Fortiweb Cookbook: content routing based on URL configuration example


I wrote this step by step walkthrough as an answer for the forum.fortinet.com here https://forum.fortinet.com/FindPost/183028 . This example uses Fortiweb 6.2.2 but the configuration is valid at least starting with 5.x.

Problem: You want to route user requests according to the URL they are trying to access. When a user enters http://example.com/server1 you want her to be routed to the server1 (10.10.10.10) and port 22. And when she enters http://example.com/server2, you want her to reach server2 (10.10.10.15) on port 3030.

Solution: Create Content Routing Policy with 2 rules, each using regex to match the URL in the HTTP request and route to the appropriate server pool.

Now the configuation:

  1. Create usual VIP representing the external IP of the domain example.com, here it is 15.15.15.15:

create VIP for external IP

  1. Create Virtual Server using the above VIP:

virtual server

  1. Create 2 physical servers, for each server in a farm using ports 22 and 3030 accordingly, here server1 is 10.10.10.10 port 22 and server2 is 10.10.10.15 port 3030:

physical servers

physical servers 2

  1. Now, to the HTTP Content Routing. Here we define parameters to route to different servers by. To do so we create 2 policies – first matching “server1” in URL (and route to server 1 10.10.10.10 by using it in the Server Pool menu), and the 2nd matching “server2”:

Content routing match rules

Content routing3

And for the 2nd server:

Content routing3

Content routing3

  1. Finally, we tie all this together in the Server Policy of type HTTP Content Routing:

Content routing3

The CLI commands of the above configuration are:

config server-policy vserver
      edit "forum-fortinet-vserver"
        config  vip-list
          edit 1
            set vip forum-ftnt-VIP
          next
        end
      next
    end

config server-policy server-pool
      edit "forum-ftnt-srv1"
        set flag 1
        set server-pool-id 6459952352137344822
        config  pserver-list
          edit 1
            set ip 10.10.10.10
            set port 22
            set server-id 383198561119413223
          next
        end
      next
      edit "forum-ftnt-srv2"
        set flag 1
        set server-pool-id 2056232527958881701
        config  pserver-list
          edit 1
            set ip 10.10.10.15
            set port 3030
            set server-id 15928736989441525913
          next
        end
      next
    end
    config server-policy http-content-routing-policy
      edit "forum-ftnt-to-srv1-port22"
        set server-pool forum-ftnt-srv1
        set http-content-routing-id 14533533740472441776
        config  content-routing-match-list
          edit 1
            set match-object http-request
            set match-condition match-reg
            set match-expression server1
          next
        end
      next
      edit "forum-ftnt-to-srv2-port3030"
        set server-pool forum-ftnt-srv2
        set http-content-routing-id 9634759790203390436
        config  content-routing-match-list
          edit 1
            set match-object http-request
            set match-condition match-reg
            set match-expression server2
          next
        end
      next
    end

    config server-policy policy
      edit "forum-ftnt-tosrv1-srv2"
        set deployment-mode http-content-routing
        set vserver forum-fortinet-vserver
        set service HTTP
        set replacemsg Predefined
        set policy-id 12611187490543522760
        config  http-content-routing-list
          edit 1
            set content-routing-policy-name forum-ftnt-to-srv1-port22
            set profile-inherit enable
          next
          edit 2
            set content-routing-policy-name forum-ftnt-to-srv2-port3030
            set profile-inherit enable
          next
        end
      next
    end