HostAccessCheck Method of the IFWXSession Interface

  • Article

The HostAccessCheck method checks the permission of the session user to access a specified host, by using the access rules.

Syntax

HRESULT HostAccessCheck(
  [in]            REFGUID FilterGuid,
  [in]            REFGUID ProtocolGuid,
  [in]            LPHOSTENT Hostent,
  [in]            USHORT SrcPort,
  [in]            LPCSTR pszPath,
  [in]            LPCSTR pszMime,
  [in, optional]  DWORD dwFlags,
  [in]            IUnknown** ProcessedRulesData
);

Parameters

  • FilterGuid
    Reference to the GUID identifying the filter that the connection is part of.

  • ProtocolGuid
    Reference to the GUID that identifies the protocol.

  • Hostent
    Pointer to a hostent structure that specifies the host.

  • SrcPort
    The source port number.

  • pszPath
    Pointer to a null-terminated string containing the path to be checked. This parameter may be NULL if the path is unknown or irrelevant.

  • pszMime
    Pointer to a null-terminated string containing the MIME data type (such as "text/html") to be checked. This parameter can be NULL if the MIME type is unknown or irrelevant.

  • dwFlags
    HostAccessCheck flags. This parameter can be a bitwise combination of the following values, or 0 if none of the options apply:

    Value Meaning

    FWX_FLAG_USE_MIME

    The pszMime parameter is currently NULL, but may be known later. If this flag is specified, and the pszMime parameter is NULL and the MIME type is required for processing of the rules, FWX_E_MIME_NEEDED will be returned.

    FWX_FLAG_USE_EXTENTION

    Use the extension of the pszPath parameters for content filtering.

    FWX_FLAG_CHECK_PUBLISHING

    Use this parameter to include publishing rules in the permission decision. If this parameter is not set, publishing rules will not be taken into consideration. This flag is typically used with FWX_FLAG_BYPASS_ALLOW_ACCESS. When these parameters are used together, only deny rules and publishing rules will be checked.

    FWX_FLAG_BYPASS_ALLOW_ACCESS

    Use this parameter to instruct the Microsoft Firewall service not to check allow rules. This flag is typically used with FWX_FLAG_CHECK_PUBLISHING. When these parameters are used together, only deny rules and publishing rules will be checked.

  • ProcessedRulesData
    Data regarding the per-rule configuration of the filter. This data is processed by the Firewall service when it starts, or when you change the rules.

Return Value

  • S_OK
    The user is allowed to access the host.

  • S_FALSE
    The user is denied access to the host.

  • E_INVALIDARG
    More than one host name or IP address was specified in the Hostent parameter.

  • FWX_E_MIME_NEEDED
    The FWX_FLAG_USE_MIME flag was specified, but the pszMime parameter was NULL. The MIME type is required to complete the processing of the rules.

  • Error code
    The method failed.

Remarks

The hostent structure may contain a host name or an IP address, or both a host name and an IP address, but it may not contain more than one host name or IP address. Access is checked based on the information available in the hostent structure.

Requirements

Server Requires Windows Server 2008 R2 or Windows Server 2008 x64 Edition with SP2.
Version Requires Forefront Threat Management Gateway (TMG) 2010.
Header

Declared in Wspfwext.idl.
DLL

Requires Wspsrv.exe.

See Also

IFWXSession
IFWXFirewall::CreatePrivateSession

Send comments about this topic to Microsoft

Build date: 6/30/2010