如何编程实现ISAPI筛选器 (呆呆abingle.com)
如何编程实现ISAPI筛选器 (呆呆abingle.com原创文章,欢迎保留作者信息转载)
本文将详细地讲解如何制作isapi筛选器,以iis6.0为实验平台,结合实例代码,讲讲isapi(isapiFilter)筛选器制作。水平有限,有些地方谨凭主观臆测。
isapi传统意义应该是isapiExtention,是与cgi(但比cgi效率高)相并列的一组概念,与filter是两种完全不同的概念。这是微软一种不负责任的定义,Internet Server Application Programming Interface,不做深究。
isapifilter是iis的一种回调机制。
做一个dll,只要实现两个导出函数就可以被iis加载。
Function GetFilterVersion(Var Ver: THTTP_FILTER_VERSION): BOOL; Stdcall;
ver是一个纪录,传递描述和一些参数(80-ssl类型,优先级,以及需要得到的通知类型)
Function HttpFilterProc(Var pfc: THTTP_FILTER_CONTEXT;NotificationType: DWORD; pvNotification: pointer): DWORD; Stdcall;
pfc是一个当前过滤器的环境纪录,notificationtype,就是上面所说的通知类型,pvnotification一个数据指针,依据不同的通知类型而有不同的定义。
上面两个导出函数实现了就可以正常工作。
Function TerminateFilter (dwFlags : DWORD): BOOL stdcall;
这个也可以导出,用于iis释放filter时做一些清理收场工作,可有可无。
下面为代码:
Function GetFilterVersion(Var Ver: THTTP_FILTER_VERSION): BOOL; Stdcall;
Begin
Ver.lpszFilterDesc := ‘dyydyysoft For iis5-6′;
Ver.dwFilterVersion := MakeLong(HSE_VERSION_MINOR, HSE_VERSION_MAJOR);
Ver.dwFlags := SF_NOTIFY_NONSECURE_PORT //非ssl
Or SF_NOTIFY_SECURE_PORT //ssl
Or SF_NOTIFY_ORDER_DEFAULT //缺省优先级,按照msdn上说 ,default应该是中优先级,但isapi4中为low,可以手工修正。当然也无所谓,优先级只是排定几个isapifilter加载时的顺序,谁也不会往筛选器上加几个,影响iis效率的。
Or SF_NOTIFY_URL_MAP ;//拦截的通知类型,这里指定了,才会在后面的httpfilterproc回调中得到宿主iis的通知。
Result := True;
End;
delphi中怎么导出函数呢?export or exports 有什么区别? 其实我也不明白。查看帮助,其实export是16位编程用的导出函数的方法,而32位编程用exports导出。
所以function a();bool;stdcall;export;不能导出函数,只是为了向前兼容,要用exports导出。如下:
exports funca,funcb;
好了,下面是一个完整的代码,编译后只有15.5K,只是简单注册了下通知,而没有实际功能。
_____________________________________________________________________
library IISfilter;
uses ISAPI4,Windows;
Function GetFilterVersion(Var Ver: THTTP_FILTER_VERSION): BOOL; Stdcall;
Begin
Ver.lpszFilterDesc := ‘dyydyysoft For iis5-6 abingle.com’;
Ver.dwFilterVersion := MakeLong(HSE_VERSION_MINOR, HSE_VERSION_MAJOR);
Ver.dwFlags := SF_NOTIFY_NONSECURE_PORT //非ssl
Or SF_NOTIFY_SECURE_PORT //ssl
Or SF_NOTIFY_ORDER_DEFAULT //缺省优先级,按照msdn上说 ,default应该是中优先级,但isapi4中为low,可以手工修正。当然也无所谓,优先级只是排定几个isapifilter加载时的顺序,谁也不会往筛选器上加几个,影响iis效率的。
Or SF_NOTIFY_URL_MAP ;//拦截的通知类型,这里指定了,才会在后面的httpfilterproc回调中得到宿主iis的通知。
Result := True;
End;
Function HttpFilterProc(Var pfc: THTTP_FILTER_CONTEXT;NotificationType: DWORD; pvNotification: pointer): DWORD; Stdcall;
begin
Result := SF_STATUS_REQ_NEXT_NOTIFICATION;//继续处理。
end;
Exports
GetFilterVersion,
HttpFilterProc;
begin
end.
