Using content rewriting rules

Server Load Balancing : Using content rewriting rules

Using content rewriting rules

This section includes the following topics:

• “Overview”

• “Configuring content rewriting rules”

• “Example: Redirecting HTTP to HTTPS”

• “Example: Rewriting the HTTP response when using content routing”

• “Example: Rewriting the HTTP request and response to mask application details”

• “Example: Rewriting the HTTP request to harmonize port numbers”

Overview

You might rewrite the HTTP request/response and HTTP headers for various reasons, including the following:

• Redirect HTTP to HTTPS

• External-to-internal URL translation

• Other security reasons

Table 8 summarizes the HTTP header fields that can be rewritten.

Table 8: HTTP header rewriting
Direction	HTTP Header
HTTP Request	• Host • Referer
HTTP Redirect	• Location
HTTP Response	• Location

The first line of an HTTP request includes the HTTP method, relative URL, and HTTP version. The next lines are headers that communicate additional information. The following example shows the HTTP request for the URL http://www.example.com/index.html:

GET /index.html HTTP/1.1

Host: www.example.com

Referer: http://www.google.com

The following is an example of an HTTP redirect including the HTTP Location header:

HTTP/1.1 302 Found

Location: http://www.iana.org/domains/example/ 

You can use literal strings or regular expressions to match traffic to rules. To match a request URL such as http://www.example.com/index, you create two match conditions: one for the Host header www.example.com and another for the relative URL that is in the GET line: /index.html.

For HTTP redirect rules, you can specify the rewritten location as a literal string or as a regular expression. For all other types or rules, you must specify the complete URL as a literal string.

Configuring content rewriting rules

Before you begin:

• You must have a good understanding of HTTP header fields.

• You must have a good understanding of Perl-compatible regular expressions (PCRE) if you want to use them in rule matching or rewriting.

• You must have Read-Write permission for Load Balance settings.

After you have configured a content rewriting rule, you can select it in the virtual server configuration.

Note: You can select multiple content rewriting rules in the virtual server configuration. Rules you add to that configuration are consulted from top to bottom. The first to match is applied. If the traffic does not match any of the content rewriting rule conditions, the header is not rewritten.

To configure a content rewriting rule:

1. Go to Server Load Balance > Virtual Server.

2. Click the Content Rewriting tab.

3. Click Add to display the configuration editor.

4. Complete the configuration as described in Table 9.

5. Save the configuration.

Table 9: Content rewriting rule guidelines
Settings	Guidelines
Name	Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces. You reference this name in the virtual server configuration. Note: After you initially save the configuration, you cannot edit the name.
Comments	A string to describe the purpose of the configuration, to help you and other administrators more easily identify its use.
Action Type	Select whether to rewrite the HTTP request or HTTP response.
HTTP Request Rewrite Actions
Rewrite HTTP Header	• Host—Rewrites the Host header by replacing the hostname with the string you specify. For Host rules, specify a replacement domain and/or port. • URL—Rewrites the request URL and Host header using the string you specify. For URL rules, specify a URL in one of the following formats: • Absolute URL — https://example.com/content/index.html • Relative URL — content/index.html If you specify a relative URL, the host header is not rewritten. • Referer—Rewrites the Referer header with the URL you specify. For Referer rules, you must specify an absolute URL. Note: The rewrite string is a literal string. Regular expression syntax is not supported.
Redirect	Sends a redirect with the URL you specify in the HTTP Location header field. For Redirect rules, you must specify an absolute URL. For example: https://example.com/content/index.html Note: The rewrite string can be a literal string or a regular expression.
Send 403 forbidden	Sends a 403 Forbidden response instead of forwarding the request.
HTTP Response Rewrite Actions
Rewrite HTTP Location	Rewrites the Location header field in the server response. For Location rules, you must specify an absolute URL. For example: https://example.com/content/index.html Note: The rewrite string is a literal string. Regular expression syntax is not supported.
Match Condition
Object	Select content matching conditions based on the following parameters: • HTTP Host Header • HTTP Location Header • HTTP Referer Header • HTTP Request URL • Source IP Address Note: When you add multiple conditions, FortiADC joins them with an AND operator. For example, if you specify both a HTTP Host Header and HTTP Request URL to match, the rule is a match only for traffic that meets both conditions.
Type	• String • Regular Expression
Content	Specify the string or PCRE syntax to match the header or IP address.
Reverse	Rule matches if traffic does not match the expression.