Help
FortiADC
FortiADC enhances the scalability, performance, and security of your applications whether they are hosted on premises or in the cloud.
shafiq23
Staff & Editor
Staff & Editor

Created on ‎12-17-2024 10:55 PM Edited on ‎12-17-2024 11:17 PM By Community Manager

Article Id 365346

Technical Tip: Use pattern matching to replace HTTP Host using LUA script

Description This article describes how to use pattern matching to replace HTTP Host(to real server) in virtual server scripting and steps to debug virtual server scripting issues.
Scope FortiADC.
Solution

Requirement:
Translate HTTP Host header value with pattern matching when forwarding client’s request to real server pool.

 

Client Request -> FortiADC VS:
https://fadc-uat.lab.local

 

FortiADC VS -> real server pool:
https://fadc-uat-int.lab.local

 

  • Create Scripting under Server Load Balance -> Scripting -> Create New.
    a. Define name.
    b. Input Lua script statement.
    c. Select Save.

 

when HTTP_REQUEST {
-- Get the Host header
hostname = HTTP:header_get_value("Host")
debug("Original HTTP host is: %s\n", hostname)
-- Perform pattern check using regex
local match_result = string.match(hostname, "^fadc%-(.*)%.lab%.local$")
if match_result then
-- format of string.gsub(input, pattern, replacement) / "%1" in replacement is back-reference for call group in pattern
new_host = string.gsub(hostname, "^fadc%-(.*)%.lab%.local$", "fadc-%1-int.lab.local")
-- debug print to help troubleshoot issues with string/pattern matching
debug("New HTTP host is: %s\n", new_host)
-- Replace HTTP Host with new string replacement
HTTP:header_replace("Host", new_host)
LB:routing("DVWA_CR")
else
-- print as such if nothing is matched
debug("HTTP Host did not match the pattern.\n")
end
}

 

2.PNG

 

 

Details and comments of the Lua script used in this article:

 

3.PNG

 

  1. Assign a virtual server with the created script under Server Load Balance -> Virtual Server, edit the respective virtual server, enable Scripting, and select the  created script:

 

4.PNG

 

Demonstration:
• Simulate request to FortiADC virtual server e.g https://fadc-uat.lab.local/login.php
• Expect script to replace HTTP host when forwarding the request to the real server pool.

 

 

6.PNG

 

SLB traffic log: Client request to FortiADC virtual server

 

5.PNG

 

Packet capture: Client request forwarded to real server – HTTP host is replaced with a new value

 

Note:

In this demonstration, only the request HTTP Host is translated/replaced.

 

Debugging commands for troubleshooting:


diagnose debug module httproxy scripting set
diagnose debug module httproxy scripting_minor set
diagnose debug enable

 

Disabling debugging output:


diagnose debug disable
diagnose debug module httproxy all unset

 

Related document:

FortiADC - HTTP Scripting 
662
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.