Hello Team,
I am trying to rewrite https://exapmle.in.com to https://exapmle2.out.net (URL are fake).
I have tried HTTP header rewriting ( without success) and body rewriting 9 the URL was redirecting to the new URL, which is not our case).
We need to keep the traffic to Fortiweb and not redirect the traffic to the end URL.
Bello the config
config waf url-rewrite url-rewrite-rule
edit "ASK-AI-REWRITING"
set host-status enable
set host exapmle.in.com
config header-insert
end
config response-header-insert
end
config header-removal
end
config response-header-removal
end
set request-remove-duplicate-headers disable
config match-condition
edit 1
set reg-exp exapmle2.out.net
set HTTP-protocol https
next
end
next
end
config waf url-rewrite url-rewrite-rule
edit "ASK-AI-REWRITING-2"
set action http-response-header-rewrite
set location_replace $0exapmle.in.com$1
set location-status enable
config header-insert
end
config response-header-insert
end
config header-removal
end
config response-header-removal
end
set response-replace-existing-headers enable
config match-condition
edit 1
set object http-location
set reg-exp (.*)exapmle2.out.net(.*)
next
end
next
end
Attached the URL RULE.
The problem is that the end Application Server is not accepting Requests that done not have exapmle2.out.net in HTTP HEADER( body).
Solved! Go to Solution.
Hello,
We found the solution.
Request Action
1- Request action should match HTTP Host (whole URL- URL1))
2- Replacement URL - select Host - the backend URL (URL2)
Response action
1- Match both HTTP location with syntax (/*)URL2(/*)
and HTTP Host with syntax (.*)URL2(.*)
2- Replacement String: Location - URL1
3- HTTP header Insertion enabled with Replace existing header and syntax $0URL1$1
4- HTTP Header Removal enabled (remove Duplicate Headers)
Also, the backend service should match the frontend service (HTTPs-->HTTPs or HTTP-->HTTP)
URL Policy
So in the first KB link I posted there is a section titled "Example: Full host name/URL translation", so I experimented with variations on this (too many to list if I'm being honest) without much luck. Then I tried using a regex debugger for testing but didn't get very far with that before the end of my work day. Left it so that the full .com URL redirects to the .co.uk TLD, which Is easy enough but not what the business wants, sadly.
Hi Vasili
Can you pose a screenshot of the rule (from the WebUI)?
hello,
Bellow the screenshots
Hi Vasili
In URL rewrite condition you select HTTP Host, and you write example.in.com.
And in Replacement URL you enable only Host (not URL) and you write example2.out.net.
Created on 05-05-2025 11:40 PM Edited on 05-05-2025 11:48 PM
Hello,
This is not our case.
If Host rewriting is selected, the traffic will be redirected to the new URL and not maintained to the original URL, and we can not monitor or block any attack.
.
Hi Vasili
I don't fully agree.
Here I mean the action is "Rewrite HTTP Header" and not redirection.
When you rewrite the "Host" HTTP header in the request, the back-end server can see the requested host is example2.out.net and not exapmle.in.com. And here there is no redirection done.
Hello,
The traffic is permanently moved ( HTTP code 301 - from the above pic).
The real server sees it with the new header (only traffic with the backend server is permitted in our case), but the traffic is moved to the new URL, unfortunately.
User | Count |
---|---|
2534 | |
1350 | |
795 | |
639 | |
455 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.