Web Filter Basics

When a Web filter is loaded, the filter passes a structure to the ISA Server Web proxy, which contains, in addition to other information, a bit field that specifies the types of filter events for which the filter should be notified. Each time one of those events occurs, an event notification is sent to every Web filter that has specified interest in that event.

When designing a Web filter, consider what events you want the filter to react to, and decide what processing the filter will perform when each event occurs. In addition to these basic design considerations, you must select a priority for the filter, and ensure that it will be properly added to the collection of Web filters so that it is loaded by the Web proxy. For more information, see Web Filter Administration.

Web filters that alter the data being transferred, such as encrypting or decrypting filters, should be assigned a higher priority than the HTTP filter through the Priority property during setup.

Web filters should never trust an upstream proxy server and forward user credentials to it.

If a filter modifies the content of the data stream, the HTTP filter might inadvertently pass modified versions of signatures in the request or response header that it is configured to look for.

If a Web filter creates a new authentication scheme when it is regisered with ISA Server, ISA Server Management must be restarted before it will display the new authentication scheme.