Re: IIS Extensions in URL causes filter to break.

From: Abh Khush (montu17_at_yahoo.com)
Date: 06/26/03

  • Next message: Jay Jeffrey: "Junk Email" 
    Date: 26 Jun 2003 08:38:28 -0700

    Here are some clarifications
    1) I delete all cached files at the browser to ensure that the browser
    follows the url of <img> to IIS
    2) It has nothing to do with .asp per se - it can be any registered
    extension. Try with any entry from MetaBase under
    [LM/W3SVC]
    ".id=6014;Name=ScriptMaps;Data=.ida,C:\WINNT\System32\idq.dll,3,GET,HEAD,POST
    .idq,C:\WINNT\System32\idq.dll,3,GET,HEAD,POST
    .asp,C:\WINNT\System32\inetsrv\asp.dll,1,GET,HEAD,POST,TRACE"
    (actually, I first noticed the problem with my own registered
    extension.)
    3) The static page which has the <img> URLs always exists.
    4) In the <img> SRC URL /host.asp does not exist.
    5) I confirmed using NetMon on IIS server that the static HTML is
    requested always followed by one request for each <img> URLs in it
    irrespective of how the <img> urls look. (after the browser cache is
    cleared)
    6) This happens only with the Q811114 patch, not prior to that. If you
    remove the patch, things work again.

    Given the above conditions, the <IMG> url does not fire OnUrlMap
    "atleast once" as you point. Some URLs are requested more than once,
    some others are not requested at all. The behavior is not consistent
    each time.

    What my filter does exactly?
    It filters every incoming request looking for "mystring" inside it.
    e.g <img src="http://www.myserver.com/something/host.asp/mystring/myimageid">
    If it finds "mystring" then it extracts the image id "myimageid",
    finds the corresponding file name for this image id from an image
    id/filename table inside my filter, reads the file from disk, and
    finally writes the file to the client through the HTTPFilterContext
    object.
    If it does not find "mystring" it does nothing.
    Because of this all my images on the rendered static page are
    scrambled or "not found". Image links meant for image1 display image2
    etc.

    I also tested with another dummy filter that does not do any
    processing of the URLs, and I can see the same problem when I step
    through OnUrlMap.

    Note that, if you remove the registered extension from the <img> URLs,
    OnUrlMap gets fired once for every URL in the static HTML. (after the
    browser cache is cleared)

    What are your thoughts? Also, can you explain what is the order in
    which IIS handles extensions and filters. My understanding is that any
    request first goes through all registered filters and then to the
    registered extensions.

    Thanks for your time,
    Abhinav

    "David Wang [Msft]" <someone@online.microsoft.com> wrote in message news:<ehk6iQ7ODHA.3020@TK2MSFTNGP10.phx.gbl>...
    > Can you clarify what you are saying in step #3. I'll first offer a few
    > thoughts on the matter.
    >
    > First, IIS does NOT "request" the URL of the <img> in an HTML file. When
    > you browse the HTML file, the browser first reads the HTML file, and at its
    > discretion, it may retrieve the URL of its contents (i.e. follow the URL of
    > <img>). For example, caching at the browser affects this behavior.
    >
    > Second, OnUrlMap is only guaranteed to fire at least once per retrieval of a
    > URL. It can fire more than once for each URL, and it can contain different
    > values on each firing. Certainly, if a URL isn't fetched for an HTML page
    > for whatever reason, it's not going to fire, either.
    >
    > Finally, in the <img> SRC URL, does /host.asp exist?
    >
    > For example, if an ASP page retrieve PATH_TRANSLATED and certain other
    > server variables, it will trigger a SF_NOTIFY_URL_MAP on its own. On the
    > other hand, a plain static file request likely ends up only triggering
    > SF_NOTIFY_URL_MAP once (unless it's invoking a DefaultDoc...).
    >
    >
    > Please help me understand what exactly you are trying to do with your ISAPI
    > Filter and how you are doing it, exactly. Based on what you said in step
    > #3, I haven't seen anything "out of the ordinary".
    >
    > --
    > //David
    > This posting is provided "AS IS" with no warranties, and confers no rights.
    > //
    > "Abh Khush" <montu17@yahoo.com> wrote in message
    > news:578a2046.0306230627.feaad22@posting.google.com...
    > Hi
    >
    > On IIS 5.0/5.1, after applying the security hotfix Q811114, I have
    > started to see the following problem.
    >
    > Steps to reproduce
    > 1) Create an IIS HTTP filter and override OnUrlMap. (e.g let's filter
    > 'mystring')
    >
    > 2) Create an HTML page with few img links in it containing a
    > registered extension and which has to be parsed by the filter.
    >
    > Here's how the html should look like.
    >
    > <html>
    > <head><title>Some static page</title></head>
    > <body>
    > <img
    > src="http://www.myserver.com/something/host.asp/mystring/mylogfile1">
    > <img
    > src="http://www.myserver.com/something/host.asp/mystring/mylogfile2">
    > <img
    > src="http://www.myserver.com/something/host.asp/mystring/mylogfile3">
    > </body>
    > </html>
    >
    > 3) When you hit the static page containing the above links and step
    > into the OnUrlMap function inside your filter, you will see that the
    > requests sent down to the OnUrlMap are incorrect. Instead of sending
    > GET requests for these 3 urls one after the other, IIS will randomly
    > request 2-3 times of one of these urls, omit some urls etc.
    > If however you remove the .asp from the above urls it works fine.
    >
    > It is hard to convince myself that this is tightened security because
    > from my understanding, IIS filters are always called before any IIS
    > extensions are. And if that is the case then the GET requests should
    > be sent down correctly into OnUrlMap.
    >
    > Can some one on the MS IIS team please explain?
    >
    > Thanks,
    > Abhinav

  • Next message: Jay Jeffrey: "Junk Email"

    Relevant Pages

    • Re: IIS Extensions in URL causes filter to break.
      ... If your filter operates the way you say, ... IIS can only say that one or more of the events contain ... every request, and maybe more than once, depending on whether the URL causes ... As for the order of handling between ISAPI Extensions and Filters - Filters ...
      (microsoft.public.inetserver.iis.security)
    • Re: Custom 401 page problems
      ... Since you configured IIS to send a staic for this ... Now, a 401 response comes back to the client, and the entite body is the ... it is going to make a new request for this resource ... What request do you think the browser makes to fetch the 401.gif ??? ...
      (microsoft.public.inetserver.iis)
    • Re: pszPhysicalPath not working with directory request on IIS 6
      ... >multiple times for a given request? ... >404 because you didn't modify pszPhysicalPath correctly. ... and a proper ISAPI Filter must handle ... >I have an ISAPI filter that hooks into IIS which has ...
      (microsoft.public.inetserver.misc)
    • Re: Multiple sites
      ... >> distinguish them by using host headers. ... When IIS ... browser. ... >> request. ...
      (microsoft.public.inetserver.iis.security)
    • Re: Multiple sites
      ... When IIS receives a request for a ... it looks at the information sent in by the browser. ... the HTTP header contains the actual domain name ... >> request. ...
      (microsoft.public.inetserver.iis.security)