This page has been robot translated, sorry for typos if any. Original content here.

Masking External Links

  • Link Cloaking Script
  • Disguise sales links

  • Link Cloaking Script

    Link Cloaking Script

    This article is about one of the fairly common ways to disguise external links (in English - link cloaking).

    Link cloaking works as follows. Looking through the page, the visitor sees the usual internal link. But, after going through it - goes to another site.

    Today there are several ways to create such links. But we will consider one of the most successful (from my point of view), not requiring support from the browser.

    The idea is to use a redirect and is implemented in two stages:

    • 1) in the root of the site (the folder pointed to by DOCUMENT_ROOT) create a folder named pages.
    • 2) in this folder we place three files:
      • linkslist.php - it will be an array of external links;
      • redirect.php - analyzes the link on which the transition was made and sends the visitor to an external resource;
      • .htaccess - transfers all requests to the redirect.php script.

    Principle of operation

    On the pages of the site you place links of the form: http: // site_name / pages / get / second_part__address , where second_part__address - can be anything, for example, mypage.html or page1 , etc. It all depends on your imagination.

    Address conversion is as follows. When any link is followed by a link like http: // site_name / pages / get / ......... , the rules from .htaccess will be applied to it.

    Note. On the server, apache mod_rewrite must be installed and running.

    Using the rules in this file, we replace the get address with redirect.php . Those. will be: http: //site_name/pages/redirect.php/second_part_address

    The redirect.php script on the second part of the address selects an external link and sends it to the redirect browser.

    The described order of address translation is shown in the diagram.

    address translation order

    Script itself

    $linksList = array(
    'page1.html' => '',
    'page2.html' => ''

    An ordinary array is declared here. The key of the item is the second part of the address of the internal link, and the value is the address of the external resource .

    $request = $_SERVER['REQUEST_URI'];
    $dest = explode('/', $request);
    $newUrlKey = end($dest);
    if (array_key_exists($newUrlKey, $linksList)) {
    else {

    Here we include a file with an array of links (line 2). After that, we select the second part from the address (lines 5, 6) and form a header with a redirect (lines 8-13).

    <IfModule mod_rewrite.c>
    Options +FollowSymlinks
    RewriteEngine On
    RewriteRule ^get/(.+) /pages/redirect.php/$1 [L]

    In this file, we created a rule that changes get to redirect.php in the address.


    Today, there are several ready-made solutions that perform the same functions (for example, WordPress plugins like Hidden Affiliate Links ).

    Most importantly, before using the method described in this article, you should clearly understand what the link masking will give you.

    After all, by and large, masking links is very similar to deception of a visitor and a search engine. Or do you have a different opinion? Therefore, I propose to first optimize the site from a large number of external links.

    How to protect your website from detecting sales links like in it?

    It is not only about countering this detector of sales links, but also to any other. Working as a separate resource, or a search engine built into the algorithm :) Never mind.

    Let’s not, for example, allow defining sales links on sites built on the popular LastoBlog engine, but also on the LastoSplog splogovym engine too.

    The script itself:

    As it is known, the standard code of Sapa clings to the settings in the following way:

    global $mysape;
    define ('_SAPE_USER',"usersiteidentificator");
    require_once ("./data/sape/sape.php");
    $sape=new SAPE_client();

    It is assumed that the sap folder is tucked inside the file structure of the engine, and does not lie defenselessly in its root. From here and this way to the file with the client code, pay attention to this aspect.

    As well as the fact that the folder is renamed to sape

    Now let's add a couple of operators- highlighted in red:

    global $mysape;
    define ('_SAPE_USER',"usersiteidentificator");
    require_once ("./data/sape/sape.php");
    require_once ("./data/sape/sape_venality_name.php");
    $sape=new SAPE_client( $sape_venality_name );

    And, of course, in the daddy of the sapa we will also place such code

    File name, as you understand, sape_venality_name.php )



    # Документы, работающие с глобалом GET:

    # Разрешённые переменные в УРле иных документов:

    if (isset($tm[1]) and $tm[0]==str_replace($allowed_pages,"",$tm[0])) {
    for ($i=0; $i < $k; $i++) {
    if ($am[2][$i]=="" or !in_array($am[1][$i],$allowed_var))continue;
    $_SERVER['REQUEST_URI']=($tm[1]=="") ? $tm[0]: implode("?",$tm);


    After using this code (calling it before launching the Sapa class), our blog or splog stops responding to the testing of the resource with all sorts of Detectors of Sales Links for the presence of these.

    Also, if client codes of other exchanges for selling links, triggered after the sap client code, are picked up to the resource, then all references made through such exchanges also cease to be detected by the detector (in most cases, not absolutely, of course).

    Tuning code Sapy :)

    When externally controlling the operation of the Sapa client code, it is sometimes necessary to adjust the encoding, or some other points. Standardly, in this case, you should create an array with any name, create the necessary keys in the array, assign them the necessary values, and then give the array to the class. But, as is clear from the printout of the code with red lines, we are already feeding an array to a class. And where to thrust the coding?

    Let us examine for example the situation when your site is on UTF .

    In this case, in the interval between the launch of the rescue code and the delivery of the results of its work to the class, you need to insert the necessary key into the newly-born arrayschik, in full compliance with the recommendations:

    global $mysape; define ('_SAPE_USER',"usersiteidentificator"); require_once ("./data/sape/sape.php"); require_once ("./data/sape/sape_venality_name.php"); $sape_venality_name['charset']='UTF-8'; $sape=new SAPE_client( $sape_venality_name ); $mysape=$sape->return_links();

    Looking for other keys? Wedge by analogy.

    When sales links are not from Sapa:

    Hardly to vouch for all sales link brokers, because the client code they have is very different, but theoretically this construction (with no sap on the site) should help:

    require_once ("./data/sape/sape_venality_name.php");

    Naturally, in this document we consider only camouflaging sales links on the engines indicated at the beginning of the document, as well as very similar to them. Otherwise, your reading of this document should be supported by php knowledge.