View Full Version : how to hide the actual ASP file path that shown in Address bar?

07-25-2004, 09:30 AM

i show some web site can hide the current asp file in the Address bar.
the actual path should be www.AAA.com/ContactUs/display.asp
but at the address bar it show www.AAA.com ONLY...

how to do that???

07-25-2004, 10:46 AM
simplest solution : use a framepage. (but this has some downsides (bookmarking etc))

alternative: mod rewrite

07-26-2004, 03:59 AM

Can u tell me more about the alrternative way(mod rewrite) of doing that???

07-26-2004, 04:17 AM
Is there any compelling reason you want to hide the url?

07-26-2004, 11:01 AM

i am trying to send my demo set of system which written by ASP to my client, but i dun want to let them see the interlinkage.

07-26-2004, 12:52 PM
What's wrong with seeing the url? :D
If I were you I won't bother with that too much. :)

07-26-2004, 02:05 PM
They can basically just look at your source or statusbar to see where you post your forms to or where your links point to.

anyway, mod-rewrite is supposed to add additional security because the filesystem-structure and the used server side language is obfuscated. (kina week arguments, if you ask me)

If it's just for a demosystem, then just create aframepage with at the top, a frame (complete length but just a few lines heigd) where you put some image ('Demo'-environment) on a red background or so. The second frame (below the first one) then contains your actual site.

If you need more info on mod-rewrite for IIS, then google for it.Plenty oflinks will popup.

07-27-2004, 03:44 AM
I think he wants to encrypt the URL randomly per session so it cannot be downloaded again, EVER, unless someone logs in and requests the file.

Hotmail does this every time I request an email, it can't be TOO hard (but they have the best spam email filtering system I've EVER seen, so they must know something!)... :)

Now that I got laid off (yeah... :() I'm going to seriously start looking into stuff like this that I never had time for before! WOOHOO!

07-27-2004, 08:48 AM
I don't know if he means that, but this should not be done manupulating the url since there are better ways (like simply setting a sessionvariable and checking against that).
But achieving this is rather easy. You just encode your sessionID and append it to each url. (you could do this by storing all output in a variable and then using a regew or so. there's probably a way to have it added automatically as is done in PHP for users with cookies disabled. maybe check out the Cookie Munger)

07-27-2004, 11:36 AM
Dear all (Whammy),

actually i try to think about the way of what u mention b4(encrypt the URL) but i have no idea to do that, so i try to play around with others ways... like hide URL without using Frame, encrypt URL, Store into Session....

hmmm.... tired....

i wonder how those ppl selling PURE ASP application?? how they can prevent thier client misuse of the set of source???
what is the BEST(SAFETY) way(s) to "install" the ASP application in the client side without any misuse of source code???