IFWXSession::HostAccessCheck method

Applies to: desktop apps only

The HostAccessCheck method checks the permission of the session user to access a specified host, by using the access rules.


HRESULT HostAccessCheck(
  [in]            REFGUID FilterGuid,
  [in]            REFGUID ProtocolGuid,
  [in]            LPHOSTENT Hostent,
  [in]            USHORT SrcPort,
  [in]            LPCSTR pszPath,
  [in]            LPCSTR pszMime,
  [in, optional]  DWORD dwFlags,
  [in]            IUnknown **ProcessedRulesData


  • FilterGuid [in]
    Reference to the GUID identifying the filter that the connection is part of.

  • ProtocolGuid [in]
    Reference to the GUID that identifies the protocol.

  • Hostent [in]
    Pointer to a hostent structure that specifies the host.

  • SrcPort [in]
    The source port number.

  • pszPath [in]
    Pointer to a null-terminated string containing the path to be checked. This parameter may be NULL if the path is unknown or irrelevant.

  • pszMime [in]
    Pointer to a null-terminated string containing the MIME data type (such as "text/html") to be checked. This parameter can be NULL if the MIME type is unknown or irrelevant.

  • dwFlags [in, optional]
    HostAccessCheck flags. This parameter can be a bitwise combination of the following values, or 0 if none of the options apply:

    Value Meaning

    The pszMime parameter is currently NULL, but may be known later. If this flag is specified, and the pszMime parameter is NULL and the MIME type is required for processing of the rules, FWX_E_MIME_NEEDED will be returned.


    Use the extension of the pszPath parameters for content filtering.


    Use this parameter to include publishing rules in the permission decision. If this parameter is not set, publishing rules will not be taken into consideration. This flag is typically used with FWX_FLAG_BYPASS_ALLOW_ACCESS. When these parameters are used together, only deny rules and publishing rules will be checked.


    Use this parameter to instruct the Microsoft Firewall service not to check allow rules. This flag is typically used with FWX_FLAG_CHECK_PUBLISHING. When these parameters are used together, only deny rules and publishing rules will be checked.


  • ProcessedRulesData [in]
    Data regarding the per-rule configuration of the filter. This data is processed by the Firewall service when it starts, or when you change the rules.

Return value

This method can return one of these values.

  • S_OK
    The user is allowed to access the host.

    The user is denied access to the host.

    More than one host name or IP address was specified in the Hostent parameter.

    The FWX_FLAG_USE_MIME flag was specified, but the pszMime parameter was NULL. The MIME type is required to complete the processing of the rules.

  • Error code
    The method failed.


The hostent structure may contain a host name or an IP address, or both a host name and an IP address, but it may not contain more than one host name or IP address. Access is checked based on the information available in the hostent structure.


Minimum supported client

None supported

Minimum supported server

Windows Server 2008 R2, Windows Server 2008 with SP2 (64-bit only)


Forefront Threat Management Gateway (TMG) 2010





See also





Build date: 7/12/2010