Updated on 2024-09-20 GMT+08:00

Advanced Forwarding

Overview

Advanced forwarding policies are available only for dedicated load balancers. If you have enabled Advanced Forwarding, you can add advanced forwarding policies to HTTP and HTTPS listeners of dedicated load balancers.

You can add advanced forwarding policies to HTTP or HTTPS listeners to forward requests to different backend server groups based on a wide range of forwarding rules and actions. Table 1 describes the rules and actions that you can configure for request forwarding.

Figure 1 How advanced forwarding works

The following describes how an advanced forwarding policy works:

  1. The client sends a request to the load balancer.
  2. The load balancer matches the request based on the forwarding rule you configure.
  3. The load balancer forwards the request to the corresponding backend server or returns a fixed response to the client based on the action you configure.
  4. The load balancer sends a response to the client.
Table 1 Rules and actions supported by an advanced forwarding policy

Forwarding Policy

Description

Forwarding rule

The following forwarding rules are supported: domain name, path, HTTP request method, HTTP header, query string, cookie, and CIDR block.

For details, see Forwarding Rule.

Action

The following actions are supported: forward to a backend server group, redirect to another listener, redirect to another URL, rewrite, write header, remove header, limit request, and return a specific response body.

NOTE:
  • If Action is set to Forward to a backend server group, you can also select from one of the following additional actions: rewrite, write header, remove header, and limit request.
  • If Action is set to Return a specific response body, you can also select the additional action Limit request.

For details, see Table 4.

For details, see Action Types.

These additional actions are only available in certain regions. You can check which regions support these actions on the console. If you want to use these actions, submit a service ticket.

How Requests Are Matched

After you add an HTTP or HTTPS listener to a load balancer, a default forwarding policy is generated. This policy uses the protocol and port specified for the listener to match requests and forward the requests to the backend server group you specified when adding the listener.

The default forwarding policy has the lowest priority and is not included when you sort forwarding policies. It can be edited but cannot be deleted.

Each request is matched based on the forwarding policy priority (a smaller value indicates a higher priority). Once a forwarding policy is matched, the request is forwarded based on this forwarding policy.

  • If the request is matched with any forwarding policy of the listener, it is forwarded based on this forwarding policy.
  • If the request is not matched with any forwarding policy, it is forwarded based on the default forwarding policy.

Forwarding Rule

Advanced forwarding policies support the following types of forwarding rules: domain name, path, HTTP request method, HTTP header, query string, cookie, and CIDR block.

Table 2 Forwarding rules

Forwarding Rule

Description

Domain name

  • Description

    Route requests based on the domain name. You can configure multiple domain names with each consist of at least two labels separated by periods (.). Max total: 100 characters. Max label: 63 characters.

  • Matching rules
    • Exact match and wildcard match: The domain name can contain only letters, digits, and special characters .-?=~_+\^*!$&|()[]. Asterisks (*) and question marks (?) can be used as wildcards. The domain name cannot start or end with a period (.) or contain two consecutive periods (..).
    • Regular expression match: The domain name can contain only letters, digits, and special characters .-?=~_+\^*!$&|()[].
Example
Request URL: https://www.example.com/login.php?locale=en-us=#videos
Domain name in the forwarding rule: www.example.com

Path

  • Description

    Route requests based on paths. You can configure multiple paths in a forwarding policy. Each path contains 1 to 128 characters, including letters, digits, and special characters: _~';@^-%#$.*+?,=!:|\/()[]{}

  • Matching rules
    • Exact match: The request path must exactly match that specified in the forwarding policy. The URL must start with a slash (/) and can use asterisks (*) and question marks (?) as wildcards.
    • Prefix match: The request path starts with the specified path string. The URL must start with a slash (/) and can use asterisks (*) and question marks (?) as wildcard characters.
    • Regular expression match: The URLs are matched using a regular expression.

For more information about path matching rules, see Path Matching.

Example path:
Request URL: https://www.example.com/login.php?locale=en-us#videos
Path in the forwarding rule: /login.php

Query string

Route requests based on the query string.

