Introduction to Web Filters

Web filters are run-time extensions of the Forefront TMG Web proxy. By reacting to event notifications sent by the Web proxy, Web filters can intervene in the processing of HTTP requests and responses and invoke specific actions based on the information being passed. For example, Web filters can redirect requests according to information provided by the client (credentials, browser type, locale, etc.), and they can filter or modify Web content according to various criteria (offensive words etc.).

Web filters are installed in the form of dynamic-link libraries (DLLs) that are loaded when the Microsoft Firewall service is started and stay in memory until the service shuts down. Web filters can be configured to receive notifications for events that occur with each HTTP request that the Forefront TMG Web proxy receives and with each response returned through the Web proxy by an external Web server. For more information about the types of event notifications that are sent to Web filters, see Event Notifications.

The Web proxy sends event notifications to the Web filters that are registered to receive them by calling the applicable entry-point function. For more information about the entry-point functions that are implemented by Web filters, see Web Filter Entry-Point Functions.

In each call to an entry-point function, the Web proxy may pass information to the Web filter in a structure, which also contains pointers to functions that the Web filter can use in its reaction to the call. For more information about the structures used in Web filters, see Web Filter Structures.

The following illustration provides a schematic overview of the HTTP request-and-response process. A Web filter can register for and react to the events represented in the illustration. These events include both client-side events and server-side events. Client-side events occur when a client sends a request to the Forefront TMG computer, and when the Forefront TMG computer responds to the client. Server-side events occur when the Forefront TMG computer passes a request to a Web server, and when the Web server sends a response to the Forefront TMG computer. In this illustration, the Forefront TMG computer is represented by the Web proxy component of Forefront TMG.

Note   A Web filter typically receives an SF_NOTIFY_PREPROC_HEADER notification before it receives an SF_NOTIFY_END_OF_REQUEST notification for the same request. However, if the client sends a request containing a header that is larger than the maximum header length configured for Forefront TMG, the Web proxy sends an SF_NOTIFY_END_OF_REQUEST notification at once instead of the SF_NOTIFY_PREPROC_HEADER notification.

This section contains the following topics:

• Uses of Web Filters
• Web Filter Basics
• Forefront TMG Web Proxy Architecture

Send comments about this topic to Microsoft

Build date: 11/30/2009