The ISAPI filter API does not appear to support the creation of environment variables, so request headers are used out of necessity as a portable communication channel to applications. As a result, the detection feature should be enabled in all cases. To facilitate this, the ISAPI filter module will automatically generate a random
spoofKey value if one is not set for it, and if it can't do so it will refuse to run.
Note that on older versions of Windows, generally Windows 2000 or NT, the 2.x filter will refuse to load because the API used to generate secure random data is not available. You will need to explicitly create the
Certain configurations of Windows 2000, possibly involving recent patches from Microsoft, appear to alter the behavior of the SP such that prior to version 2.2.1, the filter will cause IIS to crash instead of simply failing with a Windows log event noting that the