Following table lists the possible sections of the class Isapi.
Note 1
An incoming http request can be represented as: http://www.myserver.com/ {url}?{query}. In this document, we refer to {url} as the “url” part of the http request and {query} as the “query” part of the http request. Using this naming convention, we can say that the section “url” will be matched against {url} and the section “query” will be matched against {query}.
For example the following rule would be triggered if the http request http:// www.myserver.com/search/abc.exe?subject=wildlife&environment=ocean would be received by IIS:
Rule {
Class Isapi
Id 4001
level 1
url { Include “*abc*” }
time { Include “*” }
application { Include “*”}
user_name { Include “*” }
directives -c -d isapi:request
}
This rule is triggered because {url}=/search/abc.exe, which matches the value of the section “url” (i.e. abc).
Note 2
Before matching is done, sections “url” and “query” are decoded and normalized so that requests cannot be filled with encoding or escape sequences.
Note 3
A maximum length restriction can be defined for the sections “url” and “query”. By adding “;number-of-chars
” to the value of these sections, the rule can only match if the {url} or {query} have more characters than “number-of-chars”. For example, the following rule will match if the url part of the request contains “abc” and the url part of the request has over 500 characters:
Rule {
Class Isapi
Id 4001
level 1
url { Include “*abc*;500” }
time { Include “*” }
application { Include “*”}
user_name { Include “*” }
directives -c -d isapi:request}
}
Note 4
A rule needs to contain at least one of the optional sections url, query, method.