it's a customer request, I offered all changes he can use to protect the parameter, or the url such as dynamic parameter tampering, url flow, login enforcement,
but he want to encode the url, till now i don't know the reason for security reasons at the info sec team, and it's a financial firm .
so i'm trying to encode the uri in the response and decode the request form the client, but i'm still in the beginning, so i'm asking if there's any irule to accelerate the progress, even if it did an issues, just to convince them :)