67 lines
2.1 KiB
C++
67 lines
2.1 KiB
C++
#include "stdafx.h"
|
|
|
|
#include <httpfilt.h>
|
|
#include "tchar.h"
|
|
#include "strsafe.h"
|
|
|
|
BOOL WINAPI GetFilterVersion(
|
|
PHTTP_FILTER_VERSION pVer
|
|
)
|
|
{
|
|
pVer->dwFilterVersion = HTTP_FILTER_REVISION;
|
|
strncpy_s( pVer->lpszFilterDesc, "HTTPOnlyFilter", SF_MAX_FILTER_DESC_LEN );
|
|
|
|
/* Notify me when headers have been processed */
|
|
pVer->dwFlags = SF_NOTIFY_ORDER_DEFAULT |
|
|
SF_NOTIFY_PREPROC_HEADERS |
|
|
SF_NOTIFY_SEND_RESPONSE ;
|
|
|
|
return TRUE;
|
|
};
|
|
// Portion of HttpOnly
|
|
DWORD WINAPI HttpFilterProc(
|
|
PHTTP_FILTER_CONTEXT pfc,
|
|
DWORD dwNotificationType,
|
|
LPVOID pvNotification) {
|
|
|
|
if (dwNotificationType == SF_NOTIFY_SEND_RESPONSE)
|
|
{
|
|
// Hard coded cookie length (2k bytes)
|
|
CHAR szCookie[2048];
|
|
DWORD cbCookieOriginal = sizeof(szCookie) / sizeof(szCookie[0]);
|
|
DWORD cbCookie = cbCookieOriginal;
|
|
|
|
HTTP_FILTER_SEND_RESPONSE *pResponse =
|
|
(HTTP_FILTER_SEND_RESPONSE*)pvNotification;
|
|
|
|
CHAR *szHeader = "Set-Cookie:";
|
|
CHAR *szHttpOnly = "; HttpOnly";
|
|
if (pResponse->GetHeader(pfc,szHeader,szCookie,&cbCookie))
|
|
{
|
|
if (SUCCEEDED(StringCchCat(szCookie,
|
|
cbCookieOriginal,
|
|
szHttpOnly)))
|
|
{
|
|
if (!pResponse->SetHeader(pfc,
|
|
szHeader,
|
|
szCookie))
|
|
{ // Fail securely - send no cookie!
|
|
pResponse->SetHeader(pfc,szHeader,"");
|
|
}
|
|
}
|
|
else
|
|
{
|
|
pResponse->SetHeader(pfc,szHeader,"");
|
|
}
|
|
}
|
|
// Altijd Server: Microsoft-IIS/6.0 verwijderen
|
|
pResponse->SetHeader(pfc, "Server:", "FACILITOR");
|
|
|
|
// Altijd X-Powered-By: ASP.NET verwijderen
|
|
// Kan ook gewoon in de interface van IIS Admin maar we hebben
|
|
// deze DLL nu toch
|
|
pResponse->SetHeader(pfc, "X-Powered-By:", '\0');
|
|
}
|
|
|
|
return SF_STATUS_REQ_NEXT_NOTIFICATION;
|
|
} |