Sunday, March 27, 2005

[itsdifferent] ISAPI Filter

---------- Forwarded message ----------
From: Subhash
Date: Fri, 25 Mar 2005 18:51:59 +0530
Subject: [itsdifferent] ISAPI Filter

Introduction to ISAPI filters

An Internet Server Application Program Interface (ISAPI) filter is a
set of Windows program calls that allow you to write a Web server
application that is faster than a CGI. An ISAPI filter hooks into the
IIS system and monitors certain events that occur while the client
tries to read a page from our server.

The filter application sits between the network connection to the
client and the HTTP server, allowing us to control the data exchange
between the IIS and the client. Using it, we can enhance the server
functionality and create custom features, such as advanced HTTP
logging or our own encryption. The ISAPI filters are based on
notifications that the IIS sends to our ISAPI filter. These
notifications are actually stages that each request has to pass.

Each notification handles a different type of data. The data is
relevant to each stage of the request process.

When the ISAPI filter gets a notification from the IIS, we then can
manipulate the notification's data. After we have manipulated the
data, we can choose whether we want the IIS to continue to process the


The notifications available from the IIS server are:

OnPreprocHeaders -- Notifies the filter that the server has
preprocessed the client headers.
OnAuthentication -- Authenticates the client.
OnUrlMap -- Notifies a filter when a server is mapping a logical URL
to a physical path.
OnSendRawData -- Notifies the filter before raw data is sent from the
server to the client.
OnReadRawData -- Notifies the filter after raw data is sent from the
client to the server, but before the server processes it.
OnLog -- Logs information to a server file.
OnEndOfNetSession -- Notifies the filter that the session is ending.

For our example, we'll monitor the OnUrlMap notification. Since we
want to capture every attempt to read JavaScript files, this is the
most suitable notification. When the client attempts to access a
JavaScript file (a file with the .js extension) the server will try to
map the logical path to the physical path, and that's when the server
will notify us. After the server notification, we'll check if the file
is a JavaScript file. If so, we must see that it's not our server
attempting to read the JavaScript file, but a client's. If it is a
client request, then we must block it and display an "access denied"

The Code

The work procedure is very simple and so is the following code:

1) DWORD CJSISAPIFilter::OnUrlMap(CHttpFilterContext*
2) {
3) const char * szURL = strlwr((char *)pMapInfo->pszURL);
4) const char * szExtension = &szURL[lenURL - 3];
5) char szReferer[250];
6) DWORD lenURL = strlen(pMapInfo->pszURL);
7) DWORD dwReferer = 250;
8) if ( strcmp(szExtension, ".js") == 0 ) {
9) pCtxt->GetServerVariable("HTTP_REFERER", szReferer, &dwReferer);
10) if ( szReferer[0] != 'h' ) {
11) char szRedirect[2];
12) char szContent[300];
13) DWORD dwRedirect = 2;
14) DWORD dwContent;
15) sprintf(szRedirect,"");
16) sprintf(szContent, "\r\n\r\n\r\nSecure <br />17) File\r\n\r\nThis file
contains privileged information.

JavaScript protection ISAPI filter.
Written by href="""">mr. kav

18) dwContent = strlen(szContent);
19) pCtxt->ServerSupportFunction
20) pCtxt->WriteClient (szContent, &dwContent);
22) }
23) }
25) }

The most important step in this code is the redirect procedure. This
step redirects the client to a nonexistent page and then shows him the
access denied message (lines 15 to 20).

Test the Code

How to test the code:

Compile the code using the Visual C++ ISAPI Filter wizard.
Install the ISAPI filter on your IIS.
Create a JavaScript file named "jsisapi.js."
Create an HTML file linked to that JavaScript file.
Execute the HTML file. The file should work properly.
Try to access the JavaScript file directly from your browser. You
should get an access denied message.
This code has been tested on IIS4/5 and compiled with Visual C++ 5/.NET.

Note: This Group is not a Job Searching Group, so please co-operate
and dont transfer any kind of job related material across this
Group.AnyOne doing so can be banned from the Group
Thanx , Group Co-Ordinators

Yahoo! Groups Sponsor

Yahoo! Groups Links

To visit your group on the web, go to:

To unsubscribe from this group, send an email to:

Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.



job opportunitya said...

I look for blogs as great as your work. Fine
blog. I found your site suitable for another visit!
If your look to uncover information, please visit my plastic surgery los angeles blog

job opportunitya said...

Captivating blog. I love surfing the web for the
type of blogs that you do. It had me on the edge of my
seat and I kept going back to again and again!
Please examine my penis plastic surgery blog as soon as you can.