All geek questions in one place

How to hide the download source on a web page

I am looking for a way to hide the source of my download. I am surprised that this is not yet covered, but it also makes me wonder if this is possible.

( Edit: Hidden, I mean that it is difficult or impossible for the end user to find a direct link to the file. Thus, they will be forced to actually be on the page, clicking on it, for it should work.)

I found a script to force download files that are stored locally. The way I see it hides the true source (at least it is not the source of the source or download history).

http://w-shadow.com/blog/2007/08/12/how-to-force-file-download-with-php/

So this works, I turned it into a function that gets the linkID, and checks it with the DB for the actual source of the files. Hooray!

Only if your downloads are on a different server? Then you cannot use most of the functions used here (e.g. files readable, fopen, ...). I'm not good enough to decide if it is possible / possible to do this cross-server work.

I understand that maybe my web server will lose bandwidth even if the files are not stored there, which is not a big problem.

Any information on this subject would be greatly appreciated. I prefer PHP, but I can work with what you give me, I really have no idea about it.

+4
source share
5 answers

Sorry, not possible. You must tell the browser where the resource is located, so any user can simply decode the address or scan the HTTP request or the firewall logs or download the history in the browser.

If you are trying to hide the path on your server, then you need to rewrite the URL using mod_rewrite or aliases or another similar method.

UPDATE: Well, if using your own bandwidth is not a problem, all you have to do is output the binary contents of the files to the browser and set the appropriate HTTP headers (i.e. Content-Type and Content-Disposition). If the files MUST be stored remotely, then you will need a script to download and read them on the fly using CURL or similar until the contents are output.

+2
source

Do you want to hide the path to files stored on your server? If so, just save the files outside of your web root and open the files with a PHP script that will use the readfile () + header () of the corresponding headers depending on whether you use the file to open or force download. See http://php.net/readfile for a large number of examples of push-loading scripts.

+6
source

If you want to hide the script or directory from which the file comes from, this is the simple answer - you cannot.

BUT, you can make it available only on your terms, for example, using a script to render a file (like yours), but only if certain criteria are met. Alternatively, you can move the file to a temporary / secure directory and allow them direct access, but it also means waiting for the transition, providing (what is considered) a reasonable and fair time to download the file, and then deleting it / deleting when it did .

0
source

You can use cURL to use as pass-through content. This will hide the source of the evidence and allow you to protect it in any way. It will also take up a large bandwidth, which is about 2 times the size of all downloaded files.

Give this snapshot and let me know if it works?

if ($passesallyoursecurity) { set_time_limit(0); header("Pragma: public"); header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Cache-Control: private",false); header("Content-Type: application/download"); header("Content-Disposition: filename=filetheyget.ext"); $ch = curl_init("http://remotedomain.com/dir/file.ext"); curl_exec($ch); curl_close($ch); exit(); }
0
source

I would recommend that you use the die () message without any HTML. in the document.

Then insert the IP addresses you want the page to be downsized. I would split IP addresses that you don't like in array (). Then use the if construct to see if any of these IP addresses are hiding.

 $decline_ips = array('ip_1' => '127.0.0.1'); if ($_SERVER['REMOTE_ADDR'] == $decline_ips['ip_1']) { die("You aren't permitted direct access to this page.\n\n\n\n Sources are blank."); }

It works like a charm! And to ensure the security of XTRA-XTRA, I would recommend inserting an IP address that is not allowed (when they visit) into the database, so that every time you try again, both the source and the entire document are included.

But you can just use the script that I posted in another part of the document.

-1
source

Source: https://habr.com/ru/post/1339519/

More articles:


All Articles