Microsoft Internet Security and Acceleration Server 2004 SDK |
The FPCPolicyRule object represents an access rule, a server publishing rule, a Web publishing rule, or a system policy rule.
An access rule defines actions that will be taken when specific users attempt to access specific sites or content by using ISA Server. ISA Server access rules allow you to define exactly which sites and content can be accessed by clients behind the ISA Server computer and which protocols can be used by the clients to gain access. Access rules also determine when the rule is in effect by applying the rule according to a specific schedule.
Server publishing processes incoming requests to internal servers, such as Simple Mail Transfer Protocol (SMTP) servers, File Transfer Protocol (FTP) servers, Structured Query Language (SQL) servers, and others. Requests are forwarded downstream to an internal server, located behind the ISA Server computer. Server publishing rules determine how server publishing functions, essentially filtering all incoming and outgoing requests through the ISA Server computer.
Server publishing rules are used when there is a network address translation (NAT) relationship defined by a network rule (FPCNetworkRule) between the network on which the clients sending requests to the published server are located (the source network) and the network on which the published server is located (the destination network). A server publishing rule uses secure network address translation (SecureNAT), which allows requests that are sent to an IP address that is valid on the source network to reach an IP address on a protected network behind the ISA Server computer. The server publishing rule maps a port number and an IP address (or IP addresses) on the network adapter of the ISA Server computer that listens for requests from the clients to a port number and an IP address on the published server. Requests that meet the conditions specified by the rule are then redirected to the IP address of the published server. However, only requests that are identified as part of the designated protocol are processed by the server publishing rule and redirected to the published server. When the network rule defines a routing relationship, the clients should send requests directly to the IP address of the published server.
A Web publishing rule maps published website names to the internal paths of websites and maps DNS names and IP addresses to the internal address of a Web server located behind the ISA Server computer. A Web publishing rule also determines how ISA Server should handle incoming requests for HTTP objects on the internal Web server and how ISA Server should respond on behalf of the internal Web server. Requests are forwarded downstream to the internal Web server. If possible, the requests are serviced from the ISA Server cache.
A Web publishing rule defines the response to attempts by outside users to access an internal site. Possible responses include:
A system policy rule is a predefined rule that allows specific types of requests from the Local Host network (the ISA Server computer) to reach specified destinations, or allows specific types of requests from specified sources to reach the Local Host network. Each system policy rule belongs to a group of rules that apply to a specific service and can be configured together. Such a group is called a configuration group, which is represented by an FPCSystemPolicyConfigGroup object.
This object is an element of an FPCPolicyRules collection in the case of an access rule, a server publishing rule, or a Web publishing rule, or of an FPCSystemPolicyRules collection in the case of a system policy rule.
Click here to see the ISA Server object hierarchy.
The FPCPolicyRule object defines the following methods.
Method | Description |
---|---|
SetAppliesAlways | Sets the rule to apply at all times regardless of the ScheduleUsed property. |
SetLimitSourcePortRange | Sets the lower and upper limits of the range of source port numbers to which the rule applies. |
SetSchedule | Sets the schedule to which the rule applies. |
The FPCPolicyRule object has the following properties.
Property | Description |
---|---|
AccessProperties | Gets an FPCAccessProperties object that specifies a set of properties of the policy rule when the rule was created as an access rule. |
Action | Gets or sets a value from the FpcPolicyRuleActions enumerated type that specifies whether the rule allows or denies requests. |
AppliesAlways | Gets a Boolean value that indicates whether the rule applies at all times. |
Description | Gets or sets the description of the rule. |
Enabled | Gets or sets a Boolean value that indicates whether the rule is enabled. |
EnableLogging | Gets or sets a Boolean value that indicates whether the rule is enabled for logging. |
IsDefault | Gets a Boolean value that indicates whether the rule is preinstalled, and cannot be deleted or have its position changed in the rule order. |
LimitSourcePortHigh | Gets the upper limit of the range of source port numbers to which the rule applies. |
LimitSourcePortLow | Gets the lower limit of the range of source port numbers to which the rule applies. |
Name | Gets or sets the name of the rule. |
Order | Gets the rule's position in the list of policy rules, which corresponds to their order of application. |
ScheduleUsed | Gets an FPCRef object that references the FPCSchedule object used to define the actual times when the rule applies. |
ServerPublishingProperties | Gets an FPCServerPublishingProperties object that specifies a set of properties of the policy rule when the rule was created as a server publishing rule. |
SourceSelectionIPs | Gets an FPCSelectionIPs object that specifies the complete set of source IP addresses to which the rule applies. |
System | Gets a Boolean value that indicates whether the rule is a system policy rule. |
SystemPolicyGroupId | Gets a value from the FpcSystemPolicyConfigGroupEnum enumerated type that identifies the system policy configuration group to which the rule belongs. |
Type | Gets a value from the FpcPolicyRuleTypes enumerated type that indicates whether the policy rule is an access rule, a server publishing rule, or a Web publishing rule. |
WebPublishingProperties | Gets an FPCWebPublishingProperties object that specifies a set of properties of the policy rule when the rule was created as a Web publishing rule. |
Name | Description |
---|---|
CancelWaitForChanges | Cancels the registration established by the WaitForChanges method (for use in C and C++ programming only). |
CanImport | Returns a Boolean value that indicates whether the object's properties can be imported from the specified XML document. |
Export | Recursively writes the stored values of all the properties of the object and its subobjects to the specified XML document. |
ExportToFile | Recursively writes the stored values of all the properties of the object and its subobjects to the specified XML file. |
GetServiceRestartMask | Retrieves a 32-bit bitmask of the FpcServices enumerated type that specifies which services need to be restarted for currently unsaved changes to take effect. |
Import | Recursively copies the values of all the properties of the object and of its subobjects from the specified XML document to persistent storage. |
ImportFromFile | Recursively copies the values of all the properties of the object and of its subobjects from the specified XML file to persistent storage. |
LoadDocProperties | Provides the XML document's properties so that you can know what information can be imported from the document. |
Refresh | Recursively reads the values of all the properties of the object and of its subobjects from persistent storage, overwriting any changes that have not been saved. |
Save | Recursively writes the current values of all the properties of the object and its subobjects to persistent storage. |
WaitForChanges | Registers to wait for an event indicating that the contents of the object have changed (for use in C and C++ programming only). |
Name | Description |
---|---|
PersistentName | Gets the persistent name of the object. The persistent name of an object is a name that is unique for the object at the respective level of the COM object hierarchy. |
VendorParametersSets | Gets an FPCVendorParametersSets collection that can hold sets of custom data for extending the object. |
This object implements the IFPCPolicyRule interface.
Server: Requires Windows Server 2003 or
Windows 2000.
Version: Requires Internet Security and Acceleration
Server 2004.
Header: Declared in Msfpccom.idl.
Library: Use Microsoft Internet Security and Acceleration
Server 2004 Administration Library.