Secure the INC and ASA files with Isapifilter

Safety

In the past to see a foreigner's article, now can not remember this very good enthusiasm like my general young people, but the mailbox and he discussed the mail.
There are a number of sites may have such a situation, Leverage. Inc and. ASA contains files to store database connection information, especially. Inc's files, want to get rid of the need for too much time and do a lot of program adjustments, such as I have a customer is the light. inc file has dozens of, not to mention ASP file, want to change is not the least. So I took advantage of that foreign friend's experience and made a few minor changes to form an ISAPI filter, hoping to make your site's Inc and ASA files a little safer.
I do not want to introduce the standard ISAPI interface functions, more comprehensive knowledge you can take advantage of VC's ISAPI project template to learn. Here I focus on onurlmap and how to use it to complete our process of protecting the security of INC and other files.
ISAPI filter (Internet Server application program Interface (ISAPI) filter) is a windows-based program application that binds to the IIS system and monitors the events that occur on the client from webserver to read files.
Since he can control the exchange of data between the client and the server, we can use it to improve the application performance of wwwserver such as extending the HTTP log function and implementing our own encryption and authentication system.

OnPreprocHeaders-Server preprocessing client header files.
OnAuthentication--Client authentication.
OnUrlMap-The server maps the logical URL to the physical path.
OnSendRawData-The server sends unprocessed data to the client (before).
OnReadRawData-The customer sends unprocessed data to the server (after, but before the server processes).
OnLog-Write log to server file.
OnEndOfNetSession-session end.
The following is the use of OnUrlMap:
DWORD Cjsisapifilter::onurlmap (chttpfiltercontext* pctxt,
Phttp_filter_url_map pmapinfo)
{
Todo:react to this notification accordingly and
Return the appropriate status code
DWORD Lenurl = strlen (Pmapinfo->pszurl);
DWORD dwreferer = 250;
const char * szurl = STRLWR ((char *) pmapinfo->pszurl);
const char * szextension = &szURL[lenURL-3];
const char * inextension = &szURL[lenURL-4];
Char szreferer[250];

The data to the server has been encoded.
if (strcmp (Szextension, ". js") = = 0 | | strcmp (inextension, ". Inc") = = 0 | | strcmp (inextension, ". Asa")
= = 0) {
Pctxt->getservervariable ("Http_referer", Szreferer, &dwreferer);
if (szreferer[0]!= ' h ') {
Char szredirect[2];
Char szcontent[300];
DWORD dwredirect = 2;
DWORD dwcontent;
sprintf (Szredirect, "");
sprintf (szcontent, "\r\n\r\n</title></font></b><br><br><br>Href=mailto:bingb@emount.com.cn>mailto:bingb@emount.com.cn</a><br></center>\r\n</body >\r\nDwcontent = strlen (szcontent);
Pctxt->serversupportfunction (Sf_req_send_response_header,szredirect,&dwredirect,null);
Pctxt->writeclient (Szcontent, &dwcontent);
return sf_status_req_finished;
}
}
return sf_status_req_next_notification;
}

After compiling, copy the compiled DLL file to the Winnt\system32\inetsrv\ directory, and then add a filter to the ISAPI filter in the site's properties to map the DLL to the file.
Restart the W3SVC service and then access: Http://localhost/xxx.inc can see the return information.

Any questions you can contact: bingb@emout.com.cn hope that this article will be useful to you.