I don't think re-writing within the same domain would ever be considered a security issue.I wonder if IE8 has a security feature that blocks this form of rewrite? At work our Windows boxes are set to block the type of url rewrite I use on my project web site ... openslate.org -> www.aloha.com/~knowtree/openslate. Most browsers handle the redirect but at work I have to use the second form. My rewrote happens at GoDaddy, the third party aspect could be a factor.