Modifying post data

Apr 29, 2008 at 9:38 AM
Hi, is it possible to modify the post variables for a Classic ASP request using Filter .NET? I've not had much success changing inbound data. I am trying to clean up post data to prevent SQL Injection attacks.
Coordinator
Apr 30, 2008 at 8:27 PM
If you are developing for IIS 5.x (Windows 2000 or Windows XP), then you can use Filter.NET to view or change the full HTTP packet. However, if you're developing for IIS 6.0 then you can only view/change the HTTP headers. If the data you want to filter is sent via GET, it'll appear in the QueryString and you may have access to it. If the data is sent via POST, only IIS 5.x will let you access it.

If you want to access the HTTP body and are developing for IIS 6.0, the option would be to create an ISAPI Wildcard Extension to inspect/modify the posted data. However, care must be taken when this option is chosen especially for large packets of data in non chunked mode, because you will need to change the length of the data (Content-Length) and changing the length means changing the HTTP Header. You basically end up having to buffer the whole packet before delivering it to the ASP.

Tiago Halm