A query string consists of a key and one or more values. You need to set the key and values separately.
  • The key can contain only letters, digits, and special characters: !$'()*+,./:;=?@^-_'
  • Multiple values can be configured for a key. The value can contain letters, digits, and special characters: !$'()*+,./:;=?@^-_'. Asterisks (*) and question marks (?) can be used as wildcard characters.
Example
Request URL: https://www.example.com/login.php?locale=en-us#videos
A query string needs to be configured for the forwarding rule:
Key: locale
Value: en-us

HTTP request method

Route requests based on the HTTP method.

  • You can configure multiple request methods in a forwarding policy.
  • The following methods are available: GET, POST, PUT, DELETE, PATCH, HEAD, and OPTIONS.
Example
GET

HTTP header

Route requests based on the HTTP header.

An HTTP header consists of a key and one or more values. You need to configure the key and values separately.
  • The key can contain only letters, digits, underscores (_), and hyphens (-).
    NOTE:

    The first letter of HTTP request headers User-agent and Connection must be capitalized.

  • Multiple values can be configured for a key. The value can contain letters, digits, and special characters: !#$%&'()*+,.\/:;<=>?@[]^-_'{|}~. Asterisks (*) and question marks (?) can be used as wildcard characters.
Example
Key: Accept-Language
Value: en-us

CIDR block

Route requests based on the source IP addresses from where requests originate.

Example
192.168.1.0/24 or 2020:50::44/127

Cookie

Route requests based on the cookie.

A cookie consists of a key and a value. You need to configure the key and value separately.

  • A key can contain 1 to 100 characters and cannot start or end with a space.
  • A key can have one value, which can contain 1 to 100 characters.

You can enter multiple key-value pairs. The key-value pairs can contain letters, digits, and special characters !%'"()*+,./:=?@^-_`~

Example:
Key: cookie_name
Value: cookie_value

Action Types

Advanced forwarding policies support the following actions: forward to a backend server group, redirect to another listener, redirect to another URL, and return a specific response body.

If you set Action to Forward to backend server group or Return a specific response body, you can add additional actions. ELB first performs additional actions and then forwards requests to the specified backend server group or returns a specific response body. Among all the additional actions, Limit request has the highest priority. The following additional actions are supported:

  • Forward to a backend server group: Rewrite, Write header, Remove header, and Limit request.
  • Returns a specific response body: Limit request.
Table 3 Actions of an advanced forwarding policy

Action

Description

Forward to a backend server group

Requests are forwarded to the specified backend server group.

NOTE:

If Action is set to Forward to a backend server group, you can also select from one of the following additional actions: rewrite, write header, remove header, and limit request.

For details, see Table 4.

Redirect to another listener

Requests are redirected to another listener, which then routes the requests to its associated backend server group.

NOTE:

If you select Redirect to another listener, the configurations for the HTTP listener will not be applied, but access control configured for the listener will still be applied.

For example, if you configure a redirect for an HTTP listener, HTTP requests to access a web page will be redirected to the HTTPS listener you select and handled by the backend servers associated with the HTTPS listener. As a result, the clients access the web page over HTTPS.

Redirect to another URL

Requests are redirected to the configured URL.

When clients access website A, the load balancer returns 302 or any other 3xx status code and automatically redirects the clients to website B. You can customize the redirection URL that will be returned to the clients.

Configure at least one of the following components:
  • Protocol: ${protocol}, HTTP, or HTTPS ${protocol}: retains the protocol of the request.
  • Domain Name: A domain name consists of at least two labels separated by periods (.). Each label can contain only letters, digits, hyphens (-), and periods (.), must start with a letter, digit, or asterisk (*), and cannot end with a hyphen (-). ${host}: retains the domain name of the request.
  • Port: ranges from 1 to 65535. ${port}: retains the port number of the request.
  • Path: A path can contain letters, digits, and special characters: _~';@^-%#&$.*+?,=!:|\/()[]{} and must start with a slash (/). ${path}: retains the path of the request.
    NOTE:

    If you select regular expression match, the request path will be overwritten by the variables that match the regular expressions. For details, see Path Matching Based on Regular Expressions.

