With Layer 7 virtual servers, you can optionally configure load balancer rules and customize load balancing behavior using match or action rules.

Load Balancer rules support REGEX for match types. PCRE style REGEX patters is supported with a few limitations on advanced use cases. When REGEX is used in match conditions, named capturing groups are supported.

REGEX restrictions include:
  • Character unions and intersections are not supported. For example, do not use [a-z[0-9]] and [a-z&&[aeiou]] instead use [a-z0-9] and [aeiou] respectively.
  • Only 9 back references are supported and \1 through \9 can be used to refer to them.
  • Use \0dd format to match octal characters, not the \ddd format.
  • Embedded flags are not supported at the top level, they are only supported within groups. For example, do not use "Case (?i:s)ensitive" instead use "Case ((?i:s)ensitive)".
  • Preprocessing operations \l, \u, \L, \U are not supported. Where \l - lowercase next char \u - uppercase next char \L - lower case until \E \U - upper case to \E.
  • (?(condition)X), (?{code}), (??{Code}) and (?#comment) are not supported.
  • Predefined Unicode character class \X is not supported
  • Using named character construct for Unicode characters is not supported. For example, do not use \N{name} instead use \u2018.

When REGEX is used in match conditions, named capturing groups are supported. For example, REGEX match pattern /news/(?<year>\d+)-(?<month>\d+)-(?<day>\d+)/(?<article>.*) can be used to match a URI like /news/2018-06-15/news1234.html.

Then variables are set as follows, $year = "2018" $month = "06" $day = "15" $article = "news1234.html". After the variables are set, these variables can be used in load balancer rule actions. For example, URI can be rewritten using the matched variables like, /news.py?year=$year&month=$month&day=$day&article=$article. Then the URI gets rewritten as /news.py?year=2018&month=06&day=15&article=news1234.html.

Rewrite actions can use a combination of named capturing groups and built-in variables. For example, URI can be written as /news.py?year=$year&month=$month&day=$day&article=$article&user_ip=$_remote_addr. Then the example URI gets rewritten as /news.py?year=2018&month=06&day=15&article=news1234.html&user_ip=1.1.1.1.

Note: For named capturing groups, the name cannot start with an _ character.
In addition to named capturing groups, the following built-in variables can be used in rewrite actions. All the built-in variable names start with _.
  • $_args - arguments from the request
  • $_arg_<name> - argument <name> in the request line
  • $_cookie_<name> - value of <name> cookie
  • $_upstream_cookie_<name> - cookie with the specified name sent by the upstream server in the "Set-Cookie" response header field
  • $_upstream_http_<name> - arbitrary response header field and <name> is the field name converted to lower case with dashes replaced by underscores
  • $_host - in the order of precedence - host name from the request line, or host name from the "Host" request header field, or the server name matching a request
  • $_http_<name> - arbitrary request header field and <name> is the field name converted to lower case with dashes replaced by underscores
  • $_https - "on" if connection operates in SSL mode, or "" otherwise
  • $_is_args - "?" if a request line has arguments, or "" otherwise
  • $_query_string - same as $_args
  • $_remote_addr - client address
  • $_remote_port - client port
  • $_request_uri - full original request URI (with arguments)
  • $_scheme - request scheme, "http" or "https"
  • $_server_addr - address of the server which accepted a request
  • $_server_name - name of the server which accepted a request
  • $_server_port - port of the server which accepted a request
  • $_server_protocol - request protocol, usually "HTTP/1.0" or "HTTP/1.1"
  • $_ssl_client_cert - returns the client certificate in the PEM format for an established SSL connection, with each line except the first prepended with the tab character
  • $_ssl_server_name - returns the server name requested through SNI
  • $_uri - URI path in request
  • $_ssl_ciphers: returns the client SSL ciphers
  • $_ssl_client_i_dn: returns the "issuer DN" string of the client certificate for an established SSL connection according to RFC 2253
  • $_ssl_client_s_dn: returns the "subject DN" string of the client certificate for an established SSL connection according to RFC 2253
  • $_ssl_protocol: returns the protocol of an established SSL connection
  • $_ssl_session_reused: returns "r" if an SSL session was reused, or "." otherwise

Prerequisites

Verify a Layer 7 virtual server is available. See Configure Layer 7 Virtual Servers in Manager Mode.

