Configuring content routes
You can use the content routes configuration to select the backend server pool based on matches to TCP/IP or HTTP header values.
Layer 7 content route rules are based on literal or regular expression matches to the following header values:
• Source IP address
You might want to use Layer 7 content routes to simplify front-end coding of your web pages or to obfuscate the precise server names from clients. For example, you can publish links to a simple URL named example.com and use content route rules to direct traffic for requests to example.com to a server pool that includes server1.example.com, server2.example.com, and server3.example.com.
Layer 4 content route rules are based on literal or regular expression matches to the following header values:
• Source IP address
Before you begin:
• You must have a good understanding of Perl-compatible regular expressions
(PCRE) if you want to use them in rule matching.
• You must have Read-Write permission for Load Balance settings.
After you have configured a content routing rule, you can select it in the virtual server configuration.
Note: You can select multiple content routing rules in the virtual server configuration. Rules you add to that configuration are consulted from top to bottom. The first rule to match is applied. If the traffic does not match any of the content routing rule conditions specified in the virtual server configuration, the system behaves unexpectedly. Therefore, it is important that you create a “catch all” rule that has no match conditions. In the virtual server configuration, this rule should be ordered last so it can be used to forward traffic to a default pool.
To configure a content route rule:
1. Go to Server Load Balance > Virtual Server.
2. Click the Content Routes tab.
3. Click Add to display the configuration editor.
4. Complete the configuration as described in
Table 7.
5. Save the configuration.
Table 7: Content routes configuration guidelines
Settings | Guidelines |
Name | Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces. You reference this name in the virtual server configuration. Note: After you initially save the configuration, you cannot edit the name. |
Type | • Layer 4 • Layer 7 |
Real Server | Select a real server pool. |
Persistence Inherit | Enable to use the persistence object specified in the virtual server configuration. |
Persistence | If not using inheritance, select a session persistence type. |
Method Inherit | Enable to use the method specified in the virtual server configuration. |
Method | If not using inheritance, select a load balancing method type. |
Comments | A string to describe the purpose of the configuration, to help you and other administrators more easily identify its use. |
Layer 4 Specifics |
IPv4/Mask | Address/mask notation to match the source IP address in the packet header. |
IPv6/Mask | Address/mask notation to match the source IP address in the packet header. |
Layer 7 Match Condition |
Object | Select content matching conditions based on the following parameters: • HTTP Host Header • HTTP Referer Header • HTTP Request URL • SNI • Source IP Address Note: When you add multiple conditions, FortiADC joins them with an AND operator. For example, if you specify both a HTTP Host Header and HTTP Request URL to match, the rule is a match only for traffic that meets both conditions. |
Type | • String • Regular Expression |
Content | Specify the string or PCRE syntax to match the header or IP address. |
Reverse | Rule matches if traffic does not match the expression. |