Article ID: 896287 - Last Review: December 3, 2007 - Revision: 1.3 The differences in how the SF_REQ_NORMALIZE_URL server support function and Http.sys in Internet Information Services 6.0 normalize a URLOn This PageINTRODUCTIONThis article describes the differences in how the SF_REQ_NORMALIZE_URL server support function and Http.sys in Microsoft Internet Information Services (IIS) 6.0 normalize a URL. Normalization includes decoding hexadecimal codes, removing characters that are not valid, and performing some international conversions. MORE INFORMATIONThe SF_REQ_NORMALIZE_URL server support function can be called from an Internet Server API (ISAPI) filter to normalize a URL. The normalization performed by the SF_REQ_NORMALIZE_URL server support function appears similar to the normalization performed by Http.sys when Http.sys first receives the request. However, there may be cases where there are differences in how the SF_REQ_NORMALIZE_URL server support function and Http.sys normalize a URL. In these cases, the custom ISAPI filter can be modified to normalize a URL in a way that meets the requirements of the custom application. Case 1: Backslashes in an incoming URLThe normalization is different when an incoming URL contains backslashes. For example, the following request is received:http://www.example.com/RootTest/SubDir\LowerDir/ Http.sys normalizes this URL as the following URL:http://www.example.com/RootTest/SubDir/LowerDir/ Note The backslash is changed to a forward slash.The SF_REQ_NORMALIZE_URL server support function normalizes this URL as the following URL: http://www.example.com/RootTest/SubDir\LowerDir/ Case 2: Directory traversalThe normalization is different when directory traversal is used. For example, the following request is received:http://www.example.com/RootTest/SubDir1\SubDir2/../../SubDir5/SubDir6 Http.sys normalizes this URL as the following URL:http://www.example.com/RootTest/SubDir5/SubDir6 Note The backslash is changed to a forward slash.The SF_REQ_NORMALIZE_URL server support function normalizes this URL as the following URL: http://www.example.com/SubDir5/SubDir6 In both of these cases, you can avoid the problem that is caused by the differences in how the SF_REQ_NORMALIZE_URL server support function and Http.sys normalize a URL. To avoid the problem, call the GetServerVariable function instead of the GetHeader function to retrieve the URL. Then, pass the URL to the SF_REQ_NORMALIZE_URL server support function. The value of the URL that is returned by the GetServerVariable function is populated by Http.sys after Http.sys normalizes the raw URL.For more information about ISAPI filter development, visit the following Microsoft Developer Network (MSDN) Web site: http://msdn2.microsoft.com/en-us/library/ms525164.aspx
(http://msdn2.microsoft.com/en-us/library/ms525164.aspx)
| Article Translations
|
| United States | Change | | | All Microsoft Sites |
Back to the top
|