_______________________________________________________________________________________
好的,在iis中配置上述dll,注意此filter如果在ntfs目录下,请给他iis_wpg运行权限
OK,it works well.
呆呆在05年对isapi的编写比较熟悉,现在已经忘得差不多了。之所以成此文,为了以后想弄个时,不必再去查资料。梳理下。水平有限,错误难免,看客海涵。
接着来看下filter的工作过程。
一、多筛选器加载顺序: 1 全局过滤器优先 2优先权高低 3权限相同,按在iis中配置中的列表顺序。其实这也是Function GetFilterVersion在iis中被调用的顺序.
二、筛选器事件的发生顺序:也就是Function HttpFilterProc中notificationType中事件发生的顺序。[http://msdn.microsoft.com/en-us/library/ms524855%28VS.90%29.aspx]
1) SF_NOTIFY_READ_RAW_DATA : 从客户端http读入数据时,事件发生。这时pvnotification是一个HTTP_FILTER_RAW_DATA 结构。注意:ms中有说明(哪篇文章可以自己查),iis6以混合模式运行时,网站筛选器不会触发这个事件,全局筛选器可以触发。 以隔离模式(iis5兼容模式)运行,两种筛选器都可以触发。
可能回发生多次。
HTTP_FILTER_RAW_DATA {
PVOID pvInData;
DWORD cbInData;
DWORD cbInBuffer;
DWORD dwReserved;
}
2) SF_NOTIFY_PREPROC_HEADERS : IIS 预 处 理HTTP 请 求 包 头 后 发 生。客户端发送来的请求还没被服务器执行,估计可以理解为被格式化了下,预处理嘛。 pvnotification指向一个HTTP_FILTER_PREPROC_HEADERS 结构。
HTTP_FILTER_PREPROC_HEADERS {
BOOL (WINAPI * GetHeader) ();
BOOL (WINAPI * SetHeader) ();
BOOL (WINAPI * AddHeader) ();
DWORD HttpStatus;
DWORD dwReserved;
} 每个请求只会发生一次。这里可以实现防盗链技术,我想拦截得越早,效率也许就越高。
3) SF_NOTIFY_URL_MAP IIS : 试 图 将URL 解 释 为 物 理 文 件 时。 过 滤 器 可 以 将 请 求 重 定 向 到 其 他 的 文 件。防盗链技术也可以在此检测refer,cookie,而中断实际文件指向。
在这里,还可以做脚本文件加密技术,把已经加密的asp文件,读出来,解密到temp目录(如以script_name的md5值为文件名),修改数据,让他指向这个新文件。pvnotification指向一个
HTTP_FILTER_URL_MAP {
const CHAR * pszURL;
CHAR * pszPhysicalPath;
DWORD cbPathBuff;
}结构。 这个事件可能会触发多次。
4)SF_NOTIFY_AUTHENTICATION :IIS 试 图 验 证 用 户 身 份 时 发 生。每次连接时触发这个事件,不会在每个请求中触发,但明确发送auth_user除外。
数据指针pvnotification指向 HTTP_FILTER_AUTHENT {
CHAR * pszUser;
DWORD cbUserBuff;//pszuser长度
CHAR * pszPassword;
DWORD cbPasswordBuff;//pszpassword长度
} 我想可不可以把pszuser设为administrator,来提权呢?比如管理服务器。或许这是个好的想法。
或者实现一个自定义验证过程。假想过程:
5) SF_NOTIFY_AUTH_COMPLETE 验证完成时发生。
pvnotification 指向THTTP_FILTER_AUTH_COMPLETE_INFO {
BOOL (WINAPI * GetHeader) ();
BOOL (WINAPI * SetHeader) ();
BOOL (WINAPI * AddHeader) ();
BOOL (WINAPI * GetUserToken) ();
DWORD HttpStatus;
BOOL fResetAuth;
DWORD dwReserved;
}结构,和第二步中HTTP_FILTER_PREPROC_HEADERS十分相似,但我查来查去,似乎没有可以改变的数据,暂不研究他。
6*) SF_NOTIFY_ACCESS_DENIED 访问拒绝时发生。
msdn中没有说明这个事件的顺序。(见http://msdn.microsoft.com/en-us/library/ms524855%28VS.90%29.aspx)
pvnotification 指向 HTTP_FILTER_ACCESS_DENIED {
const CHAR * pszURL;
const CHAR * pszPhysicalPath;
DWORD dwReason;
}
pszURL
Points to a null-terminated string that specifies the URL that requested access to the resource.
