while i do not know of a method to do so, there is another way to "hide" and completely remove the URL of your files. you put your files above your website directory.
what i have done is to use the function fopen() and fread() to open the file via php and offer it as a download on the webpage. in this way, you can have way more control over who gets to download it since you can perform various checks before opening the file for download. and since it does not have a URL, noone can see where it is being held except you. if you're interested, i'll be happy to show you some code for this method.

Sure it works
but out of curiosity
have you benchmarked your way against usual url

Hi d40sithui and henry0,

@d40sithui: I would definitely be interested in seeing some code for that method, thank you. I assume you mean above htdocs when you say above my website directory right? I've always been interested by this, as a few people have talked about placing things like the .htaccess doc there, but I've wondered how you reference it in source code.

@henry0: could you explain a bit more what you mean by benchmarking my way against a usual url please?

What I need really, is just a simple way to avert the average user from downloading my media files. I presume I should be 'protecting' the directory the files are in with an index file as well right?

Thanks

Figuring how long it takes for php to do its job by using your "way" versus using a regular url link

we have here a few good ref on benchmark "how to"

well i dont know about benchmarking, but to me, to have a controlled access over a given file is substantially more important. i would be surprised if retrieving the file by php is faster than just going to the URL and downloading the file directly.
heres some code snippet of what i currently use.

//if user has valid access to the file
if (validUser()) {
  
//some db queries here
  
$downloadBaseDir = "/var/www/myDownloads/"; //directory where the file is located
$file_path ='';
$file_path = find_file($downloadBaseDir, $fname, $file_path);
if(!is_file($file_path)){
header('HTTP/1.0 404 Not Found');
}
$fsize=filesize($file_path);
//set m-type
$mtype = '';
 // mime type is not set, get from server settings
 if (function_exists('mime_content_type')) {
 $mtype = mime_content_type($file_path);
 }
 else if (function_exists('finfo_file')) {
 $finfo = finfo_open(FILEINFO_MIME); // return mime type
 $mtype = finfo_file($finfo, $file_path);
 finfo_close($finfo); 
 }
 if ($mtype == '') {
 $mtype = "application/force-download";
 }
$fname = preg_replace("/\//", "", $fname);
// set headers
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: public");
header("Content-Description: File Transfer");
header("Content-Type: $mtype");
header("Content-Disposition: attachment; filename=\"$fname\"");
header("Content-Transfer-Encoding: binary");
header("Content-Length: " . $fsize);
// download
// @readfile($file_path);
$file = @fopen($file_path,"rb");
if ($file) {
 while(!feof($file)) {
  print(fread($file, 1024*8));
  flush();
 if (connection_status()!=0) {
  @fclose($file);
  die();
 }
 }
 @fclose($file);
}
 } 
//invalid access
else {
header('HTTP/1.0 404 Not Found');
 }

a few notes. starting off, i check if the user has access to the file. if not, it will load a HTTP 404 error page using header. if the user is valid, we do some sql queries, which are not shown here to find the file's information such as its path ($file_path) and file name($fname). after that is just some basic check to see if the file exists. i use a function find_file to do so which basically uses several core php functions such as file_exists() and is_dir(). kinda redundant, since the next line checks if the file is a file lol. next find the size and the type of file by using fsize() and mime_content_type() with the $file_path as the parameter.
after that, you can set the headers and open the file. as an example my website directly is "/var/www/html" while the files are located in "/var/www/myDownloads". you can have subdirectories in the download file. just when you add a file to the db you'd probably need to name the file_path with the folder name - "myFolder/myFile.zip" as appose to just "myFile.zip." anyways hopes this helps.