Introduction:

Company A tries to replace the HTTP Host header field value with the correct server domain information.

FortiADC configurations were focused on server load balancing with Level 7 type without security profile common setup with a single real-server. This article focused on script examples. Hence, only scripting-related information will be published.

Create custom script:

1. Go to Server Load Balance -> Scripting -> HTTP, then select 'Create New' for a new script entry.

     2. Under the new edit window, input the suggested Lua script statement.

3. For further explanation refer to each comment:

1. when HTTP_REQUEST{
2.               --get http header "Host" value, and store it under Hcontent variable
3.               Hcontent = HTTP:header_get_value("Host")
4.               --setup conditional check if Host criteria doesn't match
5.               if Hcontent~="www.example.com" then
6.               --record output when Hcontent doesn't match criteria before replacement
7.               log("Host value is %s and need to be replace\n", Hcontent)
8.               --execute header value replace
9.               HTTP:header_replace("Host", "www.example.com")
10.               --while criteria match, record output for tracking purposes
11.               else
12.               log("Correct Host value %s \n", Hcontent)
13.               end

}

Note:

Refer to the article for how to generate script log.

4. Assign script object to preferred server load balance policy.

Validation:

• Verify with the correct Host domain.
• Sent HTTP Request from HTTPie client Tool.

Review Script log about the captured Host information.

 Review the Web server log about the Host information.

Conclusion:

Based on observer information, the client web request was sent correct domain, HTTP header was recorded under the script log accordingly. Furthermore, the Web server log confirmed script was functioning as expected while the domain was the correct domain, no further replacement will happen.

• Verify with other Host domains.
• Sent HTTP Request from HTTPie Client Tool.

 Review the Script log about the captured Host information.

Review the Web server log about the Host information.

Conclusion:

Based on observer information, the client web request was sent with another domain, HTTP header was recorded under the script log accordingly, indicating it has executed the HTTP header replace function correctly. Furthermore, the Web server log confirmed script was functioning as expected while the domain was replaced with the correct domain.

Note:

• Script examples provided were tested in a controlled environment. Verify the script under the staging environment before implementation.
• Script criteria were tested and worked with Content-Type and Cookie HTTP header.