pszPhysicalPath
The physical path of the resource that was requested.
dwReason
A DWORD date type containing flags that indicate the reasons for the denial. Can have one of the following values. Value Meaning
SF_DENIED_LOGON The client could not be logged on.
SF_DENIED_RESOURCE The resource was denied by a Windows discretionary access control list (DACL).
SF_DENIED_FILTER A Web (ISAPI) filter denied the request.
SF_DENIED_APPLICATION An ISAPI extension or CGI application denied the request.
SF_DENIED_BY_CONFIG The server configuration denied the request. For example, disabling anonymous requests on the server would generate this filter notification when a user without credentials tried to make a request to the server.
Remarks
This structure indicates that access to the requested resource has been denied by the server. The structure is generated when there has been a logon failure, or when a user requests a resource that has an associated DACL that does not include the logged-on user.
The server will automatically include the supported authentication schemes when an ISAPI extension, filter, or CGI script returns a 401 Access Denied error code.
摘抄原版注释于上。
7) SF_NOTIFY_READ_RAW_DATA 这个事件可能会再次触发,例如 当客户端上传文件、图片等。
SF_NOTIFY_SEND_RESPONSE 服务器发送头给浏览器客户端。
pvnotification 指向一个HTTP_FILTER_SEND_RESPONSE {
BOOL (WINAPI * GetHeader) ();
BOOL (WINAPI * SetHeader) ();
BOOL (WINAPI * AddHeader) ();
DWORD HttpStatus;
DWORD dwReserved;
}
9) SF_NOTIFY_SEND_RAW_DATA 数据组织完毕,发送数据到浏览器之前。
pvnotification 指向 HTTP_FILTER_RAW_DATA {
PVOID pvInData;
DWORD cbInData;
DWORD cbInBuffer;
DWORD dwReserved;
} 结构。这时可以对pvindata进行修改==操作。
10) SF_NOTIFY_END_OF_REQUEST ,每次请求后的触发事件。
Sent when the end of a request is detected. Provided without a notification-specific structure, the pointer to which contains a NULL value.
