Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

config load-balance content-routing

Use this command to configure content routing.

Content routes select the backend server pool based on matches to TCP/IP or HTTP header values.

Layer 7 content route rules are based on matches to the following header values:

You might want to use Layer 7 content routes to simplify front-end coding of your web pages or to obfuscate the precise server names from clients. For example, you can publish links to a simple URL named example.com and use content route rules to direct traffic for requests to example.com to a server pool that includes server1.example.com, server2.example.com, and server3.example.com.

Layer 4 and Layer 2 content route rules are based on matches to the following header values:

  • Source IP address

Note: Layer 4 content rules can be used by both Layer 4 virtual servers and Layer 2 virtual servers.

Before you begin:

  • You must have a good understanding of HTTP header fields.
  • You must have a good understanding of Perl-compatible regular expressions (PCRE) if you want to use them in rule matching.
  • You must have read-write permission for load balancing settings.

After you have configured a content routing rule, you can select it in the virtual server configuration.

Note: You can select multiple content routing rules in the virtual server configuration. Rules you add to that configuration are consulted from top to bottom. The first rule to match is applied. If the traffic does not match any of the content routing rule conditions specified in the virtual server configuration, the system behaves unexpectedly. Therefore, it is important that you create a “catch all” rule that has no match conditions. In the virtual server configuration, this rule should be ordered last so it can be used to forward traffic to a default pool.

Syntax

config load-balance content-routing

edit <name>

set type {l4-content-routing | l7-content-routing}

set ip <ip&netmask>

set ip6 <ip&netmask>

set connection-pool inherit {enable|disable}

set connection-pool <datasource>

set load-balance-pool <datasource>

set method-inherit {enable|disable}

set load-balance-method <datasource>

set persistence-inherit {enable|disable}

set load-balance-persistence <datasource>

set comments <string>

set schedule-list enable/disable

set schedule-pool-list <datasource>

config match-condition

edit <No.>

set content <string>

set object {http-host-header | http-referer-header | http-request-url | ip-source-address | sni}

set reverse {enable|disable}

set type {string | regular-expression}

set ignore case {enable | disable}

next

end

next

end

type

l4-content-routing

l7-content-routing

ip

Address/mask notation to match the source IP address in the packet header.

ip6

Address/mask notation to match the source IP address in the packet header.

connection-pool-inherit

Enable to use the connection pool configuration object specified in the virtual server configuration.

connection-pool

If not using inheritance, specify the connection pool.

load-balance-pool

Specify a real server pool.

method-inherit

Enable (default) to use the method specified in the virtual server configuration.

load-balance-method

If not using inheritance, select a load balancing method type.

persistence-inherit

Enable (default) to use the persistence object specified in the virtual server configuration.

load-balance-persistence

If not using inheritance, select a session persistence type.

comments

Optional administrator note.

schedule-list

Enable/disable schedule pool list.

schedule-pool-list

Specify the schedule-pool.

config match-condition

content

Specify the string or regular expression syntax.

object

Specify content matching conditions based on the following parameters:

  • http-host-header
  • http-referrer-header
  • http-request-url
  • sni
  • ip-source-address

Note: When you add multiple conditions, FortiADC joins them with an AND operator. For example, if you specify both a HTTP Host Header and HTTP Request URL to match, the rule is a match only for traffic that meets both conditions.

reverse

Rule matches if traffic does not match the expression.

type

  • string
  • regular-expression

ignore case

If the match case is case sensitive, it will ignore case.

Example

FortiADC-VM # config load-balance content-routing

FortiADC-VM (content-routing) # edit example.com

Add new entry 'example.com' for node 1756

 

FortiADC-VM (example.com) # get

type : l7-content-routing

persistence-inherit : enable

load-balance-persistence:

method-inherit : enable

load-balance-method :

connection-pool :

connection-pool-inherit: disable

load-balance-pool :

comments : comments

 

FortiADC-VM (example.com) # set persistence-inherit enable

FortiADC-VM (example.com) # set method-inherit enable

FortiADC-VM (example.com) # set load-balance-pool example-pool

FortiADC-VM (example.com) # set comments external-to-internal-name-map

FortiADC-VM (example.com) # config match-condition

FortiADC-VM (match-condition) # edit 1

Add new entry '1' for node 1768

 

FortiADC-VM (1) # get

object : http-host-header

type : regular-expression

content : match

reverse : disable

 

FortiADC-VM (1) # set type string

FortiADC-VM (1) # set content http://example.com

FortiADC-VM (1) # set object http-request-url

FortiADC-VM (1) # end

 

FortiADC-VM (example.com) # get

type : l7-content-routing

persistence-inherit : enable

method-inherit : enable

connection-pool :

connection-pool-inherit: disable

load-balance-pool : example-pool

== [ 1 ]

comments : external-to-internal-name-map

 

FortiADC-VM (example.com) # show

config load-balance content-routing

edit "example.com"

set persistence-inherit enable

set method-inherit enable

set load-balance-pool example-pool

config match-condition

edit 1

set object http-request-url

set type string

set content http://example.com

next

end

set comments external-to-internal-name-map

next

end

FortiADC-VM (example.com) # end

config load-balance content-routing

Use this command to configure content routing.

