1

since this is the first time someone made me click some referral link i got very curious. Here in the screenshot you will see a masked url which directly goes to some referral link in some other site. Masked Referral Link

The interesting part which got my attention and the reason i clicked the link is that link has a file extension as you will notice. I can think of PHP redirects, .htaccess redirects but couldn't exactly think a solution for filenames masking.

As usually we can parse the url in .htaccess and redirect .zip extensions to a php file to check whether the file is valid filename or a key value for redirect in database (This is a solution too) but i didn't notice any redirect on this link.

Is there any other possible ways for this?

Mustafa
  • 825
  • 3
  • 14
  • 37
  • Maybe [this](http://www.richnetapps.com/the-right-way-to-handle-file-downloads-in-php/) will help – Ron van der Heijden Feb 07 '13 at 20:27
  • 2
    just because a url LOOKS like it's pointing at a file doesn't mean there's actually a file in a path that looks like what's in the URL. no client-visible redirects are needed to handle path_info or internal mod_rewrite internal-only redirects. – Marc B Feb 07 '13 at 20:27

2 Answers2

4

You can redirect any request with .htaccess. For example:

RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php [QSA,L]

will redirect all requests to index.php, in which you can check if the user wants file.zip just by looking into $SERVER['REQUEST_URI']. Then serve him the file you want:

$zip = '/path/to/zip/file/outside/the/web/root.zip';

// set correct headers, so the browser identifies the response as a zip file
header('Content-type: application/zip;');
header('Content-Transfer-Encoding: binary');
header('Content-Length: ' . filesize($zip) . ';');
header('Content-Disposition: attachment; filename="whatever.zip";');

// output the file contents
readfile($zip);
nice ass
  • 16,471
  • 7
  • 50
  • 89
  • 1
    also for one specific one file `RewriteRule ^download.zip download.php [L,NC]` so if you open in browser link www.domain.com/download.zip it will execute all code from download.php file – DTukans Feb 07 '13 at 20:42
  • 1
    Yes, but today is more common to redirect any request to a router script, which decides what function to execute or template to display – nice ass Feb 07 '13 at 20:51
  • But filename changes in all pages so something like `RewriteRule ^download/(.+?)/(.+?).zip download.php?id=$2 [L,NC]` will execute the download php with 2nd param? – Mustafa Feb 07 '13 at 20:55
1

Using .htaccess it possible to rewrite ANY request. Link looks like zip-file but request is sent to some php script.

This php file parses requested URI, does what it should do(increments counter, sends money,..) and only after all this stuff gives you file.

Ruslan Polutsygan
  • 4,401
  • 2
  • 26
  • 37