Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    Home FortiADC 7.2.2 CLI Reference
    7.2.2
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.6
    6.1.5
    6.1.4
    6.1.3
    6.1.2
    6.1.1
    6.1.0
    6.0.2
    6.0.1
    6.0.0
    5.4.5
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.3.0
    4.8.1
    4.7.0

    config load-balance content-routing

    config load-balance content-routing

    Use this command to configure content routing.

    Content routes select the backend server pool based on matches to TCP/IP or HTTP header values.

    Layer 7 content route rules are based on matches to the following header values:

    You might want to use Layer 7 content routes to simplify front-end coding of your web pages or to obfuscate the precise server names from clients. For example, you can publish links to a simple URL named example.com and use content route rules to direct traffic for requests to example.com to a server pool that includes server1.example.com, server2.example.com, and server3.example.com.

    Layer 4 and Layer 2 content route rules are based on matches to the following header values:

    • Source IP address

    Note: Layer 4 content rules can be used by both Layer 4 virtual servers and Layer 2 virtual servers.

    Before you begin:

    • You must have a good understanding of HTTP header fields.
    • You must have a good understanding of Perl-compatible regular expressions (PCRE) if you want to use them in rule matching.
    • You must have read-write permission for load balancing settings.

    After you have configured a content routing rule, you can select it in the virtual server configuration.

    Note: You can select multiple content routing rules in the virtual server configuration. Rules you add to that configuration are consulted from top to bottom. The first rule to match is applied. If the traffic does not match any of the content routing rule conditions specified in the virtual server configuration, the system behaves unexpectedly. Therefore, it is important that you create a “catch all” rule that has no match conditions. In the virtual server configuration, this rule should be ordered last so it can be used to forward traffic to a default pool.

    Syntax

    config load-balance content-routing

    edit <name>

    set type {l4-content-routing | l7-content-routing}

    set ip <ip&netmask>

    set ip6 <ip&netmask>

    set connection-pool inherit {enable|disable}

    set connection-pool <datasource>

    set load-balance-pool <datasource>

    set method-inherit {enable|disable}

    set load-balance-method <datasource>

    set persistence-inherit {enable|disable}

    set load-balance-persistence <datasource>

    set comments <string>

    set schedule-list enable/disable

    set schedule-pool-list <datasource>

    config match-condition

    edit <No.>

    set content <string>

    set object {http-host-header | http-referer-header | http-request-url | ip-source-address | sni}

    set reverse {enable|disable}

    set type {string | regular-expression}

    set ignore case {enable | disable}

    next

    end

    next

    end

    type

    l4-content-routing

    l7-content-routing

    ip

    Address/mask notation to match the source IP address in the packet header.

    ip6

    Address/mask notation to match the source IP address in the packet header.

    connection-pool-inherit

    Enable to use the connection pool configuration object specified in the virtual server configuration.

    connection-pool

    If not using inheritance, specify the connection pool.

    load-balance-pool

    Specify a real server pool.

    method-inherit

    Enable (default) to use the method specified in the virtual server configuration.

    load-balance-method

    If not using inheritance, select a load balancing method type.

    persistence-inherit

    Enable (default) to use the persistence object specified in the virtual server configuration.

    load-balance-persistence

    If not using inheritance, select a session persistence type.

    comments

    Optional administrator note.

    schedule-list

    Enable/disable schedule pool list.

    schedule-pool-list

    Specify the schedule-pool.

    config match-condition

    content

    Specify the string or regular expression syntax.

    object

    Specify content matching conditions based on the following parameters:

    • http-host-header
    • http-referrer-header
    • http-request-url
    • sni
    • ip-source-address

    Note: When you add multiple conditions, FortiADC joins them with an AND operator. For example, if you specify both a HTTP Host Header and HTTP Request URL to match, the rule is a match only for traffic that meets both conditions.

    reverse

    Rule matches if traffic does not match the expression.

    type
    • string
    • regular-expression

    ignore case

    If the match case is case sensitive, it will ignore case.

    Example

    FortiADC-VM # config load-balance content-routing

    FortiADC-VM (content-routing) # edit example.com

    Add new entry 'example.com' for node 1756

    FortiADC-VM (example.com) # get

    type : l7-content-routing

    persistence-inherit : enable

    load-balance-persistence:

    method-inherit : enable

    load-balance-method :

    connection-pool :

    connection-pool-inherit: disable

    load-balance-pool :

    comments : comments

    FortiADC-VM (example.com) # set persistence-inherit enable

    FortiADC-VM (example.com) # set method-inherit enable

    FortiADC-VM (example.com) # set load-balance-pool example-pool

    FortiADC-VM (example.com) # set comments external-to-internal-name-map

    FortiADC-VM (example.com) # config match-condition

    FortiADC-VM (match-condition) # edit 1

    Add new entry '1' for node 1768

    FortiADC-VM (1) # get

    object : http-host-header

    type : regular-expression

    content : match

    reverse : disable

    FortiADC-VM (1) # set type string

    FortiADC-VM (1) # set content http://example.com

    FortiADC-VM (1) # set object http-request-url

    FortiADC-VM (1) # end

    FortiADC-VM (example.com) # get

    type : l7-content-routing

    persistence-inherit : enable

    method-inherit : enable

    connection-pool :

    connection-pool-inherit: disable

    load-balance-pool : example-pool

    == [ 1 ]

    comments : external-to-internal-name-map

    FortiADC-VM (example.com) # show

    config load-balance content-routing

    edit "example.com"

    set persistence-inherit enable

    set method-inherit enable

    set load-balance-pool example-pool

    config match-condition

    edit 1

    set object http-request-url

    set type string

    set content http://example.com

    next

    end

    set comments external-to-internal-name-map

    next

    end

    FortiADC-VM (example.com) # end

    Previous
    Next

    config load-balance content-routing

    config load-balance content-routing

    Use this command to configure content routing.

