ISAPI filter to allow access only to hosts with selected names

This article describes an ISAPI filter to allow access only to hosts listed in an external datasource. This sample uses a file (hostdb.txt) to keep track of authorized hostnames, but you might modify this sample to access a database which holds host info.

For each URL request, the filter first looks in a cache of recently allowed hosts, and when that fails, it looks in the hostdb.txt file. This shows an efficient way to authorize connections: a cache allows the filter to quickly allow or disallow host access, and because each request comes in through the filter, speed is critical.

The project is a standard appwizard generated ISAPI filter. There are 5 parameters that can be changed to fine tune the filter: the maximum number of cached hosts, the position after which a cached entry will be moved to the front of the list (to make the search time shorter!), the name of the file that contains the host list and the names of the html files that indicates to the user that its IP address could not be resolved to a host name or that the access was denied for this host. All this parameters are #define directives in the hostnamefilter.h header file.

The filter could be improved in several ways: using a database instead of a file for host information (you should consider using stored procedures to search and/or to cache!), load parameters from registry, automatic selection of the number of cached hosts and the list reorder parameter, etc.

The full source code is provided, you will have to compile it in order to get a working filter. Once you have compiled the project you will need to take the following steps to install:

  1. Run REGEDT32.EXE and modify the server's registry as follows. Select the Filter DLLs key in HKEY_LOCAL_MACHINE\CurrentControlSet\Services\W3SVC\Parameters. Add a local path to hostnamefilter.dll, usually C:\WinNT\System32\InetSrv\hostnamefilter.dll. The filter entries are separated by commas. The order is important, if you have other filters with the same priority, the first one listed will receive the requests first.
  2. Copy the hostnamefilter.dll file to the directory you specified in the registry.
  3. Make sure the System account have execute rights on the filter dll file.
  4. Edit the hostdb.txt file so it contains valid hostnames. The format of the file is:
    host1
    host2.foo.com
    *.edu
    *.foo.net

  5. Copy the hostdb.txt file to the directory you specified in the hostnamefilter.h header file for the host database.
  6. Copy the NoName.htm file to the directory you specified in the hostnamefilter.h header file for the page to indicate that the IP address could not be resolved to a name.
  7. Copy the NoAccess.htm file to the directory you specified in the hostnamefilter.h header file for the page to indicate that the access is denied for this host.
  8. Make sure the System account have read rights on the NoName.htm, NoAccess.htm and hostdb.txt files.
  9. Restart the WWW service.

Download Source Code


Last updated: 23 November 1998



Comments

  • Host Addition

    Posted by Kutilu on 03/15/2010 01:37am

    Hi, Thanks for your wonderful article. But currently iam wondering why i need to restart my IIS in order to have filter recognize the changes done in my hostdb file. Can you explain me what do you mean by storing the hostfile in cache? That is not browser cache right? - Rajee

    Reply
  • how to change the register value?

    Posted by Legacy on 11/07/2002 12:00am

    Originally posted by: yanny

    hi,
    About the register key HKEY_LOCAL_MACHINE\CurrentControlSet\Services\W3SVC\Paramet,
    i don't know how to deal with, is that add a path, or a string? and how to name it? then set the key of the name to the system path?

    Reply
Leave a Comment
  • Your email address will not be published. All fields are required.

Top White Papers and Webcasts

  • On-demand Event Event Date: August 27, 2015 With the cloud enabling companies to spin up servers and stand up data stores more quickly, mobile apps can be created faster, reducing the time-to-value. But three major obstacles stand in the way for many organizations: The backlog of app project requests confronting every enterprise regardless of their internal app development capabilities Finding and employing better, faster tools to speed and simplify the process of developing those apps. The emergence of …

  • U.S. companies are desperately trying to recruit and hire skilled software engineers and developers, but there is simply not enough quality talent to go around. Tiempo Development is a nearshore software development company. Our headquarters are in AZ, but we are a pioneer and leader in outsourcing to Mexico, based on our three software development centers there. We have a proven process and we are experts at providing our customers with powerful solutions. We transform ideas into reality.

Most Popular Programming Stories

More for Developers

RSS Feeds

Thanks for your registration, follow us on our social networks to keep up-to-date