Routing based on HTTP header content, source IP, or cookie
Instead of dynamically routing requests to a server pool simply based upon load or connection distribution at the TCP/IP layers, as basic load balancing does, you can forward them based on headers in the HTTP layer.
HTTP header-based routes (called “HTTP content routing policies” in the web UI) define how FortiWeb routes requests to server pools. They are based on one or more of the following HTTP header elements:
• Host
• HTTP Request
• Referer
• Source IP
• cookie
This type of routing can be useful if, for example, a specific web server or group of servers on the back end support specific web applications, functions, or host names. That is, your web servers or server pools are not identical, but specialized. For example:
• 192.168.0.1 — Hosts the web site and blog
• 192.168.0.2 and 192.168.0.3 — Host movie clips and multimedia
• 192.168.0.4 and 192.168.0.5— Host the shopping cart
Another example is a topology where back-end servers or a traffic controller (TC) server externally manage how FortiWeb routes and balances the traffic load. The TC embeds a cookie that indicates how to route the client’s next request. In the diagram, if a request has no cookie (that is, it initializes a session), FortiWeb’s HTTP content routing is configured to forward that request to the TC, Web Server 1. For subsequent requests, as long as the cookie exists, FortiWeb routes those requests to Web Server 2.,
To configure HTTP header-based routing
1. Go to Server Objects > Server > HTTP Content Routing.
To access this part of the web UI, your administrator’s account access profile must have
Read and
Write permission to items in the
Server Policy Configuration category. For details, see
“Permissions” on page 51.
2. Click Create New.
3. For Name, enter a unique name that can be referenced in other parts of the configuration. Do not use spaces or special characters. The maximum length is 63 characters.
4. For Server Pool, select a server pool. FortiWeb forwards traffic to this pool when the traffic matches rules in this policy.
You select only one server pool for each HTTP content routing configuration. However, multiple HTTP content routing configurations can use the same server pool.
For more information, see
“Creating a server pool”.
5. Click OK, then click Create New.
6. Configure these settings:
Setting name | Description |
Match Object | Select one of the following as the object that FortiWeb examines for matching values: • HTTP Host — Host: field • HTTP Request — Request URL • HTTP Referer — Referer: field • Source IP — Source IP address of request • HTTP Request Cookie |
Match Condition | Specifies whether the value to match is a literal value that appears in the object or a regular expression. The value of Match Object determines which content types you can select. For HTTP Host, HTTP Request, and HTTP Referer only: • Match prefix — The object to match begins with the specified string. • Match suffix — The object to match ends with the specified string. • Match contains — The object to match contains the specified string. For HTTP Host only: • Match domain — The object to match contains the specified string between the periods in a domain name. For example, if Match Simple String is abc, the condition matches the following hostnames: • dname1.abc.com • dname1.dname2.abc.com However, the same Match Simple String value does not match the following hostnames: • abc.com • dname.abc For HTTP Request, and HTTP Referer only: • Match directory — The object to match contains the specified string between delimiting characters (slash) in a domain name. For example, if Match Simple String is abc, the condition matches the following hostnames: • test.com/abc/ • test.com/dir1/abc/ • http://test.abc.com/ However, the same Match Simple String value does not match the following hostnames: • test.com/abc • test.abc.com For all object types: • Regular expression — The object to match has a value that matches the specified regular expression. |
Match Simple String | Specifies a value to match in the object element specified by Match Object and Match Condition. Displayed when the condition to match is a prefix, suffix, part of the domain name, or other literal object value. For example, a literal URL, such as /index.php, that a matching HTTP request contains. |
Regular Expression | Specifies a regular expression to match a value in the object element specified by Match Object and Match Condition. Displayed when the value of Match Condition is Regular Expression. For example, an expression, such as ^/*.php, that matches a URL. To create and test a regular expression, click the >> (test) icon. This opens the Regular Expression Validator window where you can fine-tune the expression (see “Regular expression syntax”). |
Cookie Name | Enter a regular expression to match the name of the cookie that appears in an HTTP header. For example, the name of a cookie embedded by traffic controller software on one of the servers. Displayed when Match Object is HTTP Request Cookie. To create and test a regular expression, click the >> (test) icon. This opens the Regular Expression Validator window where you can fine-tune the expression (see “Regular expression syntax”). |
Cookie Value | Enter a regular expression that matches all and only the cookie values you want the rule to apply to. For example, hash[a-fA-F0-7]*. To create and test a regular expression, click the >> (test) icon. This opens the Regular Expression Validator window where you can fine-tune the expression (see “Regular expression syntax”). |
7. Click OK.
8. Repeat the rule creation steps for each HTTP host, HTTP request, or other object that you want to route to this server pool.
9. Click OK.
10. Repeat the policy creation procedure for each server pool, as required. You can also create additional policies that select the same server pool.
11. To apply a HTTP content routing policy, select it in a server policy. When you add HTTP content routing polices to a policy, you also select a default policy. The default policy routes traffic that does not match any conditions found in the specified routing policies.
See also