The Forefront TMG Web filter API enables you to accumulate the chunks of a response to form a complete response, by means of a Web filter.

The Webresponsemodifier filter collects the chunks of a response and then changes them depending on the complete response. This filter is an adaptation of the filter that IIS uses for compression. (The original filter was written by David Treadwell in July 1997.)

The filter adds a line of text in the HTML response before sending the response to the client.

The filter works with two notifications that are sent for data received from a Web server (a response). In an SF_NOTIFY_SEND_RAW_DATA notification, it collects the chunks of the response, and resets the buffer size to 0. Then, when all the chunks of the response have passed SF_NOTIFY_SEND_RAW_DATA notifications, the Forefront TMG Web proxy sends an SF_NOTIFY_END_OF_REQUEST notification. The filter then modifies the response, and sends the complete response using the WriteClient callback function.

Note that the Webresponsemodifier filter cannot be used to transmit large responses. The Webresponsemodifier filter defines the constant ACCUMULATION_SIZE_LIMIT, which is set to 10,000 bytes. The filter accumulates data up to the limit set by this constant and then disables the notifications. This is done because the WriteClient callback function is synchronous and blocks the thread from which it is called until the I/O operation is completed. When large amounts of data are sent, the WriteClient callback function can block all of the available worker threads with a resultant denial of service (DoS).

This sample demonstrates how to allocate memory securely and efficiently. Web filters should avoid allocating large amounts of memory in a single session or request so that resources will not be depleted in the event of a denial-of-service (DoS) attack. Web filters that accumulate data until a complete request is stored in memory should set a maximum total number of bytes that may be allocated for a single request. If this maximum number of bytes is significant, they should limit the time during which a request can be stored. In more advanced Web filters, quotas should be applied.

For more information about handling data in Web filters and other recommended best practices for developing Web filters, see Best Practices for Web Filters. For more information about the types of event notifications that are sent to Web filters, including notifications that are sent for data received from a client (a request), see Event Notifications.

Send comments about this topic to Microsoft

Build date: 11/30/2009

© 2008 Microsoft Corporation. All rights reserved.