The WebExeBlock Web filter demonstrates the use of server-side notifications to identify a Windows executable file and block it. An executable file is identified when the response body starts with MZ. Note that this is a sample filter. For example, this filter handles only 200 OK responses, does not support chunked encoding or compression, and does not handle 100-continue.
This sample is not intended to demonstrate secure, efficient memory allocation. Web filters should avoid allocating large amounts of memory in a single session or request so that resources will not be depleted in the event of a denial-of-service (DoS) attack. Web filters that accumulate data until a complete request is stored in memory should set a maximum total number of bytes that may be allocated for a single request. If this maximum number of bytes is significant, they should limit the time during which a request can be stored. In more advanced Web filters, quotas should be applied.
The Webresponsemodifier sample demonstrates how to allocate memory securely and efficiently. For more information about handling data in Web filters and other recommended best practices for developing Web filters, see Best Practices for Web Filters.
Send comments about this topic to Microsoft
Build date: 11/30/2009
© 2008 Microsoft Corporation. All rights reserved.