I want to protect download link. it's in another site and downloader must provide a user/password to download it. (It is in URL like h**p://usrass@server.com/file.exe or in a cookie - Basic access authentication). I have user/password but I don't want that my users see them in URL or request headers. I see a solution already. one is reading file by a php script (curl) and saving it on my server or sending it to user immediately. this is not good because hosting space (and laws) and cpu/memory usage of server. Is any other solution for this problem?