Procedure

  1. Open the Layer 7 virtual server.
  2. Skip to the Virtual Server Identifiers page.
  3. Enter the virtual server IP address and port number.
    You can enter the virtual server port number or port range.
  4. Complete the advanced properties details.
    Option Description
    Maximum Concurrent Connection Set the maximum concurrent connection allowed to a virtual server so that the virtual server does not deplete resources of other applications hosted on the same load balancer.
    Maximum New Connection Rate Set the maximum new connection to a server pool member so that a virtual server does not deplete resources.
    Default Pool Member Port Enter a default pool member port if the pool member port for a virtual server is not defined.

    For example, if a virtual server is defined with port range 2000–2999 and the default pool member port range is set as 8000-8999, then an incoming client connection to the virtual server port 2500 is sent to a pool member with a destination port set to 8500.

  5. (Optional) Select an existing default server pool from the drop-down menu.
    The server pool consists of one or more servers, called pool members that are similarly configured and running the same application.
  6. Click Add to configure the load balancer rules for the HTTP Request Rewrite phase.
    Supported match types are, REGEX, STARTS_WITH, ENDS_WITH, etc and inverse option.
    Supported Match Condition Description
    HTTP Request Method Match an HTTP request method.

    http_request.method - value to match

    HTTP Request URI Match an HTTP request URI without query arguments.

    http_request.uri - value to match

    HTTP Request URI arguments Match an HTTP request URI query argument.

    http_request.uri_arguments - value to match

    HTTP Request Version Match an HTTP request version.

    http_request.version - value to match

    HTTP Request Header Match any HTTP request header.

    http_request.header_name - header name to match

    http_request.header_value - value to match

    HTTP Request Payload Match an HTTP request body content.

    http_request.body_value - value to match

    TCP Header Fields Match a TCP source or the destination port.

    tcp_header.source_port - source port to match

    tcp_header.destination_port - destination port to match

    IP Header Fields Match an IP source or destination address.

    ip_header.source_address - source address to match

    ip_header.destination_address - destination address to match

    Action Description
    HTTP Request URI Rewrite Modify an URI.

    http_request.uri - URI (without query arguments) to write

    http_request.uri_args - URI query arguments to write

    HTTP Request Header Rewrite Modify value of an HTTP header.

    http_request.header_name - header name

    http_request.header_value - value to write

  7. Click Add to configure the load balancer rules for the HTTP Request Forwarding.
    All match values accept regular expressions.
    Supported Match Condition Description
    HTTP Request Method Match an HTTP request method.

    http_request.method - value to match

    HTTP Request URI Match an HTTP request URI.

    http_request.uri - value to match

    HTTP Request URI args Match an HTTP request URI query argument.

    http_request.uri_args - value to match

    HTTP Request Version

    Match an HTTP request version.

    http_request.version - value to match

    HTTP Request Header

    Match any HTTP request header.

    http_request.header_name - header name to match

    http_request.header_value - value to match

    HTTP Request Payload

    Match an HTTP request body content.

    http_request.body_value - value to match

    TCP Header Fields

    Match a TCP source or the destination port.

    tcp_header.source_port - source port to match

    tcp_header.destination_port - destination port to match

    IP Header Fields

    Match an IP source address.

    ip_header.source_address - source address to match

    Action Description
    Reject Reject a request, for example, by setting status to 5xx.

    http_forward.reply_status - HTTP status code used to reject

    http_forward.reply_message - HTTP rejection message

    Redirect Redirect a request. Status code must be set to 3xx.

    http_forward.redirect_status - HTTP status code for redirect

    http_forward.redirect_url - HTTP redirect URL

    Select Pool

    Force the request to a specific server pool. Specified pool member's configured algorithm (predictor) is used to select a server within the server pool.

    http_forward.select_pool - server pool UUID

  8. Click Add to configure the load balancer rules for the HTTP Response Rewrite.
    All match values accept regular expressions.
    Supported Match Condition Description
    HTTP Response Header Match any HTTP response header.

    http_response.header_name - header name to match

    http_response.header_value - value to match

    Action Description
    HTTP Response Header Rewrite Modify the value of an HTTP response header.

    http_response.header_name - header name

    http_response.header_value - value to write

  9. (Optional) Click Next to configure load balancing profiles.
  10. Click Finish.