Prevent Exposing Actual URL

Question

I have a php file that needs to be called directly. It renders PDF content and outputs it via application/pdf headers so the user doesn't leave the page they called from.

This php file is located in the depths of my php libraries folder structure. I'm currently linking to the php file like so:

<a href="myserver.com/path/to/actual/phpFile/downloadPDF.pdf?arg1=blah&arg2">

I would rather my users not know details like directory names and php files. Security by obfuscation, right?

What's the best way to create a redirect that does what I'm looking for?

Answer 1

The easier solution is to find or create .htaccess file which you should then place in the htdocs directory.

Add these lines of code in it:

Options +FollowSymLinks
RewriteEngine on
RewriteRule ^(.*)yournewaddress$  /path/to/actual/phpFile/downloadPDF.pdf?arg1=blah&arg2

Then you can call your pdf file with

<a href="myserver.com/yournewaddress">

Answer 2

If using Apache, you could try this rewrite rule to produce a nice, human-readable URL

# in server-config
RewriteRule ^/download/pdf/(.+) /path/to/actual/phpFile/downloadPDF.php?args=$1 [L,QSA]

(if using .htaccess, omit the leading forward-slashes)

You could then use a URL like

<a href="/download/pdf/blah">

Anything after the pdf/ will be placed into the $_GET['args'] variable which you can use as you see fit. For multiple args, I'd recommend separating them with a slash, eg

/download/pdf/foo/bar

... and in downloadPDF.php

$args = isset($_GET['args']) ? explode('/', $_GET['args']) : array();

Answer 3

put

<?php
include "path/to/actual/phpFile.php";
?>

into downloadPDF.pdf in your webroot and link to that.