Use custom ISAPI filter to disable access to sensitive files

// Note: This article is from the Internet

 

Many websites may have such a situation. Using. INC and. ASA files to store database connection information, especially. inc files, is necessary to remove files.
Too much time and effortProgramFor example, I have a customer who has dozens of Optical. inc files, not to mention ASP files. It is impossible to change the files.
So I used the experience of a foreign friend and made a few changes to form an ISAPI filter, hoping to enable your site's Inc and AsA file security
All.
I don't want to introduce the standard ISAPI interface functions one by one. You can use the ISAPI engineering templates of VC to learn more. Here I will focus on
Onurlmap and how to use it to protect the security of INC and other files.
ISAPI filter (Internet server application program interface (ISAPI) filter) is bound to the IIS system and monitored on the client.
A Windows-based program application that reads file events from webserver.
Because it can control the data exchange between the client and the server, we can use it to improve the application performance of wwwserver, such as extending the HTTP log function
Your own encryption and verification system.

 

Onpreprocheaders -- server preprocessing client header file.
Onauthentication -- client verification.
Onurlmap -- the server maps the logical URL to the physical path.
Onsendrawdata -- the server sends unprocessed data to the client (Before ).
Onreadrawdata-the customer disconnects and sends unprocessed data to the server (later, but before the server processes it ).
Onlog -- write logs to server files.
Onendofnetsession -- session ends.
The usage of onurlmap is as follows:
DWORD cjsisapifilter: onurlmap (chttpfiltercontext * pctxt,
Phttp_filter_url_map pmapinfo)
{
// Todo: react to this notification accordingly and
// Return the appropriate status code
DWORD lenurl = strlen (pmapinfo-> pszurl );
DWORD dwreferer = 250;
Const char * szurl = strlwr (char *) pmapinfo-> pszurl );
Const char * szextension = & szurl [lenurl-3];
Const char * inextension = & szurl [lenurl-4];
Char szreferer [250];

// The data sent to the server has been encoded.
If (strcmp (szextension, ". js") = 0 | strcmp (inextension, ". Inc") = 0 | strcmp (inextension, ". asa ")
= 0 ){
Pctxt-> getservervariable ("http_referer", szreferer, & dwreferer );
If (szreferer [0]! = 'H '){
Char szredirect [2];
Char szcontent [300];
DWORD dwredirect = 2;
DWORD dwcontent;
Sprintf (szredirect ,"");
Sprintf (szcontent, "\ r \ n <HTML> \ r \ n </Title> </Font> </B> <br> <HR> <
Href = mailto: bingb@emount.com.cn> mailto: bingb@emount.com.cn </a> <br> </center> \ r \ n </body> \ r \ n Dwcontent = strlen (szcontent );
Pctxt-> serversupportfunction (sf_req_send_response_header, szredirect, & dwredirect, null );
Pctxt-> writeclient (szcontent, & dwcontent );
Return sf_status_req_finished;
}
}
Return sf_status_req_next_notification;
}

After compilation, copy the compiled DLL file to the WINNT \ system32 \ inetsrv \ directory, and then add a filter in the ISAPI filter in the site attributes.
Ing DLL to this file.
Restart the w3svc service and access: http: // localhost/xxx. Inc to view the returned information.

If you have any questions, please contact: bingb@emout.com.cn
You wantArticleIt can be useful to you.