If you want to distribute and process traffic based on request attributes, such as domain names and paths, or information in requests, such as HTTP headers and cookies, you can create custom forwarding rules for a listener. The listener forwards requests based on the forwarding rules. This topic describes how forwarding rules work and how to create and manage forwarding rules.
How forwarding rules work
Types of forwarding rules
Forwarding rules are classified into default forwarding rules and custom forwarding rules.
Default forwarding rule: After you create a listener, the system automatically creates a default forwarding rule and associates the rule with the default endpoint group. A listener has only one default forwarding rule, and you cannot change the priority of, modify, or delete the default forwarding rule.
Custom forwarding rule: After you create a listener, you can create custom forwarding rules based on your business requirements. You can create multiple custom forwarding rules for a listener, and you can change the priorities of custom forwarding rules.
Components of forwarding rules
Each forwarding rule contains forwarding conditions and forwarding actions. The forwarding actions are performed on requests that match all forwarding conditions.
The forwarding conditions and the forwarding actions supported by a listener vary based on the listener protocol:
Listener protocol | Forwarding condition | Forwarding action |
TCP or UDP | Host | Forward and Drop Traffic |
HTTP or HTTPS | Host, Path, HTTP Header, HTTP Request Method, Cookie, SourceIP, and Query String | Forward, Redirect, Return Fixed Response, Rewrite, Add Header, Remove Header, and Drop Traffic |
If your standard GA instance supports only forwarding conditions of the Host and Path types and forwarding actions of the Forward type, the instance may be using an earlier version. Contact your account manager to upgrade your GA instance.
If the TCP or UDP listener of your standard GA instance does not support forwarding rules, the instance may be using an earlier version. Contact your account manager to upgrade your GA instance.
How requests are matched against forwarding rules
Requests are matched against custom forwarding rules in descending order of priority. Forwarding rules that have smaller numbers have higher priorities.
If a request matches all forwarding conditions of a custom forwarding rule, all forwarding actions of the custom forwarding rule are immediately performed.
If a request fails to match the current custom forwarding rule, the request is matched against the custom forwarding rule that has a lower priority.
If a request fails to match a custom forwarding rule, the request is forwarded to the default endpoint group based on the default forwarding rule, which has the lowest priority.
If a TCP or UDP listener has multiple default endpoint groups and the default forwarding rule applies, network traffic is forwarded based on the traffic distribution ratios of the endpoint groups. For more information, see Distribute traffic across endpoint groups in different scenarios.
If the path is set to /*
, requests to all paths are matched. If you want to forward unexpected requests, you can set the path in the forwarding condition to /*
, set the forwarding action to Return Fixed Responses, and set the status code to 404 or 403. After you configure the forwarding rule, drag the rule to the second-to-last position in the rule list.
Prerequisites
A standard Global Accelerator instance is created. For more information, see Create and manage standard GA instances.
A basic bandwidth plan is purchased and associated with the GA instance whose bandwidth billing method is subscription.
An intelligent routing listener is added. For more information, see Add and manage intelligent routing listeners.
Create a forwarding rule
To create a forwarding rule that performs specific actions on requests that meet specific conditions, perform the following steps:
Log on to the GA console.
On the Instances page, find the GA instance that you want to manage and click Configure Listeners in the Actions column.
On the Listeners tab, find the listener that you want to manage and click the ID of the listener.
On the listener details page, click Forwarding Rule.
On the Forwarding Rule tab, click Add Forwarding Rule, configure the following parameters, and then click OK.
Forwarding rules of HTTP or HTTPS listeners
Parameter
Description
Name
Enter a name for the forwarding rule.
If (Matching All Conditions)
Select a type of condition. You can click Add Forwarding Rule to add multiple conditions.
Host: Enter one or more domain names. Exact domain names, wildcard domain names, and regular expressions are supported. For more information, see Domain name-based forwarding rules.
You can create only one Host condition in a forwarding rule. You can specify multiple domain names in a Host condition. The logical relation between multiple domain names is OR.
