Help
FortiADC
FortiADC enhances the scalability, performance, and security of your applications whether they are hosted on premises or in the cloud.
kmak
Staff
Staff

Created on ‎03-11-2025 11:56 PM Edited on ‎03-11-2025 11:59 PM By Community Manager

Article Id 381690

Technical Tip: How to use LUA script for content routing with the matching of Host Header and Custom Header

Description This article describes the steps to use the LUA script for content routing with the matching of the Host Header and Custom Header.
Scope FortiADC.
Solution

Prerequisite:

  • FortiADC Server Load Balance Content Routing Policy created.
  • FortiADC Server Load Balance Virtual Server on Layer-7 HTTP/HTTPS profile.

 

FortiADC Server Load-Balance (SLB) Content Routing Policy supports matching several conditions, but it does not have the option to match a custom HTTP header.

To route HTTP request to backend Real Server Pools based on the HTTP Host Header and custom HTTP Header, configure Scripting (LUA script) is the only option to do content routing by matching the specific HTTP Host Header and custom HTTP Header.

 

  1. Create the Content Routing rule with the Real Server Pool assigned. No matching condition is required as the Scripting will be used for the content-matching route.

 

kmak_0-1741751923540.jpeg

 

  1. Create the HTTP script under FortiADC -> Server Load Balance -> Scripting.

 

kmak_1-1741751923545.jpeg

 

  1. Use the below LUA script for the HTTP script content routing. The script checks the Host header and X-Custom header. If both the Host Header and the X-Custom header value match the conditions, the script will route the HTTP request on ContentRouting-01 policy Server Pool setting. If the conditions do not match, the HTTP-SLB closes the connections.

 

when HTTP_REQUEST{

-- Get the Host header

host = HTTP:header_get_value("Host")

 

-- Get the X-Custom header

cust_header = HTTP:header_get_value("X-Custom")

 

-- Condition: Check if X-Custom matches exactly "abcde" or "fijkl"

header_condition = (cust_header == "abcde" or cust_header == "fijkl")

 

-- Condition 2: Check if Host and X-Custom headers match, if matched then route with rule "ContentRouting-01"

if host == "header.ft-dev.site" and header_condition then

    log("Matched Hostname and Custom-Header!") -- Log script line

        LB:routing("ContentRouting-01")

else

 

-- No condition matches, close connection

HTTP:close()

end

}

 

  1. Go to the Server Load Balance Virtual Server and edit the layer-7 HTTP/HTTPS Virtual Server. Enable the Content Routing and select the Content Routing rule.

 

kmak_2-1741751923548.jpeg

 

  1. Configure the Scripting policy onto the Layer-7 HTTP/HTTPS Virtual Server.

 

kmak_3-1741751923553.jpeg

 

  1. Test the Layer-7 HTTP SLB access using cURL with added the custom header.
  • cURL with X-Custom header value not matching the defined value:

 

kmak_4-1741751923554.jpeg

 

  • cURL with X-Custom header value matching the defined value:

 

kmak_5-1741751923557.jpeg

 

Related document:

Overview
Labels:
64
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.