Re: 404 handler mkicks in before ISAPI filter

From: Wade A. Hilmo [MS] (wadeh_at_microsoft.com)
Date: 03/11/04 

Date: Wed, 10 Mar 2004 17:07:23 -0800

Hi Yoram,

The value you are getting for the URL is coming straight from the client.
It is normal that the client does not send the host name as a part of the
URL. After all, the client only needs the host name to be able to connect
to the server (unless the client is configured to use a proxy, in which case
you would see the whole URL, including protocol and host name.) Your filter
will need to be able to deal with this. Note that you can probably get the
host name from the "Host:" header, although it's not guaranteed that
HTTP/1.0 clients will send you one (it's required that an HTTP/1.1 client
include a host header.)

I should point out here that it's not possible to "look" at a URL and
separate the path info from it. It sounds like you are making some
assumptions that won't be valid on a closer inspection. For example,
consider the following URL. I assume that this URL would represent the case
you mean when you say "to finish with an explicit filename before any
optional parameters":

   http://server/foo.bar/goo

The client will send you "/foo.bar/goo" as the header. What does that mean?

Does it mean that "foo.bar" is a file, and "goo" is path info?
Does it mean that "foo.bar" is a directory and "goo" is a file in that
directory?
Does it mean that "foo.bar/goo" is a directory, and you want the default
file in that directory?
Does it mean that "/foo.bar/goo" is path info to be given to the default
file in the root directory?

You can't tell without knowing a whole lot about both how the server is
configured (ie. how to map to a physical directory, whether there is a
script mapping, etc.), and how the physical directory structure is laid out.
Unfortunately, in PREPROC_HEADERS, none of this information is available to
you. This information would be available in SF_NOTIFY_AUTH_COMPLETE, but I
suspect that the file existence verification happens before AUTH_COMPLETE.

I realize that this doesn't necessarily help you with the final resolution,
but I want to be sure that you know the full challenge of what you are
trying to do. I do not believe it's possible to write a generic solution.
If you know your clients well enough, though, you may be able to make some
assumptions about what they are trying to do.