Example: *.example.com.
Path: Enter one or more paths. Exact paths, wildcard paths, and regular expressions are supported. For more information, see Path-based forwarding rules.
You can create multiple forwarding conditions of the Path type in a forwarding rule. The logical relation between multiple forwarding conditions of the Path type is OR. You can specify multiple paths in a forwarding condition of the Path type. The logical relation between multiple paths is OR.
For example, if the URL is
www.example.com/test/test1?x=1&y=2
, you can set the parameter to /test/*.HTTP Header: Enter the key of an HTTP header in the Key field and the value of the HTTP header in the Value field. You can enter multiple values. You can create multiple HTTP Header conditions in a forwarding rule. The logical relation between multiple conditions of the HTTP Header type is AND. Each HTTP header key must be unique. You can configure multiple HTTP header values in each HTTP Header condition. Each HTTP header value must be unique.
Example: Key: user-agent. Value: *Mozilla/4.0*.
HTTP Request Method: Select an HTTP request method. Valid values: HEAD, GET, POST, OPTIONS, PUT, PATCH, and DELETE. You can create only one HTTP Request Method condition in a forwarding rule. You can specify multiple HTTP request methods in one condition. The logical relation between multiple HTTP request methods is OR.
Cookie: Enter one or more cookies. You can create multiple Cookie conditions in a forwarding rule. The logical relation between multiple Cookie conditions is AND. You can specify multiple key-value pairs in a Cookie condition. The logical relation between multiple key-value pairs is OR.
Example: key:value.
SourceIP: Enter one or more IP addresses or CIDR blocks. You can create only one SourceIP condition in a forwarding rule. You can specify multiple IP addresses or CIDR blocks in a condition. The logical relation between multiple IP addresses or CIDR blocks is OR.
Example of an IP address: 1.1.XX.XX/32. Example of a CIDR block: 2.2.XX.XX/24.
Query String: Enter one or more query strings. You can create multiple Query String conditions in a forwarding rule. The logical relation between multiple Query String conditions is AND. You can specify multiple key-value pairs in a condition of the Query String type. The logical relation between multiple key-value pairs is OR.
For example, if the URL is
www.example.com/test/test1?x=1&y=2
, you can set the parameter to x: 1 or y: 2.
Then
Select a type of action. You can click Add Action to add multiple actions.
NoteEach forwarding rule must contain a Forward, Redirect, or Return Fixed Response action. This ensures that the GA instance continues to forward client requests.
A forwarding rule can contain only one action of the following types: Forward, Redirect, or Return Fixed Response.
If a forwarding rule contains an action of the Rewrite, Add Header, or Remove Header type, configure an action of the Forward type for the forwarding rule. The Rewrite, Add Header, or Remove Header action must be executed before the Forward action.
Forward: Select the destination virtual endpoint group.
Redirect: Configure the Protocol, Status Code, Hosts, Port, Path, and Search parameters. You cannot leave the Protocol, Hosts, Port, Path, and Query parameters empty at the same time or use the default values for the parameters at the same time.
For more information about how to configure Path for a Redirect action, see Configure paths for rewrites and redirects.
Return Fixed Response: Configure the Response Status Code, Response Content Type, and Response Content parameters.
Rewrite: Configure the Domain Name, Path, and Search parameters.
For more information about how to configure Path for a Rewrite action, see Configure paths for rewrites and redirects.
Add Header: Enter an HTTP header key in the Key field and an HTTP header value in the Value field. The specified header overwrites the headers in requests. The HTTP header keys in different Add Header actions must be unique and must be different from the keys in the Remove Header actions.
Remove Header: Enter an HTTP header key. The HTTP header keys in different Remove Header actions must be unique and must be different from the keys in the Add Header actions.
Drop Traffic: GA drops traffic.
