A Bug in Custom ISAPI Filter Related to Keep-Alive
来源:互联网 发布:淘宝优惠券图片素材 编辑:程序博客网 时间:2024/04/27 20:41
I once implemented my own Basic authentication logic in a custom ISAPI filter on IIS 6 and IIS 7.5 (classic mode). I met a bug related to keep-alive.
The custom filter checked the credentials (Authorization: Basic <Base64 encoded name:password>) in the request header within the CHttpFilter::OnPreprocHeaders function which I had overwritten. My code would send a 401 response to the client and return SF_STATUS_REQ_FINISHED_KEEP_CONN when the credentials were invalid.The bug was: IIS would close TCP connection when the custom filter sent a 401 response to the client even if keep-alive was enabled. I had a client-side application which was written with .NET HttpWebRequest and HttpWebResponse. The application always threw an exception which told the server had closed the connection while keep-alive was expected. So why did the server close the connection?
After some time of investigation, I found this bug was caused by the incorrect behavior of the ISAPI filter itself. As MSDN introduced, by returning SF_STATUS_REQ_FINISHED_KEEP_CONN in CHttpFilter::OnPreprocHeaders, IIS would finish request handling and keep the TCP connection open if keep-alive was enabled. However, Microsoft did not implement this logic! Therefore, returning SF_STATUS_REQ_FINISHED_KEEP_CONN was exactly the same as returning SF_STATUS_REQ_FINISHED. The TCP connection was always closed! This behavior broke HTTP keep-alive protocol so that the client application failed.
Then I had to use a workaround to resolve this problem: adding “Connection: close” in the response header to explicitly tell the client the TCP connection would be closed by the server when I sent the 401 response to the client. I did not worry about the performance because HttpWebRequest.PreAuthenticate was set to true in most cases. That meant the client would receive the 401 response only at the first request. Then keep-alive would still work well for all the following thousands of requests. Here I want to complain why Microsoft did not add credentials to the first request even whenPreAuthenticate is true.
Recently, I abandoned the custom ISAPI filter and started using a custom HTTP module in IIS 7.5 Integrated mode to do Basic authentication. Of course, the problem went away when the client directly connected to the web server. However, the problem came back again when I used some reverse proxy device between the web server and the client, for example, the BigIP device. I did not find the root cause yet. But anyway, the “Connection: close” workaround still worked well.- A Bug in Custom ISAPI Filter Related to Keep-Alive
- 自定义ISAPI Filter中发现的一个与Keep-Alive相关的Bug
- KEEP ALIVE
- Keep-Alive
- Keep-Alive
- a bug related with extern
- Mac OS: How to keep network connection alive after sleep
- How to keep CoreBluetooth connection alive between views
- http keep-alive与tcp keep-alive
- http keep-alive与tcp keep-alive
- Http keep-alive 与Tcp keep-alive
- How to define a custom separator in TLex
- Adding a Custom System Call to Ubuntu Linux in [C]
- Three ways to set a custom busy cursor in flex
- TCP Keep-Alive Messages
- HTTP keep alive
- Connection:Keep-alive
- HTTP Keep-Alive详解
- Jqgrid入门
- 2013年6月28日 22:35:29
- json数组转换为list的问题
- Android 屏幕自适应方向尺寸与分辨率
- 链表的一系列操作
- A Bug in Custom ISAPI Filter Related to Keep-Alive
- 一致性 hash 算法( consistent hashing )
- Hadoop分布式文件系统:架构和设计要点
- Extjs4.2 rest 与webapi数据交互
- Spring的作用域以及RequestContextListener作用
- xml的onclick
- 数学专项number_theory:UVa 294
- REST和SOAP
- 深入理解Oracle索引(24):B*Tree 索引小结