  • Query String: A query string can contain only letters, digits, and special characters: !$'()*+,./:;=?@&^-_',&. Ampersands (&) can only be used as separators.
  • HTTP Status Code: 301, 302, 303, 307, or 308
Example
URL for redirection: http://www.example1.com/index.html?locale=en-us#videos
Protocol: HTTP
Domain name: www.example1.com
Port: 8081
Path: /index.html
Query String: locale=en-us
HTTP Status Code: 301

Return a specific response body

Load balancers return a fixed response to the clients.

You can custom the status code and response body that load balancers directly return to the clients without the need to route the requests to backend servers.

Configure the following components:
  • HTTP Status Code: By default, 2xx, 4xx, and 5xx status codes are supported.
  • Content-Type: text/plain, text/css, text/html, application/javascript, or application/json
  • Message Body: This parameter is optional. The value is a string of 0 to 1,024 characters.
NOTE:

If Action is set to Return a specific response body, you can also select the additional action Limit request.

For details, see Table 4.

Example

text/plain

Sorry, the language is not supported.

text/css

<head><style type="text/css">div {background-color:red}#div {font-size:15px;color:red}</style></head>

text/html

<form action="/" method="post" enctype="multipart/form-data"><input type="text" name="description" value="some text"><input type="file" name="myFile"><button type="submit">Submit</button></form>

application/javascript

String.prototype.trim = function() {var reExtraSpace = /^\s*(.*?)\s+$/;return this.replace(reExtraSpace, "$1")}

application/json

{ "publicip": { "type": "5_bgp","ip_version": 4},"bandwidth": {"name": "bandwidth123","size": 10,"share_type": "PER"}}
NOTE:

Ensure that the response body does not contain carriage return characters. Otherwise, it cannot be saved.

Table 4 Actions (optional)

Action

Description

Rewrite

Rewrites the request URL before forwarding requests to the specified backend server group.

Configure the following parameters:
  • Domain Name: A domain name consists of at least two labels separated by periods (.). Each label can contain only letters, digits, hyphens (-), and dots (.), must start with a letter, digit, or asterisk (*), and cannot end with a hyphen (-). ${host}: retains the domain name of the request.
  • Path: A path can contain letters, digits, and special characters: _~';@^-%#&$.*+?,=!:|\/()[]{} and must start with a slash (/). ${path}: retains the path of the request.
    NOTE:

    If you select regular expression match, the request path will be overwritten by the variables that match the regular expressions. For details, see Path Matching Based on Regular Expressions.

  • Query String: A query string can contain only letters, digits, and the following special characters: !$'()*+,./:;=?@&^-_', and ampersand (&) can only be used as a separator.
NOTE:

The domain name, path, and query string cannot be left blank or made default.

Write header

Writes the configured header into the request before forwarding it to the specified backend server group.

You can specify the key and value of the header you want to write into the request that matches the forwarding rule. The headers you have configured will overwrite the existing headers. By default, you can configure five headers.

A header consists of a key and one or more values. You need to configure the key and values separately.
  • Key: A key contains 1 to 40 characters and can contain only letters, digits, underscores (_), and hyphens (-).
  • A key can have one or more values. The value contains 1 to 128 characters, including only letters, digits, and special characters: !#$%&'()*+,.\/:;<=>?@[]^-_'{|}~. Asterisks (*) and question marks (?) can be used as wildcard characters.
    • Manually-defined value: Manually specify a header value.

      Each value cannot start or end with a space and can contain only letters, digits, and special characters: !#$%&'"()*+,.\\/:;<=>?@[]^-_`{|}~

    • System-defined value: The following options are supported.

      Client port, client IP address, request protocol, load balancer instance ID, listener port, load balancer EIP, and load balancer private IP

    • Reference value: Use the value of a request header.

      The value can contain only letters, digits, underscores (_), and hyphens (-).

For details about how to write a header, see Table 5.

Remove header

Removes the configured headers from the request before forwarding it to the specified backend server group.

You can specify the value of the header you want to remove from the request that matches the forwarding rule. The headers match the ones you have configured will be removed from the requests. By default, you can configure five headers.

The key can contain only letters, digits, underscores (_), and hyphens (-).

Limit request

Limits the maximum number of queries per second if Forward to a backend server group or Return a specific response body is selected as the action.