pvnotification指向一个nil,无值。仅通知。这里你可以做一些清理工作,例如把一个request中分配的指针、内存清理回收。
11) SF_NOTIFY_LOG
写IIS日志之前触发。pvnotification指向HTTP_FILTER_LOG {
const CHAR * pszClientHostName;
const CHAR * pszClientUserName;
const CHAR * pszServerName;
const CHAR * pszOperation;
const CHAR * pszTarget;
const CHAR * pszParameters;
DWORD dwHttpStatus;
DWORD dwWin32Status;
DWORD dwBytesSent;
DWORD dwBytesRecvd;
DWORD msTimeForProcessing;
}结构。可以修改使记入日志的内容更清晰,或者干脆实现自己的日志。
12) SF_NOTIFY_END_OF_NET_SESSION 在keep-alive连接中,tcp连接不被重置,这样一个session会包括多个request. pvnotification指向nil。主要用来做资源回收,清理工作。
微软推荐关注 SF_NOTIFY_END_OF_NET_SESSION事件,以便在每次网络会话结束时就释放资源,这样可以减轻服务器的负荷。
以上就是事件触发的过程。在事件触发的回调函数中,有一个参数,Var pfc: THTTP_FILTER_CONTEXT; pfc是过滤器的上下文,可以认为是一个session变量,他贯穿于每次请求的始终。
下面,将探讨这个结构的用法。
HTTP_FILTER_CONTEXT
{
DWORD cbSize; //IN 本结构的大小,不关心
DWORD Revision; //IN getversion 传入的HTTP_FILTER_REVISION,不关心
PVOID ServerContext; //IN 保留
DWORD ulReserved; //IN 保留
BOOL fIsSecurePort; //IN 是否是安全端口
PVOID pFilterContext; //IN/OUT ,这个留着给我们用的,我们可以用来识别在多事件触发时是哪个上下文。挺有用的。
//如pfilterContext:=pointer(0)[就是nil] 或pointer(1),然后case integer(pfilterContext) 来区分。
//或者pfilterContext:=strNew(‘handledSession’);然后对比pfilterContext的值来做一个逻辑判断。当然最后(在SF_NOTIFY_END_OF_REQUEST或SF_NOTIFY_END_OF_NET_SESSION事件到来时)记得回收这个指针。
BOOL (WINAPI * GetServerVariable) (
struct _HTTP_FILTER_CONTEXT * pfc,
LPSTR lpszVariableName,
LPVOID lpvBuffer,
LPDWORD lpdwSize
);
//getserverVariable 可以为我们提供很多用来判断的条件,如cookie,refer==。
//其中lpszVariableName可以是如下的值:
___________________________________________
ALL_HTTP
All HTTP headers sent by the client.
ALL_RAW
Retrieves all headers in raw form. The difference between ALL_RAW and ALL_HTTP is that ALL_HTTP places an HTTP_ prefix before the header name and the header name is always capitalized. In ALL_RAW the header name and values appear as they are sent by the client.
APP_POOL_ID
IIS 5.1 and earlier: This server variable is not available.
Returns the name of the application pool that is running in the IIS worker process that is handling the request.
There is also an APP_POOL_ID environment variable that is available to applications that are running in the IIS worker process.
APPL_MD_PATH
Retrieves the metabase path of the application.
APPL_PHYSICAL_PATH
Retrieves the physical path corresponding to the metabase path in APPL_MD_PATH.
AUTH_PASSWORD
The value entered in the client’s authentication dialog. This variable is available only if Basic authentication is used.
AUTH_TYPE
The authentication method that the server uses to validate users when they attempt to access a protected script.
It does not mean that the user was authenticated if AUTH_TYPE contains a value and the authentication scheme is not Basic or integrated Windows authentication. The server allows authentication schemes it does not natively support because an ISAPI filter may be able to handle that particular scheme.
AUTH_USER
The name of the user as it is derived from the authorization header sent by the client, before the user name is mapped to a Windows account. This variable is no different from REMOTE_USER. If you have an authentication filter installed on your Web server that maps incoming users to accounts, use LOGON_USER to view the mapped user name.
CACHE_URL
IIS 5.1 and earlier: This server variable is not available.
For use in ISAPI applications only. Returns the unambiguous name for the current URL. It is necessary to use the Unicode version of this variable in conjunction with the kernel mode cache invalidation function to evict entries placed in the cache by HSE_REQ_VECTOR_SEND.
Note:
The server variable “UNICODE_CACHE_URL” is used in conjunction with the cache invalidation function retrieved by the HSE_REQ_GET_CACHE_INVALIDATION_CALLBACK function. This function invalidates responses cached in HTTP.SYS, whether those responses are produced by requests or by ISAPIs calling HSE_REQ_VECTOR_SEND.
CERT_COOKIE
Unique ID for the client certificate, returned as a string. This can be used as a signature for the whole client certificate.
