An ISAPI filter is a DLL that runs on an IIS server to filter data traveling to and from the server to enhance the functionality provided .
They filter every request until they find one they need to process. Filters can be programmed to examine and modify both incoming and outgoing streams of data. Internally programmed and externally configured priorities determine in which order filters are called.
Filters are implemented as DLL files ( can only be developed using unmanaged C/C++. ) and can be registered on an IIS server on a site level or a global level (i.e., they apply to all sites on an IIS server).

Filters are initialised when the worker process is started and listens to all requests to the site on which it is installed until they fine one they need to process.

Common tasks performed by ISAPI filters include:

• Changing request data (URLs or headers) sent by the client
• Controlling which physical file gets mapped to the URL
• Controlling the user name and password used with anonymous or basic authentication
• Modifying or analyzing a request after authentication is complete
• Modifying a response going back to the client
• Running custom processing on “access denied” responses
• Running processing when a request is complete
• Run processing when a connection with the client is closed
• Performing special logging or traffic analysis.
• Performing custom authentication.
• Handling encryption and compression.

Sources : MSDN and Wikipedia