Microsoft Internet Security and Acceleration Server 2004 SDK

Event Notifications

The following is an alphabetical table of notifications for which a Web filter can be registered. For more information about event notifications, including the typical order in which they occur, see Introduction to Web Filters.

Notifications Specific to ISA Server 2004

The following list describes the notifications specific to ISA Server 2004, which are associated with the HttpWPXFilterProc entry-point function.

SF_NOTIFY_FORWARD_RAW_DATA
A notification specific to ISA Server. Occurs before raw data is sent to the server. May be used by filters that want to modify this data. Provided with the HTTP_FILTER_RAW_DATA notification structure.
SF_NOTIFY_FORWARD_RAW_DATA_COMPLETED
A notification specific to ISA Server. Occurs when the sending of raw data to the server is complete. May be used by filters that want to modify the data based on the complete content.
SF_NOTIFY_POLICY_CHECK_COMPLETED
A notification specific to ISA Server. Occurs after the ISA Server policy check has been completed, and the request has either been allowed or denied. After this notification has been received, the Web filter can request the GUID of the policy rule that either allowed or denied the request. The filter can also request additional data from the client (SF_STATUS_REQ_READ_NEXT), although the read operation will fail if all of the data has already been received.
SF_NOTIFY_RECEIVE_RESPONSE_HEADERS
A notification specific to ISA Server. Occurs after the response headers have been received. May be used by filters to modify the headers received from the server before the response is processed by ISA Server. Provided with the WPX_FILTER_PREPROC_HEADERS notification structure.

Note  This notification may arrive more than once for a client POST request. The notification is provided each time that a Web server returns an HTTP status 100 (Continue) response, and once more for the final response.

SF_NOTIFY_RECEIVE_RESPONSE_RAW_DATA
A notification specific to ISA Server. Occurs after data is received from the server, and before it is processed by ISA Server. May be used by a filter to modify the content of the data received from the server. Provided with the HTTP_FILTER_RAW_DATA notification structure.

Note  A single request may get more than a single response header if the method is POST. If the data is parsed, take into account the possibility of multiple response headers.

If a filter accumulates a response in an SF_NOTIFY_RECEIVE_RESPONSE_RAW_DATA notification without releasing it to the next filter, the filter may not release the data until it receives an SF_NOTIFY_END_OF_REQUEST notification, which indicates that the server closed the connection. At this point, the filter will typically call WriteClient with the accumulated data. However, this will prevent other server-side filters from obtaining the raw response data, and those filters will be skipped. We recommend not accumulating the body of a response without releasing it to the next filter. If you must do so, accumulate the data in an SF_NOTIFY_SEND_RAW_DATA notification rather than an SF_NOTIFY_RECEIVE_RESPONSE_RAW_DATA notification.

SF_NOTIFY_ROUTING
A notification specific to ISA Server. Occurs before the Web filter forwards the request to the destination server. Can be used by a filter to override the host name, IP address, or port for the connection. Provided with the WPX_FILTER_ROUTE notification structure.

General Notifications

The following list describes the notifications and flags that are not specific to ISA Server, but are supported by it. These are associated with the HttpFilterProc entry-point function.

SF_NOTIFY_ACCESS_DENIED
Occurs just after ISA Server determines that access is denied for the request resource, but before ISA Server sends a response to the client. Provided with the HTTP_FILTER_ACCESS_DENIED notification structure.
SF_NOTIFY_AUTH_COMPLETE
In an HTTP authentication scenario, this notification occurs just after ISA Server determines that access is allowed for the request resource. Provided with the HTTP_FILTER_AUTH_COMPLETE_INFO notification structure.
SF_NOTIFY_AUTHENTICATION
Occurs just before ISA Server authenticates the client. Can be used with ISA Server to provide a custom authentication scheme. Provided with the WPX_FILTER_AUTHENT_EX notification structure. If authentication is not required by any rule then the notification occurs with an anonymous user.
SF_NOTIFY_END_OF_NET_SESSION
Occurs when a network session with a client is ending.
SF_NOTIFY_END_OF_REQUEST
Occurs at the end of a request.
SF_NOTIFY_LOG
Occurs at the end of a request, just before ISA Server writes the session to the ISA Server log. Provided with the HTTP_FILTER_LOG notification structure.
SF_NOTIFY_PREPROC_HEADERS
Occurs after ISA Server preprocesses headers, but before the program begins to process header content. Provided with the HTTP_FILTER_PREPROC_HEADERS notification structure.
SF_NOTIFY_READ_RAW_DATA
Occurs when data is being read from the client. May occur more than once per request. Provided with the HTTP_FILTER_RAW_DATA notification structure.
SF_NOTIFY_SEND_RAW_DATA
Occurs when ISA Server sends raw data back to the client. May occur more than once per request.

Note  A single request may get more than a single response header if the method is POST. If the data is parsed, take into account the possibility of multiple response headers.

Provided with the HTTP_FILTER_RAW_DATA notification structure.
SF_NOTIFY_SEND_RESPONSE
Occurs after the request is processed by IIS, but before any headers are sent back to the client. This notification is not used when ISA Server returns a response from a Web server or from the cache. However, it is called when a filter generates a response by using SF_REQ_SEND_RESPONSE_HEADER (), or when the Web proxy generates a response, such as an error page.

Provided with the HTTP_FILTER_SEND_RESPONSE notification structure.

SF_NOTIFY_URL_MAP
Occurs after IIS translates a URL to a physical path on the server. This notification is irrelevant for the ISA Server Web proxy because it does not have any physical URLs. However, it is provided as it was in Microsoft Proxy Server 2.0, for compatibility with earlier versions.

Provided with the HTTP_FILTER_URL_MAP notification structure.

In addition to the notification events, the Web proxy uses flags relating to port security settings.

Term Description
SF_NOTIFY_SECURE_PORT Notify the Web filter only for connections over a secure port.
SF_NOTIFY_NONSECURE_PORT Notify the Web filter only for connections over a nonsecure port.