Fortinet Document Library

Version:


Table of Contents

User Guide

Download PDF
Copy Link

Rewriting Requests

Rewriting URLs and headers allows changing the structure of the request from clients before forwarding them to the web application.

Some web applications need to know the IP address of the client where the request originated in order to log or analyze it. Thus, you need to enable FortiWeb Cloud to add or append to an X-Forwarded-For: or X-Real-IP: header. The web server can instead use this HTTP-layer header to find the public source IP and path of the IP-layer session from the original client.

To configure Rewriting Requests, you must have already enabled this module in Add Modules. See How to add or remove a module.

Add X-Forwarded-For

Enable to include the X-Forwarded-For: HTTP header in requests forwarded to your web servers.

If the HTTP client or web proxy does not provide the header, FortiWeb Cloud adds it, using the source IP address of the connection.

If the HTTP client or web proxy already provides the header, it appends the source IP address to the header's list of IP addresses.

This option can be useful if your web servers log or analyze clients’ public IP addresses, if they support the X-Forwarded-For: header. If they do not, disable this option to improve performance.

Add Source Port

If enabled, the X-Forwarded-For: header will record the connection's source port as well as the source IP.

Add X-Forwarded-Port

If enabled, an X-Forwarded-Port: header will be added to record the connection's original destination port.

Add X-Real-IP

Enable to include the X-Real-IP: HTTP header on requests forwarded to your web servers. Behavior varies by the header already provided by the HTTP client or web proxy, if any, see Add X-Forwarded-For.

Like X-Forwarded-For:, this header is also used by some proxies and web servers to trace the path, log, or analyze based upon the packet’s original source IP address.

Use X-Header to Identify Original Client's IP

If you have a front-end load balancer or proxy, enable this option to derive the original clients’ IP from the X-Header, rather than from the connection's source IP. FortiWeb Cloud will detect violations and report logs based on the IP derived from X-Header.

To configure a rewriting rule

  1. Go to APPLICATION DELIVERY > Rewriting Requests.
  2. Click +Add Rule.
  3. Configure these settings.

    Name

    Type a name that can be referenced by other parts of the configuration.

    Action

    Select the item that this rule will rewrite HTTP requests from clients from the web server.

    • Rewrite Host
      Rewrite the Host: field in the header of an HTTP request.
    • Rewrite URL
      Rewrite the URL line in the header of an HTTP request.
    • Rewrite Referer
      Rewrite the Referer: field in the header of an HTTP request.
    • Insert Header
      In Header Name and Header Value, insert the name of the header field that you want to insert to a request, and the value of the header field accordingly.
    • Redirect URL (301 Permanently)
      Type a URL, such as /catalog/item1, to which a client will be redirected to. It is used in the 301 Moved Permanently response.
    • Redirect Host (301 Permanently)
      Type either a host name or IP address (e.g. http://store.example.com or https://2.2.2.2), to which a client will be redirected. It is used in the 301 Moved Permanently response.

    Note: Only literal form is supported for the Rewrite/Redirect To field, but regular expression is supported for the Rewrite/Redirect From field.
    For example, the following configuration can redirect "a.com" to "www.a.com":

    • Redirect From: ^a\.com$

    • Redirect To: https://www.a.com

    URL Translation

    Enable it to keep the URL path while redirecting clients to a new host or IP address in a “301 Permanently” respons. For example, clients visiting "www.aaa.com/test.html" can be redirected to "www.bbb.com/test.html".

    Available only if the action is Redirect Host (301 Permanently).

  4. Click OK.
    You can continue creating at most 12 rewriting rules for an application.

Rewriting Requests

Rewriting URLs and headers allows changing the structure of the request from clients before forwarding them to the web application.

Some web applications need to know the IP address of the client where the request originated in order to log or analyze it. Thus, you need to enable FortiWeb Cloud to add or append to an X-Forwarded-For: or X-Real-IP: header. The web server can instead use this HTTP-layer header to find the public source IP and path of the IP-layer session from the original client.

To configure Rewriting Requests, you must have already enabled this module in Add Modules. See How to add or remove a module.

Add X-Forwarded-For

Enable to include the X-Forwarded-For: HTTP header in requests forwarded to your web servers.

If the HTTP client or web proxy does not provide the header, FortiWeb Cloud adds it, using the source IP address of the connection.

If the HTTP client or web proxy already provides the header, it appends the source IP address to the header's list of IP addresses.

This option can be useful if your web servers log or analyze clients’ public IP addresses, if they support the X-Forwarded-For: header. If they do not, disable this option to improve performance.

Add Source Port

If enabled, the X-Forwarded-For: header will record the connection's source port as well as the source IP.

Add X-Forwarded-Port

If enabled, an X-Forwarded-Port: header will be added to record the connection's original destination port.

Add X-Real-IP

Enable to include the X-Real-IP: HTTP header on requests forwarded to your web servers. Behavior varies by the header already provided by the HTTP client or web proxy, if any, see Add X-Forwarded-For.

Like X-Forwarded-For:, this header is also used by some proxies and web servers to trace the path, log, or analyze based upon the packet’s original source IP address.

Use X-Header to Identify Original Client's IP

If you have a front-end load balancer or proxy, enable this option to derive the original clients’ IP from the X-Header, rather than from the connection's source IP. FortiWeb Cloud will detect violations and report logs based on the IP derived from X-Header.

To configure a rewriting rule

  1. Go to APPLICATION DELIVERY > Rewriting Requests.
  2. Click +Add Rule.
  3. Configure these settings.

    Name

    Type a name that can be referenced by other parts of the configuration.

    Action

    Select the item that this rule will rewrite HTTP requests from clients from the web server.

    • Rewrite Host
      Rewrite the Host: field in the header of an HTTP request.
    • Rewrite URL
      Rewrite the URL line in the header of an HTTP request.
    • Rewrite Referer
      Rewrite the Referer: field in the header of an HTTP request.
    • Insert Header
      In Header Name and Header Value, insert the name of the header field that you want to insert to a request, and the value of the header field accordingly.
    • Redirect URL (301 Permanently)
      Type a URL, such as /catalog/item1, to which a client will be redirected to. It is used in the 301 Moved Permanently response.
    • Redirect Host (301 Permanently)
      Type either a host name or IP address (e.g. http://store.example.com or https://2.2.2.2), to which a client will be redirected. It is used in the 301 Moved Permanently response.

    Note: Only literal form is supported for the Rewrite/Redirect To field, but regular expression is supported for the Rewrite/Redirect From field.
    For example, the following configuration can redirect "a.com" to "www.a.com":

    • Redirect From: ^a\.com$

    • Redirect To: https://www.a.com

    URL Translation

    Enable it to keep the URL path while redirecting clients to a new host or IP address in a “301 Permanently” respons. For example, clients visiting "www.aaa.com/test.html" can be redirected to "www.bbb.com/test.html".

    Available only if the action is Redirect Host (301 Permanently).

  4. Click OK.
    You can continue creating at most 12 rewriting rules for an application.