Forwarding rules of TCP and UDP listeners
ImportantWhen you add a forwarding rule for a TCP or UDP listener, make sure that the backend service to which traffic is forwarded is an HTTPS service. Otherwise, the forwarding rule does not take effect.
Parameter
Description
Name
Enter a name for the forwarding rule.
If (Matching All Conditions)
Select a type of condition. Only Host is supported.
Exact domain names, wildcard domain names, and regular expressions are supported. For more information, see Domain name-based forwarding rules.
Example: *.example.com.
You can click + Add Domain Name to add multiple forwarding conditions of the Host type. The logical relation between multiple Host conditions is OR.
Then
Select a type of action.
A forwarding rule can contain only one forwarding action of the Forward or Drop Traffic type.
Forward: Select the default endpoint group or a virtual endpoint group.
Drop Traffic: Drops traffic.
You can click Add New Rule to add multiple forwarding policies at a time.
If you want to add multiple forwarding rules, click Add Forwarding Rule.
More operations
You cannot modify, change the priority of, or delete the default forwarding rule.
Operation | Procedure |
Modify a forwarding rule | On the Forwarding Rule tab, find the forwarding rule that you want to modify, move the pointer over the upper-right corner, and then click the icon that appears. Configure the forwarding rule and click Save. |
Change the priority of a forwarding rule | Rules are evaluated in descending order of priority. A lower value specifies a higher priority. You can change the priority of a custom forwarding rule. You cannot change the priority of the default forwarding rule. On the Forwarding Rule tab, find and drag the forwarding rule to the desired position, and then click Save Priority Changes in the upper-right corner. |
Delete a forwarding rule | Delete a forwarding rule
Delete multiple forwarding rules
|
Examples
Forward requests to a specific virtual endpoint group
A web application is deployed on two servers and provides services by using the domain names example.com
and example.net
. GA is used to accelerate access to the application and improve user experience.
You can create an HTTPS listener in GA, add a default endpoint group, and associate a default certificate with the listener. This way, requests destined for example.com
are forwarded to the default endpoint group. Then, you can add a virtual endpoint group, associate an additional certificate with the listener, and then create a Host forwarding rule to forward requests that are destined for example.net
to a virtual endpoint group.
The following figure shows how to configure a Host forwarding rule.
For more information about how to configure multiple certificates and forwarding rules to accelerate access to multiple domain names over HTTPS, see Use one GA instance to accelerate access to multiple HTTPS-capable domain names.
Redirect HTTP requests to HTTPS
To improve security, a website switches from HTTP to HTTPS. However, existing users may not be able to access the website by using HTTP. In this example, you can create a Redirect forwarding rule in GA, and use 301 redirects to redirect HTTP requests to HTTPS.
In this example, requests destined for port 80 of the HTTP listener are redirected to port 443 of the HTTPS listener. The following figure shows how to configure a Redirect forwarding rule.
Drop traffic based on domain names
A website provides external services through the domain name example.com
and hosts the domain name on a Content Delivery Network (CDN) service. To improve user experience, the website deploys GA and specifies the CDN service as the backend service of GA. This way, the delivery of website resources is accelerated.
Multiple tenants connect to the CDN service by sharing the same IP address. When GA accelerates access to example.com
, GA also provides acceleration services for the CDN service. If other tenants of the CDN service obtain the accelerated IP address of GA, the tenants can resolve other domain names, such as example.net
, to the accelerated IP address and accelerate these domain names. This results in additional traffic and costs for example.com
, and may cause security risks.
To prevent the risks, you can configure a forwarding rule that forwards only requests from example.com
and drops requests from other domain names. This way, requests from different domain names are isolated and the sources of requests are verified to ensure website security.
In this example, requests from the example.com
domain name are forwarded to the backend service in the corresponding endpoint group. Requests from other domain names are dropped.
References
CreateForwardingRules: creates a forwarding rule.
UpdateForwardingRules: updates a forwarding rule.
ListForwardingRules: queries information about forwarding rules.
DeleteForwardingRules: deletes forwarding rules.