I’m working on a native IIS module (c++) which needs to capture request and response buffers inorder to reconstruct a complete transaction.
Below is my RegisterModule call:
HRESULT __stdcall RegisterModule(
DWORD dwServerVersion,
IHttpModuleRegistrationInfo* pModuleInfo,
IHttpServer* pGlobalInfo
) {
UNREFERENCED_PARAMETER(dwServerVersion);
UNREFERENCED_PARAMETER(pGlobalInfo);
return pModuleInfo->SetRequestNotifications(new AgentModuleFactory,
RQ_BEGIN_REQUEST | // OnBeginRequest
RQ_READ_ENTITY | // OnReadEntity
RQ_SEND_RESPONSE | // OnSendResponse
RQ_END_REQUEST // OnEndRequest
,
RQ_END_REQUEST // Specify post-event notifications
);
}
The basic idea of my module is in
OnBeginRequest– start recording a transaction (capture any metadata associated with a request)OnReadEntity– capture the request bufferOnSendResponse– capture the response bufferOnEndRequest– close off the transaction and perform any needed operations against it
Nothing I’m doing needs to change any data passing through the server, I just need to take a copy of it.
Now logically, the events I’m hooking should flow in the order that I’ve listed them above however for some reason, OnEndRequest is firing followed by OnSendResponse which makes no sense.
Going by https://learn.microsoft.com/en-us/previous-versions/iis/smooth-streaming-client/chttpmodule-class#nondeterministic-request-events , OnSendResponse is concidered a nondeterministic request event and can fire in any order but having it fire after a request has “ended” is a bit weird.
Has anyone got any experience with this/is this normal behavious? Is there a better way to detect that a request has trully ended?
Alternatively, am I looking at this completely wrong and the IIS request processing pipeline ends with a call to OnEndRequest (at which point a response has been generated but not transmitted) followed only by the a call to OnSendResponse to close things out.
Thanks for any light anyone can shed on this problem.
Clearly you answered with your “alternatively” part.