the files are going through a PHP script first (for logging, authentication, etc.). I have this working well by using .htaccess in Apache to take a file request, and convert the incoming request to a PHP script. The script then logs the request, and uses Header() to redirect the user to the location of the actual file.

The problem, however, is that I am finding many browsers will display in the URL field the endpoint of the redirect and I have found users who will just cut & paste this URL directly into their website, thereby bypassing the PHP script.

What I'm trying to find is a way to do this that masks the actual file location from view from a browser, but still allows me to use my existing PHP script to log the request and then redirect the user to the file (the files are located on different servers and I need to have those server's Apache web servers actually serve the physical files).

Does anyone know a way to mask a redirect in PHP, or have any suggestions on how this could be done? I'm open to using any technologies within the Apache space also if that would help.

Thanks in advance for any suggestions.

Vlad

theelectricwiz

Hello. I was thinking about setting something up this myself, but haven't yet gotten round to it. What I was going to do was set up an apache redirect so that if a user opened the link to the file eg www.domain.com/files/test.exe they would be redirected (url would be the same to the user (I can't remeber what it's actually called but it is the [nc] option)) to an php page that would then determine the file type by using mime_content_type() and then put the in a header("Content-type: ... ); and the just open it using the binary fopen and write it using fwrite. Like I said, I haven't tried it, but it should work. If you give it a go, let me know how you get on. Hope this helps. Cheers

VladTheImpaled

This is basically what I have been doing for the first part. By using .htaccess, I interpret the incoming request and identify the file type by extension in the URL request. I then change it to a PHP request for the file. This part works great.

The problem is, however, that I'm using Header() to redirect the user to the actual location of the file, and this is becoming visible in the browser. What I really need is something that acts more like a form post (method = POST) where the user doesn't see a change in the URL from this. Maybe some Javascript?

Any ideas?

Vlad