CERT_FLAGS
bit0 is set to 1 if the client certificate is present.
bit1 is set to 1 if the certification authority of the client certificate is invalid (that is, it is not in the list of recognized certification authorities on the server).
If bit 1 of CERT_FLAGS is set to 1, indicating that the certificate is invalid, IIS version 4.0 and later will reject the certificate. Earlier versions of IIS will not reject the certificate.
CERT_ISSUER
Issuer field of the client certificate (O=MS, OU=IAS, CN=user name, C=USA).
CERT_KEYSIZE
Number of bits in the Secure Sockets Layer (SSL) connection key size. For example, 128.
CERT_SECRETKEYSIZE
Number of bits in server certificate private key. For example, 1024.
CERT_SERIALNUMBER
Serial number field of the client certificate.
CERT_SERVER_ISSUER
Issuer field of the server certificate.
CERT_SERVER_SUBJECT
Subject field of the server certificate.
CERT_SUBJECT
Subject field of the client certificate.
CONTENT_LENGTH
The length of the content as given by the client.
CONTENT_TYPE
The data type of the content. Used with queries that have attached information, such as the HTTP queries GET, POST, and PUT.
GATEWAY_INTERFACE
The revision of the CGI specification used by the server. The format is CGI/revision.
HEADER_
IIS 5.1 and earlier: This server variable is not available.
The value stored in the header . Any header other than those listed in this table must be preceded by “HEADER_” in order for the ServerVariables collection to retrieve its value. This is useful for retrieving custom headers.
Note:
Unlike HTTP_, all characters in HEADER_ are interpreted as-is. For example, if you specify HEADER_MY_HEADER, the server searches for a request header named MY_HEADER.
HTTP_
The value stored in the header . Any header other than those listed in this table must be preceded by “HTTP_” in order for the ServerVariables collection to retrieve its value. This is useful for retrieving custom headers.
Note:
The server interprets any underscore (_) characters in as dashes in the actual header. For example, if you specify HTTP_MY_HEADER, the server searches for a request header named MY-HEADER.
HTTP_ACCEPT
Returns the value of the Accept header that contains a list of accepted formats, for example, “image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel”.
The values of the fields for the HTTP_ACCEPT variable are concatenated, and separated by a comma (,).
HTTP_ACCEPT_ENCODING
Returns a list of accepted encoding types, for example, “gzip, deflate”.
HTTP_ACCEPT_LANGUAGE
Returns a string describing the language to use for displaying content.
HTTP_CONNECTION
Returns a string describing the connection type, for example, “Keep-Alive”.
HTTP_COOKIE
Returns the cookie string that was included with the request.
HTTP_HOST
Returns the name of the Web server. This may or may not be the same as SERVER_NAME depending on type of name resolution you are using on your Web server (IP address, host header).
HTTP_METHOD
The method used to make the request (same as REQUEST_METHOD).
HTTP_REFERER
Returns a string that contains the URL of the page that referred the request to the current page using an HTML tag. Note that the URL is the one that the user typed into the browser address bar, which may not include the name of a default document.
If the page is redirected, HTTP_REFERER is empty.
HTTP_REFERER is not a mandatory member of the HTTP specification.
HTTP_URL
Returns the raw, encoded URL, for example, “/vdir/default.asp?querystring”.
HTTP_USER_AGENT
Returns a string describing the browser that sent the request.
HTTP_VERSION
The name and version of the request protocol (the raw form of SERVER_PROTOCOL).
HTTPS
Returns ON if the request came in through a secure channel (for example, SSL); or it returns OFF, if the request is for an insecure channel.
HTTPS_KEYSIZE
Number of bits in the SSL connection key size. For example, 128.
HTTPS_SECRETKEYSIZE
Number of bits in the server certificate private key. For example, 1024.
HTTPS_SERVER_ISSUER
Issuer field of the server certificate.
HTTPS_SERVER_SUBJECT
Subject field of the server certificate.
INSTANCE_ID
The ID for the IIS instance in textual format. If the instance ID is 1, it appears as a string. You can use this variable to retrieve the ID of the Web server instance (in the metabase) to which the request belongs.
