Microsoft KB Archive/297688

= INFO: Modify Outgoing Data in a Web Filter for the ISA =

Article ID: 297688

Article Last Modified on 7/9/2002

-

APPLIES TO


 * Microsoft Internet Security and Acceleration Server 2000 Standard Edition
 * Microsoft Internet Security and Acceleration Server 2000 Service Pack 1

-



This article was previously published under Q297688



SUMMARY
You can modify outgoing data that is typically sent by the Internet Security and Acceleration (ISA) server to the client.

You can do such data modification if you buffer the outgoing data in the SF_SEND_RAW_DATA notification, change the accumulated buffer, and then send the whole modified buffer in the SF_NOTIFY_END_OF_REQUEST.

You must be careful to properly change the Content-Length header in the accumulated buffer so that the header reflects the correct size of the modified buffer.



MORE INFORMATION
The technique that is described in the &quot;Summary&quot; section is demonstrated in the WebResponseModifier sample Web filter that was included with the ISA software development kit (SDK).

NOTE: You cannot modify outgoing data for the Secure Sockets Layer (SSL) connection when the client sends a request for an HTTPS URL because any modification of encrypted data by the filter renders SSL encrypted data unusable.

Because of this fact, you must make sure that the filter is not handling HTTPS requests. To do this, two conditions must be met.


 * Do not use SF_NOTIFY_SECURE_PORT flag in dwFlags of the HTTP_FILTER_VERSION structure. This prevents the filter from being invoked for SSL requests when ISA is using SSL Bridging.
 * When ISA is using SSL Tunneling, HTTPS requests sent by the browser are handled like ordinary HTTP requests by the ISA. This causes the filter to be invoked, even if the earlier condition is met.

To handle such a case, the filter must determine if the verb of the request is CONNECT. A CONNECT request indicates that the client sends an SSL request. You can use the following code to determine this:

CHAR szChar [256]; DWORD dwError, dwSize = sizeof (szChar); if ( !pfc->GetServerVariable (pfc, &quot;REQUEST_METHOD&quot;, szChar, &dwSize)) {  dwError = GetLastError; wsprintf (szChar, &quot;GetServerVariable failed: %d\n&quot;, dwError); OutputDebugString (szChar); SetLastError(dwError); return SF_STATUS_REQ_ERROR; }

if (!strcmp (szChar, &quot;CONNECT&quot;) ) {  // We are handling the SSL request. // Add code here to disable all the notifications // for this request and to stop any more processing. }

