Rewriting Requests
Rewriting URLs and headers allows changing the structure of the request from clients before forwarding them to the web application.
Some web applications need to know the IP address of the client where the request originated in order to log or analyze it. Thus, you need to enable FortiWeb Cloud to add or append to an X-Forwarded-For:
or X-Real-IP:
header. The web server can instead use this HTTP-layer header to find the public source IP and path of the IP-layer session from the original client.
To configure Rewriting Requests, you must have already enabled this module in Add Modules. See How to add or remove a module.
Add X-Forwarded-For |
Enable to include the If the HTTP client or web proxy does not provide the header, FortiWeb Cloud adds it, using the source IP address of the connection. If the HTTP client or web proxy already provides the header, it appends the source IP address to the header's list of IP addresses. This option can be useful if your web servers log or analyze clients’ public
IP addresses, if they support the |
Add Source Port |
If enabled, the |
Add X-Forwarded-Port |
If enabled, an |
Add X-Real-IP |
Enable to include the Like |
Use X-Header to Identify Original Client's IP |
If you have a front-end load balancer or proxy, enable this option to derive the original clients’ IP from the X-Header, rather than from the connection's source IP. FortiWeb Cloud will detect violations and report logs based on the IP derived from X-Header. |
To configure a rewriting rule
- Go to APPLICATION DELIVERY > Rewriting Requests.
- Click +Add Rule.
- Configure these settings.
Name
Type a name that can be referenced by other parts of the configuration.
Action
Select the item that this rule will rewrite HTTP requests from clients.
- Rewrite Host
Rewrite theHost:
field in the header of an HTTP request. - Rewrite URL
Rewrite the URL line in the header of an HTTP request. - Rewrite Referer
Rewrite theReferer:
field in the header of an HTTP request.
- Insert Header
In Header Name and Header Value, insert the name of the header field that you want to insert to a request, and the value of the header field accordingly. - Redirect URL (301 Permanently)
Type a URL, such as /catalog/item1, to which a client will be redirected to. It is used in the301 Moved Permanently
response.
- Redirect Host (301 Permanently)
Type either a host name or IP address (e.g. http://store.example.com or https://2.2.2.2), to which a client will be redirected. It is used in the301 Moved Permanently
response.
Note: Only literal form is supported for the Rewrite/Redirect To field, but regular expression is supported for the Rewrite/Redirect From field.
For example, the following configuration can redirect "a.com" to "www.a.com":Redirect From: ^a\.com$
Redirect To: https://www.a.com
To achieve the opposite effect, you can use the following configuration to redirect from "www.a.com" to "a.com", excluding the "www":
- Redirect From: ^www\.a\.com$
Redirect To: https://a.com
For both examples above, the Action would be set to "Rewrite Host".
Action: Rewrite HTTP Header Advanced
This action enables FortiWeb Cloud to rewrite HTTP header when multiple conditions are met.
Rewriting Condition:
Specify one or more conditions that the HTTP request must match. The conditions are in an "AND" relationship.
Match Host: Enter the value of the
Host:
field to match.Match URL: Enter the URL to match.
Match Referer: Enter the value of
Referer:
field to match.Protocol Filter: Select the protocol if you want to restrict the condition only for either HTTP or HTTPS.
Rewriting Behavior:
Replace the corresponding elements in HTTP request with the values specified below. Multiple behaviors will be applied as specified.
Rewrite Host: Enter the
Host:
value to replace with.Rewrite URL: Enter the URL to replace with.
Rewrite Referer: Enter the value of
Referer:
field to replace with.Insert Header: Enter the header name and value to insert into the HTTP request.
Remove Header: Remove the header from HTTP request.
Action: Redirect Advanced (301 Permanently)
This action enables FortiWeb Cloud to redirect HTTP request when multiple conditions are met.
Rewriting Condition:
Specify one or more conditions that the HTTP request must match. The conditions are in an "AND" relationship.
Match Host: Enter the value of the
Host:
field to match.Match URL: Enter the URL to match.
Match Referer: Enter the value of
Referer:
field to match.Protocol Filter: Select the protocol if you want to restrict the condition only for either HTTP or HTTPS.
Rewriting Behavior:
Redirect the request to the specified location when the above conditions are met.
Rewrite Location: The location can be a URL, a host name, or an IP address.
URL Translation
Enable it to keep the URL path while redirecting clients to a new host or IP address in a “301 Permanently” response. For example, clients visiting "www.aaa.com/test.html" can be redirected to "www.bbb.com/test.html".
Available only if the action is Redirect Host (301 Permanently).
Protocol Filter
Enable if you want to match this condition only for either HTTP or HTTPS.
For example, you could redirect clients that accidentally request the login page by HTTP to a more secure HTTPS channel—but the redirect is not necessary for HTTPS requests.
As another example, if URLs in HTTPS requests should be exempt from rewriting, you could configure the rewriting rule to apply only to HTTP requests.
Protocol
Select which protocol will match this condition, either HTTP or HTTPS.
This option appears only if Protocol Filter is enabled.
- Rewrite Host
- Click OK.
You can continue creating at most 12 rewriting rules for an application. Please be aware that the rules operate under "OR" conditions. This implies that FortiWeb Cloud will process the request based on the first matching rule, subsequently forwarding the request to the next scan.