INSTANCE_META_PATH
The metabase path for the instance of IIS that responds to the request.
LOCAL_ADDR
Returns the server address on which the request came in. This is important on computers where there can be multiple IP addresses bound to the computer, and you want to find out which address the request used.
LOGON_USER
The Windows account that the user is impersonating while connected to your Web server. Use REMOTE_USER, UNMAPPED_REMOTE_USER, or AUTH_USER to view the raw user name that is contained in the request header. The only time LOGON_USER holds a different value than these other variables is if you have an authentication filter installed.
PATH_INFO
Path information, as given by the client, for example, “/vdir/myisapi.dll/zip”. If this information comes from a URL, it is decoded by the server before it is passed to the CGI script or ISAPI filter.
If the AllowPathInfoForScriptMappings metabase property is set to true (to support exclusive CGI functionality), PATH_INFO will only contain “/zip” and ISAPI applications such as ASP will break.
PATH_TRANSLATED
The physical path that maps to the virtual path in PATH_INFO, for example, “c:\inetpub\wwwroot\vdir\myisapi.dll”. This variable is used by IIS during the processing of ISAPI applications.
If the AllowPathInfoForScriptMappings metabase property is set to true (to support exclusive CGI functionality), PATH_INFO will only contain “/zip” and ISAPI applications such as ASP will break.
QUERY_STRING
Query information stored in the string following the question mark (?) in the HTTP request.
REMOTE_ADDR
The IP address of the remote host that is making the request.
REMOTE_HOST
The name of the host that is making the request. If the server does not have this information, it will set REMOTE_ADDR and leave this empty.
REMOTE_PORT
The client port number of the TCP connection.
REMOTE_USER
The name of the user as it is derived from the authorization header sent by the client, before the user name is mapped to a Windows account. If you have an authentication filter installed on your Web server that maps incoming users to accounts, use LOGON_USER to view the mapped user name.
REQUEST_METHOD
The method used to make the request. For HTTP, this can be GET, HEAD, POST, and so on.
SCRIPT_NAME
A virtual path to the script being executed, for example, “/vdir/default.asp”. This is used for self-referencing URLs.
SCRIPT_TRANSLATED
IIS 5.1 and earlier: This server variable is not available.
The canonical physical path to the script listed in SCRIPT_NAME, for example, “\\?\c:\inetpub\wwwroot\vdir\default.asp”.
SERVER_NAME
The server’s host name, DNS alias, or IP address as it would appear in self-referencing URLs.
SERVER_PORT
The server port number to which the request was sent.
SERVER_PORT_SECURE
A string that contains either 0 or 1. If the request is being handled on the secure port, then this is 1. Otherwise, it is 0.
SERVER_PROTOCOL
The name and revision of the request information protocol. The format is protocol/revision. (The canonicalized form of HTTP_VERSION.)
SERVER_SOFTWARE
The name and version of the server software that answers the request and runs the gateway. The format is name/version.
SSI_EXEC_DISABLED
IIS 5.1 and earlier: This server variable is not available.
Returns a 1 if the server-side include directive, #exec, is disabled. Otherwise, SSI_EXE_DISABLED returns a 0. To enable or disable #exec, use the SSIExecDisablemetabase property.
UNENCODED_URL
IIS 4.0 and earlier: This server variable is not available.
Returns the raw, unencoded URL, for example, “/vdir/default.asp?querystring”.
UNICODE_
IIS 5.1 and earlier: This server variable is not available.
In unicode ISAPI applications only, it is possible to retrieve server variable values as unicode values by prepending “UNICODE_” to the name of the server variable, unless the variable starts with “HTTP_” or “HEADER_”.
UNMAPPED_REMOTE_USER
The name of the user as it is derived from the authorization header sent by the client, before the user name is mapped to a Windows account (same as REMOTE_USER). If you have an authentication filter installed on your Web server that maps incoming users to accounts, use LOGON_USER to view the mapped user name.