You need to configure the following parameters:

  • QPS (Total): Specifies the maximum number of queries per second (QPS). The value ranges from 1 to 100000. If the number of requests reaches the specified value, new requests will be discarded and 503 Service Unavailable will be returned to the client.
  • QPS (Client IP Address): Specifies the maximum number of QPS from a source IP address. The value ranges from 1 to 100000. If both QPS (Total) and QPS (Client IP Address) are configured, the latter value must be smaller than the former. If the number of requests reaches the specified value, new requests will be discarded and the 503 status code will be returned to the client.
    NOTE:

    QPS (Client IP Address) is not available for QUIC listeners.

Table 5 Writing a header

Request Header

Header Key

Header Value

Written Request Header

header1:aaa

header2:bbb

header3

Manually-defined value

ccc

header1:aaa

header2:bbb

header3:ccc

header3

System-defined value

Client port

header1:aaa

header2:bbb

header3: Client port

header3

Reference value

header1

header1:aaa

header2:bbb

header3:aaa

The value of the following headers (case-insensitive) cannot be modified:

connection, upgrade, content-length, transfer-encoding, keep-alive, te, host, cookie, remoteip, authority, x-forwarded-host, x-forwarded-for, x-forwarded-for-port, x-forwarded-tls-certificate-id, x-forwarded-tls-protocol, x-forwarded-tls-cipher, x-forwarded-elb-ip, x-forwarded-port, x-forwarded-elb-id, x-forwarded-elb-vip, x-real-ip, x-forwarded-proto, x-nuwa-trace-ne-in, and x-nuwa-trace-ne-out.

Path Matching

Table 6 shows how paths configured in the forwarding policies match those in the requests.

Table 6 Path matching examples

Request Path

Forwarding Policy

Specified Path

Matching Mode

Forwarding Policy Priority

Destination Backend Server Group

/elb/abc.html

Forwarding policy 01

/elb/abc.html

Prefix match

1

Backend server group 01

Forwarding policy 02

/elb

Prefix match

2

Backend server group 02

/exa/index.html

Forwarding policy 03

/exa[^\s]*

Regular expression match

3

Backend server group 03

Forwarding policy 04

/exa/index.html

Regular expression match

4

Backend server group 04

/mpl/index.html

Forwarding policy 05

/mpl/index.html

Exact match

5

Backend server group 05

URLs are matched as follows:

  • When the request path is /elb/abc.html, it matches both forwarding policy 01 and forwarding policy 02. However, the priority of forwarding policy 01 is higher than that of forwarding policy 02. Forwarding policy 01 is used, and requests are forwarded to backend server group 01.
  • When the request path is /exa/index.html, it matches both forwarding policy 03 and forwarding policy 04. However, the priority of forwarding policy 03 is higher than that of forwarding policy 04. Forwarding policy 03 is used, and requests are forwarded to backend server group 03.
  • If the request path is /mpl/index.html, it matches forwarding policy 05 exactly, and requests are forwarded to backend server group 05.

Path Matching Based on Regular Expressions

A path can contain letters, digits, and special characters: _~';@^-%#&$.*+?,=!:|\/()[]{} and must start with a slash (/). ${path} retains the path of the request.

If you select regular expression match, the request path will be overwritten by the variables that match the regular expressions.

How Request Paths Are Overwritten

  1. Path matching: The client sends a request, and the request matches a regular expression in the forwarding rule. You can specify one or more regular expressions as the match conditions and set multiple capture groups represented by parentheses ( ) for one regular expression.
  2. Extraction and replacement: extracts the content from the capture groups.
  3. Destination path: writes them to $1, $2, all the way to $9 configured for the path.

Example

When a client requests to access /test/ELB/elb/index, which matches the regular expression /test/(.*)/(.*)/index, $1 will be replaced by ELB and $2 by elb, and then the request will be redirected to /ELB/elb.

Table 7 URL matching based on regular expressions

Matching Step

Description

Forwarding rule: path

Regular expression match

  • Matching condition: /test/(.*)/(.*)/index
  • Request URL: /test/ELB/elb/index

Action: rewrite or redirect to another URL

Path

  • Path: /$1/$2
  • Extracting content

    $1: ELB

    $2: elb

  • Destination path: /ELB/elb