SF_REQ_ADD_HEADERS_ON_DENIAL callback function

Applies to: desktop apps only

The SF_REQ_ADD_HEADERS_ON_DENIAL form of the ServerSupportFunction callback function allows your Web filter to add specified headers to the server error response, in the event that the HTTP request is denied because authentication failed. This allows an authentication filter to advertise its services without filtering every request.

Note  This support function will not work properly if called during or after the processing of SF_NOTIFY_SEND_RESPONSE or SF_NOTIFY_ACCESS_DENIED notifications.


BOOL WINAPI * ServerSupportFunction(
  _In_  struct _HTTP_FILTER_CONTEXT *pfc,
  _In_  enum SF_REQ_TYPE sfReq,
  _In_  PVOID pData,
  DWORD ul1,
  DWORD ul2


  • pfc [in]
    Pointer to the HTTP_FILTER_CONTEXT data structure that is associated with the current, active HTTP session. Pass the filter context in this parameter.

  • sfReq [in]
    Specifies the particular support function that is to be executed by the Forefront TMG Web filter, in this case, SF_REQ_ADD_HEADERS_ON_DENIAL.

  • pData [in]
    Pointer to a null-terminated string that specifies one or more HTTP header lines. Each header should be terminated with a carriage return and line feed.

  • ul1
    Unused in this support function.

  • ul2
    Unused in this support function.

Return value

This callback function returns TRUE if the call is successful; otherwise, it returns FALSE. To obtain extended error information, call GetLastError.


Generally, the HTTP headers should be Proxy-Authenticate headers (forward proxy) or WWW-Authenticate headers (reverse proxy) that specify custom authentication schemes. However, no restriction is placed on which headers can be specified.

The headers are added only for a 401 response in a reverse proxy scenario or a 407 response in a forward proxy scenario.

For more information about the types of event notifications that are sent to Web filters, see Event Notifications.


Minimum supported client

None supported

Minimum supported server

Windows Server 2008 R2, Windows Server 2008 with SP2 (64-bit only)


Forefront Threat Management Gateway (TMG) 2010



See also




Build date: 7/12/2010