Configure HTTP Content Actions

An HTTP content action enables the Firebox to route inbound HTTP requests to different internal web servers based on the content of the HTTP host header and the path in the HTTP request. Because a content action can redirect requests to different servers based on the domain in the host header, this type of routing is sometimes known as host header redirect. You can use an HTTP content action in HTTP proxy policies and for content inspection in an HTTPS server proxy action. For more information, go to About Content Actions.

In a content action, you add content rules with these settings:

  • A domain or path to match
  • An HTTP proxy action to use
  • A routing action, which can be the policy default, or an IP address
  • HTTP and HTTPS ports
  • TLS/SSL Offload setting

The HTTPS port and TLS/SSL Offload settings apply only when the content action is used in an HTTPS proxy action for content inspection.

You can specify multiple content rules to direct HTTP requests to different internal servers. To determine which content rule to use, the Firebox compares the pattern you specify in the content rule to the domain and path in the HTTP request. The pattern in a content rule can match a domain, a path or both. For example:

  • example.com/*
  • wiki.example.net/*
  • */wiki/*
  • blog.example.net/resource/*

There is one predefined content action, HTTP-Content.Standard. This predefined action uses the predefined proxy action HTTP-Server.Standard and uses the policy defaults for routing. You can clone the predefined content action but you cannot delete it. If you edit the predefined content action, you must save it as a clone.

Configure an HTTP Content Action

You can also clone or edit a content action when you select it in an HTTP proxy policy or as the action for content inspection in an HTTPS proxy action.

Use the HTTP Content Action in Proxy Policies

In an HTTP proxy policy, you can select the HTTP content action instead of an HTTP-Server proxy action.

For an example, go to Example — HTTP Proxy with an HTTP Content Action.

Use an HTTP Content Action in an HTTP Proxy Policy

To use an HTTP content action in an HTTP proxy policy:

  1. Add the HTTP proxy policy to allow connections from the external network.
  2. In the policy, specify a static NAT action as the policy destination.
    The policy uses this static NAT action when a routing action in the content action is set to Use Policy Default.
  3. From the Proxy action or Content action drop-down list, select the HTTP-Content action to use.

Screen shot of an HTTP-proxy policy with a content action selected

An HTTP-proxy policy configured with an SNAT action and an HTTP content action in Policy Manager

HTTP proxy policy routes HTTP requests based on the content rules in the content action.

  • If the routing action in the content rule specifies an IP address, the policy routes the HTTP request to that IP address.
  • If the routing action in the content rule specifies Use Policy Default, the policy uses the static NAT action in the policy.

Use an HTTP Content Action in an HTTPS Proxy Policy

In an HTTPS proxy policy, you can select the HTTP content action in the HTTPS-Server proxy action. To use an HTTP content action in an HTTPS proxy action, you must enable content inspection and configure a domain name rule with the Inspect action.

For an example, go to Example: HTTPS Proxy Action with an HTTP Content Action.

For more information, go to HTTPS-Proxy: Content Inspection.

Related Topics

About Content Actions

HTTPS-Proxy: Content Inspection

Use an HTTP Content Action for TLS/SSL Offloading

About Proxy Actions