Rewrite/Redirect Rule query (Ionic Isapi)

Topics: Developer Forum
Mar 19, 2010 at 4:34 PM
Hi Im creating a website which allows people to manage various information online. All the files are located within a folder called "userAdmin". Within the "userAdmin" folder, there are various pages which pass information by querystring to and from each other, ie. index.cfm, update.cfm, view.cfm etc What Im after is a rewrite / redirect rule which eliminates the possibility of the user ever seeing the querystring in the their browser window - purely to prevent the user manipulating the query string Id like for the address bar to show: no matter where they are within the admin area. At the moment, the address bar is showing or Theres only ever 1, 2 or 3 actual values in each query string. All files and directories outside of the "userAdmin" folder would be unnafected by the rewrite/redirect rule. I would be every so grateful if someone could show me how to create a rewrite rule to accomplish the above. Thanks
Mar 19, 2010 at 7:22 PM
Edited Mar 19, 2010 at 7:25 PM

If I understand correctly, You can't do what you're after.

If you want to obscure the information that is now passed in the URL or query string, then you will need to convert your applications.  Either use an HTTP POST mechanism for interaction, or rely on session state for intercommunication, or... something else. 

IIRF can transform one URL to another, but it cannot magically "hide" information, and allow the information to be recovered at some later point.    The same is true with any rewriter.

It can transform from a query string element to a URL path element or back.  It can convert case and do substitutions.  But if you rewrite/redirect so as to remove "id=100&action=update" from the URL, then you have effectively removed information from the URL.  There's no way to get it back later.

good luck.


Mar 19, 2010 at 7:55 PM
Hi Thanks for your reply. I kind of figured out after I created the post what you have said with regards to losing the URL query string altogether. I will see if I can work around the issue by creating sessions to hold the query rather than passing the information in a URL query string. Thanks again