HTTP host-based load balancing
When configuring HTTP or HTTPS load balancing you can select HTTP host load balancing to load balance HTTP host connections across multiple real servers using the host’s HTTP header to guide the connection to the correct real server. HTTP 1.1 includes the concept of a virtual server which allows a HTTP or HTTPS server with a single external IP address to serve requests for multiple DNS domains by using the mandatory Host:
header in a HTTP request to indicate which DNS domain the request is destined for.
FortiOS can load-balance HTTP and HTTPS connections among multiple real servers using the Host:
header to guide the connection to the correct real server. The host load balancing method allows a real server to specify a http-host
attribute which is the domain name of the traffic for that real server. Each real server can only specify a single domain name. The same domain name can appear in more than one real server but only the first one that is up will be used, any others are purely for redundancy. If the Host: header contains a domain that does not match any http-host entry then the connection will be dropped. A real server with no http-host can be matched by any Host: domain.
For example, consider a FortiGate unit that is load-balancing traffic to three real servers. Traffic for www.example1.com should go to 192.168.2.1, traffic for www.example2.com should go to 192.168.2.2 and traffic to any other domain should go to 192.168.2.3. To enable this configuration you would add a virtual server and set the load balance method to HTTP host. Then you would add three real servers and set the HTTP host of the real server with IP address 192.168.2.1 to www.example1.com, the HTTP host of the real server with IP address 192.168.2.2 to www.example2.com and you would not specify an HTTP host for the third real server.
The configuration of a virtual IP to achieve this result would be:
config firewall vip
edit "http-host-ldb"
set type server-load-balance
set extip 172.16.67.195
set extintf "lan"
set server-type http
set ldb-method http-host
set extport 80
config realservers
edit 1
set http-host "www.example1.com"
set ip 192.168.2.1
set port 80
next
edit 2
set http-host "www.example2.com"
set ip 192.168.2.2
set port 80
next
edit 3
set ip 192.168.2.3
set port 80
next
end
end
Host load balancing and HTTP cookie persistence
In an HTTP host-based load balancing configuration with HTTP cookie persistence enabled you can optionally configure cookie persistence to use the domain set in the host header as the cookie domain. You can do this by enabling the http‑cookie‑domain‑from‑host
option, for example:
config firewall vip
edit "http-host-ldb"
set type server-load-balance
set extip 172.16.67.195
set extintf "lan"
set server-type http
set ldb-method http-host
set extport 80
set persistence http-cookie
set http-cookie-domain-from-host enable
config realservers
edit 1
set http-host "www.example1.com"
set ip 192.168.2.1
set port 80
next
edit 2
set http-host "www.example2.com"
set ip 192.168.2.2
set port 80
next
edit 3
set ip 192.168.2.3
set port 80
next
end
end