    Content routes select the backend server pool based on matches to TCP/IP or HTTP header values.

    Layer 7 content route rules are based on matches to the following header values:

    You might want to use Layer 7 content routes to simplify front-end coding of your web pages or to obfuscate the precise server names from clients. For example, you can publish links to a simple URL named example.com and use content route rules to direct traffic for requests to example.com to a server pool that includes server1.example.com, server2.example.com, and server3.example.com.

    Layer 4 and Layer 2 content route rules are based on matches to the following header values:

    • Source IP address

    Note: Layer 4 content rules can be used by both Layer 4 virtual servers and Layer 2 virtual servers.

    Before you begin:

    • You must have a good understanding of HTTP header fields.
    • You must have a good understanding of Perl-compatible regular expressions (PCRE) if you want to use them in rule matching.
    • You must have read-write permission for load balancing settings.

    After you have configured a content routing rule, you can select it in the virtual server configuration.

    Note: You can select multiple content routing rules in the virtual server configuration. Rules you add to that configuration are consulted from top to bottom. The first rule to match is applied. If the traffic does not match any of the content routing rule conditions specified in the virtual server configuration, the system behaves unexpectedly. Therefore, it is important that you create a “catch all” rule that has no match conditions. In the virtual server configuration, this rule should be ordered last so it can be used to forward traffic to a default pool.

    Syntax

    config load-balance content-routing

    edit <name>

    set type {l4-content-routing | l7-content-routing}

    set ip <ip&netmask>

    set ip6 <ip&netmask>

    set connection-pool inherit {enable|disable}

    set connection-pool <datasource>

    set load-balance-pool <datasource>

    set method-inherit {enable|disable}

    set load-balance-method <datasource>

    set persistence-inherit {enable|disable}

    set load-balance-persistence <datasource>

    set comments <string>

    set schedule-list enable/disable

    set schedule-pool-list <datasource>

    config match-condition

    edit <No.>

    set content <string>

    set object {http-host-header | http-referer-header | http-request-url | ip-source-address | sni}

    set reverse {enable|disable}

    set type {string | regular-expression}

    set ignore case {enable | disable}

    next

    end

    next

    end

    type

    l4-content-routing

    l7-content-routing

    ip

    Address/mask notation to match the source IP address in the packet header.

    ip6

    Address/mask notation to match the source IP address in the packet header.

    connection-pool-inherit

    Enable to use the connection pool configuration object specified in the virtual server configuration.

    connection-pool

    If not using inheritance, specify the connection pool.

    load-balance-pool

    Specify a real server pool.

    method-inherit

    Enable (default) to use the method specified in the virtual server configuration.

    load-balance-method

    If not using inheritance, select a load balancing method type.

    persistence-inherit

    Enable (default) to use the persistence object specified in the virtual server configuration.

    load-balance-persistence

    If not using inheritance, select a session persistence type.

    comments

    Optional administrator note.

    schedule-list

    Enable/disable schedule pool list.

    schedule-pool-list

    Specify the schedule-pool.

    config match-condition

    content

    Specify the string or regular expression syntax.

    object

    Specify content matching conditions based on the following parameters:

    • http-host-header
    • http-referrer-header
    • http-request-url
    • sni
    • ip-source-address

    Note: When you add multiple conditions, FortiADC joins them with an AND operator. For example, if you specify both a HTTP Host Header and HTTP Request URL to match, the rule is a match only for traffic that meets both conditions.

    reverse

    Rule matches if traffic does not match the expression.

    type
    • string
    • regular-expression

    ignore case

    If the match case is case sensitive, it will ignore case.

    Example

    FortiADC-VM # config load-balance content-routing

    FortiADC-VM (content-routing) # edit example.com

    Add new entry 'example.com' for node 1756

    FortiADC-VM (example.com) # get

    type : l7-content-routing

    persistence-inherit : enable

    load-balance-persistence:

    method-inherit : enable

    load-balance-method :

    connection-pool :

    connection-pool-inherit: disable

    load-balance-pool :

    comments : comments

    FortiADC-VM (example.com) # set persistence-inherit enable

    FortiADC-VM (example.com) # set method-inherit enable

    FortiADC-VM (example.com) # set load-balance-pool example-pool

    FortiADC-VM (example.com) # set comments external-to-internal-name-map

    FortiADC-VM (example.com) # config match-condition

    FortiADC-VM (match-condition) # edit 1

    Add new entry '1' for node 1768

    FortiADC-VM (1) # get

    object : http-host-header

    type : regular-expression

    content : match

    reverse : disable

    FortiADC-VM (1) # set type string

    FortiADC-VM (1) # set content http://example.com

    FortiADC-VM (1) # set object http-request-url

    FortiADC-VM (1) # end

    FortiADC-VM (example.com) # get

    type : l7-content-routing

    persistence-inherit : enable

    method-inherit : enable

    connection-pool :

    connection-pool-inherit: disable

    load-balance-pool : example-pool

    == [ 1 ]

    comments : external-to-internal-name-map

    FortiADC-VM (example.com) # show

    config load-balance content-routing

    edit "example.com"

    set persistence-inherit enable

    set method-inherit enable

    set load-balance-pool example-pool

    config match-condition

    edit 1

    set object http-request-url

    set type string

    set content http://example.com

    next

    end

    set comments external-to-internal-name-map

    next

    end

    FortiADC-VM (example.com) # end

    Previous
    Next