Fortinet black logo

Handbook

HTTP host-based load balancing

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:824987
Download PDF

HTTP host-based load balancing

When configuring HTTP or HTTPS load balancing you can select HTTP host load balancing to load balance HTTP host connections across multiple real servers using the host’s HTTP header to guide the connection to the correct real server. HTTP 1.1 includes the concept of a virtual server which allows a HTTP or HTTPS server with a single external IP address to serve requests for multiple DNS domains by using the mandatory Host: header in a HTTP request to indicate which DNS domain the request is destined for.

FortiOS can load-balance HTTP and HTTPS connections among multiple real servers using the Host: header to guide the connection to the correct real server. The host load balancing method allows a real server to specify a http-host attribute which is the domain name of the traffic for that real server. Each real server can only specify a single domain name. The same domain name can appear in more than one real server but only the first one that is up will be used, any others are purely for redundancy. If the Host: header contains a domain that does not match any http-host entry then the connection will be dropped. A real server with no http-host can be matched by any Host: domain.

For example, consider a FortiGate unit that is load-balancing traffic to three real servers. Traffic for www.example1.com should go to 192.168.2.1, traffic for www.example2.com should go to 192.168.2.2 and traffic to any other domain should go to 192.168.2.3. To enable this configuration you would add a virtual server and set the load balance method to HTTP host. Then you would add three real servers and set the HTTP host of the real server with IP address 192.168.2.1 to www.example1.com, the HTTP host of the real server with IP address 192.168.2.2 to www.example2.com and you would not specify an HTTP host for the third real server.

The configuration of a virtual IP to achieve this result would be:

config firewall vip

edit "http-host-ldb"

set type server-load-balance

set extip 172.16.67.195

set extintf "lan"

set server-type http

set ldb-method http-host

set extport 80

config realservers

edit 1

set http-host "www.example1.com"

set ip 192.168.2.1

set port 80

next

edit 2

set http-host "www.example2.com"

set ip 192.168.2.2

set port 80

next

edit 3

set ip 192.168.2.3

set port 80

next

end

end

Host load balancing and HTTP cookie persistence

In an HTTP host-based load balancing configuration with HTTP cookie persistence enabled you can optionally configure cookie persistence to use the domain set in the host header as the cookie domain. You can do this by enabling the http‑cookie‑domain‑from‑host option, for example:

config firewall vip

edit "http-host-ldb"

set type server-load-balance

set extip 172.16.67.195

set extintf "lan"

set server-type http

set ldb-method http-host

set extport 80

set persistence http-cookie

set http-cookie-domain-from-host enable

config realservers

edit 1

set http-host "www.example1.com"

set ip 192.168.2.1

set port 80

next

edit 2

set http-host "www.example2.com"

set ip 192.168.2.2

set port 80

next

edit 3

set ip 192.168.2.3

set port 80

next

end

end

HTTP host-based load balancing

When configuring HTTP or HTTPS load balancing you can select HTTP host load balancing to load balance HTTP host connections across multiple real servers using the host’s HTTP header to guide the connection to the correct real server. HTTP 1.1 includes the concept of a virtual server which allows a HTTP or HTTPS server with a single external IP address to serve requests for multiple DNS domains by using the mandatory Host: header in a HTTP request to indicate which DNS domain the request is destined for.

FortiOS can load-balance HTTP and HTTPS connections among multiple real servers using the Host: header to guide the connection to the correct real server. The host load balancing method allows a real server to specify a http-host attribute which is the domain name of the traffic for that real server. Each real server can only specify a single domain name. The same domain name can appear in more than one real server but only the first one that is up will be used, any others are purely for redundancy. If the Host: header contains a domain that does not match any http-host entry then the connection will be dropped. A real server with no http-host can be matched by any Host: domain.

For example, consider a FortiGate unit that is load-balancing traffic to three real servers. Traffic for www.example1.com should go to 192.168.2.1, traffic for www.example2.com should go to 192.168.2.2 and traffic to any other domain should go to 192.168.2.3. To enable this configuration you would add a virtual server and set the load balance method to HTTP host. Then you would add three real servers and set the HTTP host of the real server with IP address 192.168.2.1 to www.example1.com, the HTTP host of the real server with IP address 192.168.2.2 to www.example2.com and you would not specify an HTTP host for the third real server.

The configuration of a virtual IP to achieve this result would be:

config firewall vip

edit "http-host-ldb"

set type server-load-balance

set extip 172.16.67.195

set extintf "lan"

set server-type http

set ldb-method http-host

set extport 80

config realservers

edit 1

set http-host "www.example1.com"

set ip 192.168.2.1

set port 80

next

edit 2

set http-host "www.example2.com"

set ip 192.168.2.2

set port 80

next

edit 3

set ip 192.168.2.3

set port 80

next

end

end

Host load balancing and HTTP cookie persistence

In an HTTP host-based load balancing configuration with HTTP cookie persistence enabled you can optionally configure cookie persistence to use the domain set in the host header as the cookie domain. You can do this by enabling the http‑cookie‑domain‑from‑host option, for example:

config firewall vip

edit "http-host-ldb"

set type server-load-balance

set extip 172.16.67.195

set extintf "lan"

set server-type http

set ldb-method http-host

set extport 80

set persistence http-cookie

set http-cookie-domain-from-host enable

config realservers

edit 1

set http-host "www.example1.com"

set ip 192.168.2.1

set port 80

next

edit 2

set http-host "www.example2.com"

set ip 192.168.2.2

set port 80

next

edit 3

set ip 192.168.2.3

set port 80

next

end

end