I ask because I had heard that Microsoft may have implemented an optimized kernel level driver for handling HTTP traffic that then ushers it off to various worker processes through IPC and non socket mechanism. Is this true and if so is there any information on how this works. I'm asking in general for IIS6 and IIS7.
Microsoft may have implemented an optimized kernel level driver for handling HTTP traffic that then ushers it off to various worker processes through IPC and non socket mechanism
They have, is is called HTTP.SYS. Applications which wish to process HTTP requests (including IIS) use the API to subscribe to requests.
And documented on MSDN.
Useful information:
- Also added by WinXP SP2, but IIS 5.1 does not use it.
- Allows multiple processes to receive HTTP requests on the same port (so just because IIS is running does not stop another server using port 80... but URL prefix must be different).
- Not limited to port 80 (HTTP) or 434 (HTTPS) (thus it can be used on XP while IIS is running).
Additional (based on comment):
Is it possible to intercept all requests that are inbound, but then hand them off to their originally intended target URLs? I would just like to capture the fact that the request took place and some information, and then let the request be processed as usual. – Leeks and Leaks
Based on the documentation (particularly this page): no indication of interception capabilities. But the ETW events might provide the information you are looking for (this will likely be Vista/2008/IIS7 only)