Content routes select the backend server pool based on matches to TCP/IP or HTTP header values.

Layer 7 content route rules are based on matches to the following header values:

You might want to use Layer 7 content routes to simplify front-end coding of your web pages or to obfuscate the precise server names from clients. For example, you can publish links to a simple URL named example.com and use content route rules to direct traffic for requests to example.com to a server pool that includes server1.example.com, server2.example.com, and server3.example.com.

Layer 4 and Layer 2 content route rules are based on matches to the following header values:

  • Source IP address

Note: Layer 4 content rules can be used by both Layer 4 virtual servers and Layer 2 virtual servers.

Before you begin:

  • You must have a good understanding of HTTP header fields.
  • You must have a good understanding of Perl-compatible regular expressions (PCRE) if you want to use them in rule matching.
  • You must have read-write permission for load balancing settings.

After you have configured a content routing rule, you can select it in the virtual server configuration.

Note: You can select multiple content routing rules in the virtual server configuration. Rules you add to that configuration are consulted from top to bottom. The first rule to match is applied. If the traffic does not match any of the content routing rule conditions specified in the virtual server configuration, the system behaves unexpectedly. Therefore, it is important that you create a “catch all” rule that has no match conditions. In the virtual server configuration, this rule should be ordered last so it can be used to forward traffic to a default pool.

Syntax

config load-balance content-routing

edit <name>

set type {l4-content-routing | l7-content-routing}

set ip <ip&netmask>

set ip6 <ip&netmask>

set connection-pool inherit {enable|disable}

set connection-pool <datasource>

set load-balance-pool <datasource>

set method-inherit {enable|disable}

set load-balance-method <datasource>

set persistence-inherit {enable|disable}

set load-balance-persistence <datasource>

set comments <string>

set schedule-list enable/disable

set schedule-pool-list <datasource>

config match-condition

edit <No.>

set content <string>

set object {http-host-header | http-referer-header | http-request-url | ip-source-address | sni}

set reverse {enable|disable}

set type {string | regular-expression}

set ignore case {enable | disable}

next

end

next

end

type

l4-content-routing

l7-content-routing

ip

Address/mask notation to match the source IP address in the packet header.

ip6

Address/mask notation to match the source IP address in the packet header.

connection-pool-inherit

Enable to use the connection pool configuration object specified in the virtual server configuration.

connection-pool

If not using inheritance, specify the connection pool.

load-balance-pool

Specify a real server pool.

method-inherit

Enable (default) to use the method specified in the virtual server configuration.

load-balance-method

If not using inheritance, select a load balancing method type.

persistence-inherit

Enable (default) to use the persistence object specified in the virtual server configuration.

load-balance-persistence

If not using inheritance, select a session persistence type.

comments

Optional administrator note.

schedule-list

Enable/disable schedule pool list.

schedule-pool-list

Specify the schedule-pool.

config match-condition

content

Specify the string or regular expression syntax.

object

Specify content matching conditions based on the following parameters:

  • http-host-header
  • http-referrer-header
  • http-request-url
  • sni
  • ip-source-address

Note: When you add multiple conditions, FortiADC joins them with an AND operator. For example, if you specify both a HTTP Host Header and HTTP Request URL to match, the rule is a match only for traffic that meets both conditions.

reverse

Rule matches if traffic does not match the expression.

type

  • string
  • regular-expression

ignore case

If the match case is case sensitive, it will ignore case.

Example

FortiADC-VM # config load-balance content-routing

FortiADC-VM (content-routing) # edit example.com

Add new entry 'example.com' for node 1756

 

FortiADC-VM (example.com) # get

type : l7-content-routing

persistence-inherit : enable

load-balance-persistence:

method-inherit : enable

load-balance-method :

connection-pool :

connection-pool-inherit: disable

load-balance-pool :

comments : comments

 

FortiADC-VM (example.com) # set persistence-inherit enable

FortiADC-VM (example.com) # set method-inherit enable

FortiADC-VM (example.com) # set load-balance-pool example-pool

FortiADC-VM (example.com) # set comments external-to-internal-name-map

FortiADC-VM (example.com) # config match-condition

FortiADC-VM (match-condition) # edit 1

Add new entry '1' for node 1768

 

FortiADC-VM (1) # get

object : http-host-header

type : regular-expression

content : match

reverse : disable

 

FortiADC-VM (1) # set type string

FortiADC-VM (1) # set content http://example.com

FortiADC-VM (1) # set object http-request-url

FortiADC-VM (1) # end

 

FortiADC-VM (example.com) # get

type : l7-content-routing

persistence-inherit : enable

method-inherit : enable

connection-pool :

connection-pool-inherit: disable

load-balance-pool : example-pool

== [ 1 ]

comments : external-to-internal-name-map

 

FortiADC-VM (example.com) # show

config load-balance content-routing

edit "example.com"

set persistence-inherit enable

set method-inherit enable

set load-balance-pool example-pool

config match-condition

edit 1

set object http-request-url

set type string

set content http://example.com

next

end

set comments external-to-internal-name-map

next

end

FortiADC-VM (example.com) # end