Example — HTTP Proxy with an HTTP Content Action

This example shows how to configure an HTTP proxy with an HTTP content action to direct inbound HTTP requests to different internal web servers based on the content of the HTTP host header and the path in the HTTP request. This type of routing is sometimes referred to as host header redirect.

This example does not include all steps required to configure a content action. For detailed configuration steps, see Configure HTTP Content Actions.

For this example, an organization has four servers on the private network and they want to use a single public IP address for inbound HTTP connections to all servers.

Diagram of a Firebox with four web servers on the private network

For this example:

  • Documentation library is on the web server at 10.1.5.3
  • Image library is on the web server at 10.1.5.7
  • Audio library is on the web server at 10.1.5.46
  • Main website is on the web server at 10.1.5.80

You can configure an HTTP proxy policy with a content action to allow inbound connections to all of these servers at the same public IP address.

The content action redirects HTTP requests to three internal servers, based on the domain in the HTTP host header and URI path in the HTTP request. All other HTTPS requests go to the main web server specified in an SNAT action in the policy.

For this example, the content action contains these content rules:

Content Rule Name Pattern Match Value Routing Action
Documentation *.example.com/docs/* 10.1.5.3
Images *.example.com/images/* 10.1.5.7
Audio */audio/* 10.1.5.46
Action to take if no rule above is matched N/A

Use Policy Default

(10.1.5.80)

The HTTP content action specifies three content rules to route traffic to the documentation, images, and audio servers. The content action is configured to route other requests to the policy default destination. This directs all other web traffic to the default server specified in the SNAT action in the policy. All rules use port 80, the default port for HTTP.

Screen shot of an HTTP Proxy policy, Proxy Action tab with a content action selected

In the HTTP proxy policy, the default destination is an SNAT action that routes HTTP requests to the main web server at 10.1.5.80.

Screen shot of an HTTP Proxy policy, Settings tab with an SNAT action configured

The SNAT action is used only when the content action specifies Use Policy Default.

Related Topics

About the HTTP-Proxy

Configure HTTP Content Actions