Contents

Example: HTTPS Proxy Action with Domain Name Rules

This example shows how to configure an HTTPS proxy with domain name rules to redirect inbound HTTPS requests to different internal web servers based on the subdomain. Content inspection is not enabled for this example. Domain name rules in the proxy action specify the routing actions based on the server domain in the SNI (Server Name Indication) extension for TLS, or in the server certificate as the CN (Common Name).

In an HTTPS proxy action, you can add domain name rules that specify an action to take when the server domain in an HTTPS request matches a specified pattern. This example does not include all steps required to configure domain name rules. For detailed configuration steps, see HTTPS-Proxy: Domain Name Rules.

For this example, an organization has three servers on the private network and they want to use a single public IP address for inbound HTTPS connections to all servers.

Diagram of a Firebox with two web servers on the private network

For this example:

  • A blog is hosted on the web server at 10.1.5.8
  • A registration site is on the web server at 10.1.5.13
  • The organization's website is on the web server at 10.1.5.80

You can configure an HTTPS proxy action with domain name rules to allow inbound connections to all of these servers at the same public IP address. The domain name rules redirect HTTPS requests to specific internal servers, based on the domain name. All other HTTPS requests go to the main web server specified in the SNAT action in the policy destination.

Domain name rules must match a domain name and cannot contain a path.

For this example, the content action contains domain name rules with these settings:

Domain Name Rule Pattern Match Value Routing Action
Blog blog.example.com 10.1.5.8
Registration registration.example.com 10.1.5.13
Action to take if no rule above is matched N/A Use Policy Default
(10.1.5.80)

In the HTTPS proxy action, domain name rules are configured to route traffic to the blog and registration servers. The proxy action is configured to route traffic to the policy default destination if no rules are matched. This directs all other web traffic to the default server specified in the SNAT action in the policy. All rules use port 443, the default port for HTTPS.

Screen shot of an HTTPS Proxy policy, Proxy Action tab with configured domain name rules

In the HTTP proxy policy, the default destination is an SNAT action that routes HTTP requests to the main web server at 10.1.5.80.

Screen shot of an HTTPS Proxy policy, Settings tab with an SNAT action configured

The SNAT action is used only when the domain name rules specify Use Policy Default.

See Also

About the HTTP-Proxy

Configure HTTP Content Actions

Give Us Feedback  ●   Get Support  ●   All Product Documentation  ●   Technical Search