Fortiweb Cookbook: content routing based on URL configuration example

I wrote this step by step walkthrough as an answer for the forum.fortinet.com here https://forum.fortinet.com/FindPost/183028 . This example uses Fortiweb 6.2.2 but the configuration is valid at least starting with 5.x.

Problem: You want to route user requests according to the URL they are trying to access. When a user enters http://example.com/server1 you want her to be routed to the server1 (10.10.10.10) and port 22. And when she enters http://example.com/server2, you want her to reach server2 (10.10.10.15) on port 3030.

Solution: Create Content Routing Policy with 2 rules, each using regex to match the URL in the HTTP request and route to the appropriate server pool.

Now the configuation:

Create usual VIP representing the external IP of the domain example.com, here it is 15.15.15.15:

Create Virtual Server using the above VIP:

Create 2 physical servers, for each server in a farm using ports 22 and 3030 accordingly, here server1 is 10.10.10.10 port 22 and server2 is 10.10.10.15 port 3030:

Now, to the HTTP Content Routing. Here we define parameters to route to different servers by. To do so we create 2 policies – first matching “server1” in URL (and route to server 1 10.10.10.10 by using it in the Server Pool menu), and the 2nd matching “server2”:

And for the 2nd server:

Finally, we tie all this together in the Server Policy of type HTTP Content Routing:

The CLI commands of the above configuration are:

config server-policy vserver      edit "forum-fortinet-vserver"        config  vip-list          edit 1            set vip forum-ftnt-VIP          next        end      next    endconfig server-policy server-pool      edit "forum-ftnt-srv1"        set flag 1        set server-pool-id 6459952352137344822        config  pserver-list          edit 1            set ip 10.10.10.10            set port 22            set server-id 383198561119413223          next        end      next      edit "forum-ftnt-srv2"        set flag 1        set server-pool-id 2056232527958881701        config  pserver-list          edit 1            set ip 10.10.10.15            set port 3030            set server-id 15928736989441525913          next        end      next    end    config server-policy http-content-routing-policy      edit "forum-ftnt-to-srv1-port22"        set server-pool forum-ftnt-srv1        set http-content-routing-id 14533533740472441776        config  content-routing-match-list          edit 1            set match-object http-request            set match-condition match-reg            set match-expression server1          next        end      next      edit "forum-ftnt-to-srv2-port3030"        set server-pool forum-ftnt-srv2        set http-content-routing-id 9634759790203390436        config  content-routing-match-list          edit 1            set match-object http-request            set match-condition match-reg            set match-expression server2          next        end      next    end    config server-policy policy      edit "forum-ftnt-tosrv1-srv2"        set deployment-mode http-content-routing        set vserver forum-fortinet-vserver        set service HTTP        set replacemsg Predefined        set policy-id 12611187490543522760        config  http-content-routing-list          edit 1            set content-routing-policy-name forum-ftnt-to-srv1-port22            set profile-inherit enable          next          edit 2            set content-routing-policy-name forum-ftnt-to-srv2-port3030            set profile-inherit enable          next        end      next    end

Follow me on https://www.linkedin.com/in/yurislobodyanyuk/ not to miss what I publish on Linkedin, Github, blog, and more.

Fish AI Reader

FishAI

联系邮箱 441953276@qq.com

相关标签