Server Load Balancing : Using content rewriting rules
Using content rewriting rules
This section includes the following topics:
“Configuring content rewriting rules”
“Example: Redirecting HTTP to HTTPS”
“Example: Rewriting the HTTP response when using content routing”
“Example: Rewriting the HTTP request and response to mask application details”
“Example: Rewriting the HTTP request to harmonize port numbers”
You might rewrite the HTTP request/response and HTTP headers for various reasons, including the following:
Redirect HTTP to HTTPS
External-to-internal URL translation
Other security reasons
Table 8 summarizes the HTTP header fields that can be rewritten.
Table 8: HTTP header rewriting
HTTP Header
HTTP Request
HTTP Redirect
HTTP Response
The first line of an HTTP request includes the HTTP method, relative URL, and HTTP version. The next lines are headers that communicate additional information. The following example shows the HTTP request for the URL
GET /index.html HTTP/1.1
The following is an example of an HTTP redirect including the HTTP Location header:
HTTP/1.1 302 Found
You can use literal strings or regular expressions to match traffic to rules. To match a request URL such as, you create two match conditions: one for the Host header and another for the relative URL that is in the GET line: /index.html.
For HTTP redirect rules, you can specify the rewritten location as a literal string or as a regular expression. For all other types or rules, you must specify the complete URL as a literal string.
Configuring content rewriting rules
Before you begin:
You must have a good understanding of HTTP header fields.
You must have a good understanding of Perl-compatible regular expressions (PCRE) if you want to use them in rule matching or rewriting.
You must have Read-Write permission for Load Balance settings.
After you have configured a content rewriting rule, you can select it in the virtual server configuration.
Note: You can select multiple content rewriting rules in the virtual server configuration. Rules you add to that configuration are consulted from top to bottom. The first to match is applied. If the traffic does not match any of the content rewriting rule conditions, the header is not rewritten.
To configure a content rewriting rule:
1. Go to Server Load Balance > Virtual Server.
2. Click the Content Rewriting tab.
3. Click Add to display the configuration editor.
4. Complete the configuration as described in Table 9.
5. Save the configuration.
Table 9: Content rewriting rule guidelines
Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces. You reference this name in the virtual server configuration.
Note: After you initially save the configuration, you cannot edit the name.
A string to describe the purpose of the configuration, to help you and other administrators more easily identify its use.
Action Type
Select whether to rewrite the HTTP request or HTTP response.
HTTP Request Rewrite Actions
Rewrite HTTP Header
Host—Rewrites the Host header by replacing the hostname with the string you specify. For Host rules, specify a replacement domain and/or port.
URL—Rewrites the request URL and Host header using the string you specify. For URL rules, specify a URL in one of the following formats:
Absolute URL —
Relative URL — content/index.html
If you specify a relative URL, the host header is not rewritten.
Referer—Rewrites the Referer header with the URL you specify. For Referer rules, you must specify an absolute URL.
Note: The rewrite string is a literal string. Regular expression syntax is not supported.
Sends a redirect with the URL you specify in the HTTP Location header field.
For Redirect rules, you must specify an absolute URL. For example:
Note: The rewrite string can be a literal string or a regular expression.
Send 403 forbidden
Sends a 403 Forbidden response instead of forwarding the request.
HTTP Response Rewrite Actions
Rewrite HTTP Location
Rewrites the Location header field in the server response.
For Location rules, you must specify an absolute URL. For example:
Note: The rewrite string is a literal string. Regular expression syntax is not supported.
Match Condition
Select content matching conditions based on the following parameters:
HTTP Host Header
HTTP Location Header
HTTP Referer Header
HTTP Request URL
Source IP Address
Note: When you add multiple conditions, FortiADC joins them with an AND operator. For example, if you specify both a HTTP Host Header and HTTP Request URL to match, the rule is a match only for traffic that meets both conditions.
Regular Expression
Specify the string or PCRE syntax to match the header or IP address.
Rule matches if traffic does not match the expression.