Event Tracing in Http.sys: Part 3 – Typical Request

Now that you are somewhat familiar with a single ETW event, let’s illustrate what a typical HTTP request looks like. Here, I’ve made a simple HTTP request to a web server, IIS7 in this case. I’ve taken the liberty of pulling out all important data from the XML file.  You may notice that I’ve placed…


Event Tracing in HTTP.sys: Part 2 – Anatomy of an Event

Continuing the series on Http.sys ETW Tracing, we will dissect an event as displayed in the default XML format. To review creating an ETW trace, see Capturing a Trace Pictured is an example of a typical event in a trace. Note how the event is wrapped in an <Event> element. This particular event happens to…


Event Tracing in HTTP.sys: Part 1 – Capturing a Trace

Hi, I’m Jeff Balsley a test developer in the HTTP.sys team in Windows Networking. In this series I will be showing you how to use and interpret ETW tracing in HTTP.sys. Http.sys Http.sys is the kernel-mode HTTP listener that first debuted in Windows 2003 Server. We are often closely associated with IIS6 as they are our…


URLACL Setting Day

Looking around the web today, I noticed that Keith Brown has a sample of using HTTP_SERVICE_CONFIG_URLACL_SET from managed code. Kenney Wolf, a while back, found the Windows Vista way of configuring it via netsh. — Ari Pernick


Content-Encoding != Content-Type

RFC 2616 for HTTP 1.1 specifies how web servers must indicate encoding transformations using the Content-Encoding header. Although on the surface, Content-Encoding (e.g., gzip, deflate, compress) and Content-Type (e.g., x-application/x-gzip) sound similar, they are, in fact, two distinct pieces of information. Whereas servers use Content-Type to specify the data type of the entity body, which…


Buffering in HTTP.SYS

My name is Chun Ye. I am a Software Design Engineer in the Microsoft Windows Networking Transports & Connectivity group. I’m here to describe the scenarios under which an application using HTTPAPI.DLL should set the HTTP_SEND_RESPONSE_FLAG_BUFFER_DATA flag. This flag applies to both HttpSendHttpResponse and HttpSendResponseEntityBody APIs. This is the section in http.h that describes this…


Http.sys URL Registrations and Service SIDs

 A common question we get when configuring HTTP.sys to listen on a URL (though HttpAddUrl, HttpAddUrltoUrlGroup, HttpListenerPrefixCollection or even CREATE ENDPOINT) is how you claim and protect your name space. The first issue that people need to understand is the precedence rules for URLs. If you are really worried about having the whole namespace to…


WOW64 on HTTP.sys

Back when Windows Server 2003 SP1 shipped, HTTP.sys hit an important milestone, WOW64 support.What is WOW64 support and why is it important? I’m glad you asked. WOW64 lets 32 bit applications run on top of 64 bit windows. WOW64 support for HTTP.sys is an important piece of letting 32 bit IIS worker processes run on…


WNDP Connect Site gets an upgrade!

Last year we setup a small site on connect.microsoft.com in order to let our blog readers, developers and users file bugs, make suggestions and get some conntent like whitepapers and samples early. The downside to the site was that you couldn’t easily deep link and it required a Windows Live (aka Passport) login. Well the folks…


Network Programming with Winsock Kernel (WSK)

Winsock Kernel (WSK) is the latest network programming interface introduced by the WNDP team in Windows Vista. As evident by its name, WSK can be used by kernel-mode drivers for sending and receiving data over the network. But less evident to many developers, WSK is not an interface for performing network “filtering”. Hence, to clarify…