Thank you,
-Wade A. Hilmo,
-Microsoft

"Yoram Ayalon" <anonymous@discussions.microsoft.com> wrote in message
news:972F9D5A-7153-467C-8F1F-3597F57BC7F8@microsoft.com...
> Wade,
>
> You are right! I installed debugging code in my filter and verified I only
get the part of the URL after the host name.
> So, unless there is a way to get the host name part, and in my case its
not constant but could be one of many pointing to the same server, I can
make this work ONLY if I make sure all URLs to my server either contain only
hostname (plus optional params in format /param1/value1/....) OR, if they
contain folders, to finish with an explicit filename before any optional
parameters.
>
> in any case this is my call to SetHeader :
>
> pHeaderInfo->GetHeader(pCtxt->m_pFC,"url", url, (unsigned long *)&len);
> //allocate the right amount of memory
> url = (char *) pCtxt->AllocMem(len+2);
>
> // now get the url string
> if ( pHeaderInfo->GetHeader(pCtxt->m_pFC,"url", url, (unsigned long
*)&len) )
> ...
> ... code snipped...
> ...
> if (replace) {
> pHeaderInfo->SetHeader(pCtxt->m_pFC, "url", url);
> }
>
> thanks,
> yoram ayalon
>
> ----- Wade A. Hilmo [MS] wrote: -----
>
> Hi Yoram,
>
> Your filter is probably no doing what you describe below.
Specifically, the
> URL that's sent over the wire (and thus the one that reaches your
filter)
> would be "/param1/value1". The host part is generally not sent.
>
> What *exact* string is your filter setting in the SetHeader call?
>
> Thank you,
> -Wade A. Hilmo,
> -Microsoft
>
> "Yoram Ayalon" <anonymous@discussions.microsoft.com> wrote in message
> news:5254DC20-4542-40F0-9484-5B96C905475B@microsoft.com...
> > David,
> >> thanks for the post.
> >> I checked the filter, and verified that is works correctly,
attaching its
> code at the end of my replay. given a URL like
> www.mydomainname.com/param1/value1 it DOES change it to
> www.mydomainname.com?param1=value1 but when I run it in my web server
the
> 404 handler kicks it and it shows me the incoming query string is:
> > 404;http://www.mydomainname.com/param1/value1
> > so I have to assume it kicks BEFORE the filter has a chance to
work!
> >> BTW the filter weould have a problem with a URL that comtains
folders,
> like:
> > www.mydomainname.com//anyfolder/param1/value1
> > but I don;t need it to do folders.
> > thanks,
> > Yoram
> > ---------- critical code of ISAPI filter -----------------------
> > DWORD URLFilter::OnPreprocHeaders(CHttpFilterContext* pCtxt,
> > PHTTP_FILTER_PREPROC_HEADERS pHeaderInfo)
> > {
> > char *url;
> > int len = 0;
> > bool replace = false;
> > bool eq = true;
> > int last = 0;
> >> pHeaderInfo->GetHeader(pCtxt->m_pFC,"url", url, (unsigned long
*)&len);
> > url = (char *) pCtxt->AllocMem(len+2);
> >> if ( pHeaderInfo->GetHeader(pCtxt->m_pFC,"url", url, (unsigned
long
> *)&len) )
> > {
> > //loop backwards through the url
> > for (int i=len;i>0;--i)
> > {
> > if (url[i] == '/') {
> > last = i; //store this so we know where to put the ?
> > if (eq) {
> > eq = false;
> > url[i] = '=';
> > }
> > else {
> > eq = true;
> > url[i] = '&';
> > }
> > }
> > else if (url[i] == '.') {
> > //if no query params then no need to redirect
> > if (last != 0) {
> > url[i] = '.';
> > url[last] = '?';
> > replace = true;
> > }
> > break;
> > }
> > }
> >> if (replace) {
> > pHeaderInfo->SetHeader(pCtxt->m_pFC, "url", url);
> > }
> > }
> > // return the appropriate status code
> > return SF_STATUS_REQ_NEXT_NOTIFICATION;
> > }
> > ------
> >> ----- David Wang [Msft] wrote: -----
> >> Please do not multi-post.
> >> This looks to be a bug in the ISAPI Filter you are using and
has
> nothing to
> > do with IIS.
> >> If properly written, an ISAPI Filter WILL be able to do all
those URL
> > transformations before the 404 Handler is even invoked.
> >> You want it to do this:
> > www.mydomainname.com/param1/value1 -->
> www.mydomainname.com?param1=value1
> >> But it may be doing this (I have no idea how the ISAPI Filter
is
> choosing to
> > rewrite URLs):
> > www.mydomainname.com/param1/value1 -->
> www.mydomainname.com/param1?value1=
> >> Which would probably result in a legitimate 404 since /param1
does
> not
> > exist.
> >> --
> > //David
> > IIS
> > This posting is provided "AS IS" with no warranties, and
confers no
> rights.
> > //
> > "Yoram Ayalon" <yoram.ayalon@structuredweb.com> wrote in
message
> > news:1f08621e.0403061122.60857944@posting.google.com...
> > Tim,
> >> thanks for the info but I don't think this is relevant. I am
not
> > creating any virtual directories here, its simply a case of
the IIS
> > trying to resolve the URL to a physical file or folder BEFORE
the
> > ISAPI filter has a chance to convert the slashes to a valid
query
> > string.
> >>> "Tim Heuer" <tim@nospam.timheuer.com> wrote in message
> > news:<etvoowwAEHA.684@tk2msftngp13.phx.gbl>...
> >> http://support.microsoft.com/?kbid=275601
> >>> "Yoram Ayalon" <yoram.ayalon@structuredweb.com> wrote in message
> >> news:1f08621e.0403051420.57e4e7e9@posting.google.com...
> >>>I installed an ISAPI filter that translates "forward slashes" at
> the
> >>> end of a URL to a query string format, ex:
> >>> www.mydomainname.com/page1.asp/param1/value1
> >>> will be translated to:
> www.mydomainname.com/page1.asp?param1=value1
> >>>>> however, if the incoming URL is
> >>> www.mydomainname.com/param1/value1
> >>> then the 404 handler for the default web site kicks in BEFORE the
> >>> isapi filter has a chance to translate.
> >>> page1.asp is the default page for the default web site, if the
> >>> incoming URL is www.mydomainname.com?param1=value1 it works just
> fine.
> >>>>> How can I fix this?
> >>>>> IIS version 5.0 on win2K
> >>>>> NOTE: I need the 404 handler on the default web site, since I
> need to
> >>> catch obsolete folder names. I tried to return to the default
> handling
> >>> but still it kicks in before the ISAPI filter.
> >>>>

Relevant Pages

  • Re: Banana Republic (was Re: OpenVMS Book Wins award)
    ... page but didn't look deeeply enough to see that the client was having to ... (for the same host). ... cross-site scripting constraint exercised by the browser (to prevent XSS ... but what is outside any HTTP protocol is "when a server gets told something" ...
    (comp.os.vms)
  • Re: cs-host, host header and destination
    ... I can understand why someone would want to cloak their ... > The CS-Host field is sent by the client. ... If the server is configured with host headers only, ...
    (microsoft.public.inetserver.iis)
  • Re: how to configure host headers for 3 IIS machines ?
    ... The CS-Host field is sent by the client. ... If the server is configured with host headers only, ... Kristofer Gafvert - IIS MVP ...
    (microsoft.public.inetserver.iis)
  • Re: 404 handler mkicks in before ISAPI filter
    ... You do NOT have control of URLs that will be sent to your server. ... So I am applying the following rules for my ISAPI filter, and so far, after ... It is normal that the client does not send the host name as a part of ... the client only needs the host name to be able to ...
    (microsoft.public.inetserver.iis)
  • Re: Personal Firewalls
    ... overhead on the host PC and provides some physical isolation. ... Although the individual client connections can be relatively secure, ... I would not host the data on a web server unless absolutely ... inexpensive solution could be the installation of removable hard drives. ...
    (Security-Basics)