URL
Gives the base portion of the URL, without any querystring or extra path information, for example, “/vdir/default.asp”.
For the raw URL, use HTTP_URL or UNENCODED_URL.
URL_PATH_INFO
Note: This server variable is only available on IIS 5.0.
Use PATH_INFO instead.
____________________________________________
BOOL (WINAPI * AddResponseHeaders) (
struct _HTTP_FILTER_CONTEXT * pfc,
LPSTR lpszHeaders,
DWORD dwReserved
);
BOOL (WINAPI * WriteClient) (
struct _HTTP_FILTER_CONTEXT * pfc,
LPVOID Buffer,
LPDWORD lpdwBytes,
DWORD dwReserved
);
VOID * (WINAPI * AllocMem) (
struct _HTTP_FILTER_CONTEXT * pfc,
DWORD cbSize,
DWORD dwReserved
);
BOOL (WINAPI * ServerSupportFunction) (
struct _HTTP_FILTER_CONTEXT * pfc,
enum SF_REQ_TYPE sfReq,
PVOID pData,
DWORD ul1,
DWORD ul2
);
ServerSupportFunction 支持以下多种灵活的功能:
SF_REQ_ADD_HEADERS_ON_DENIAL 这个功能允许过滤器在服务器产生拒绝访问的
事件时增加特定的HTTP头,此函数一般用于认证过滤器
SF_REQ_DISABLE_NOTIFICATIONS 禁止某个事件消息
SF_REQ_GET_CONNID 这个功能在IIS4.0以后的版本已不再支持
SF_REQ_GET_PROPERTY 取得IIS属性
SF_REQ_NORMALIZE_URL 规整URL
SF_REQ_SEND_RESPONSE_HEADER 发送回应HTTP头
SF_REQ_SET_NEXT_READ_SIZE 设置下次数据读尺寸
SF_REQ_SET_PROXY_INFO 设置代理信息
} HTTP_FILTER_CONTEXT, *PHTTP_FILTER_CONTEXT;
再看下上面几个函数的实例代码:
pfc.AddResponseHeaders(pfc, PChar(‘p3p: policyref=”‘ + P3pSetPolicyrefLink + ‘”,CP=”ALL”‘#13#10), 0);//加头
pfc.ServerSupportFunction(pfc, SF_REQ_SEND_RESPONSE_HEADER, PChar(‘200 OK’), 0, 0);//返回状态
pfc.WriteClient(pfc, PChar(Loc), sMsgLen, 0);//返回html
Result := SF_STATUS_REQ_FINISHED; //处理结果
最后关注一下httpfilterproc 的返回值。
Returns one of the following values that indicate how the application handled the event.
SF_STATUS_REQ_FINISHED //被处理了,当前请求过程立即返回。
The filter has handled the HTTP request. The server should disconnect the session.
SF_STATUS_REQ_FINISHED_KEEP_CONN //同上,但继续保持连接keep-alive
Treated the same as SF_STATUS_REQ_FINISHED. After this notification is received, the connection is closed.
SF_STATUS_REQ_NEXT_NOTIFICATION // 继续下一个通知。
The next filter in the notification chain should be called.
SF_STATUS_REQ_HANDLED_NOTIFICATION //当前事件被处理,不需要通知下个过滤器进行相同事件处理。
This filter handled the notification. No other handlers should be called for this particular notification type.
SF_STATUS_REQ_ERROR //错误
An error occurred. The server should call GetLastError and indicate the error to the client. The HTTP request will generally be aborted when this status is returned. The client should call SetLastError with the nature of the failure.
SF_STATUS_REQ_READ_NEXT //
The filter is an opaque stream filter (encrypted/compressed HTTP requests) and the session parameters are being negotiated. This is valid only for raw-read notification. This value indicates that the full request has not yet been received; the Web server should issue another read and notify the filter with the additional data read.
Remarks
热门文章
标签:iis, isapiFilter
看不懂。。。