DescriptionThis KB article describes a scenario, where a web browser on the end user PC is redirected to an unwanted URL, sent by a real web server.
It will be shown, how to configure the FortiBalancer unit to intercept the HTTP reply and to modify its content.
Scenario:
- A web browser request http://www.myserver.com on your virtual service "VirtualServer" port 80 is started.
- The web browser is redirected to the real server on port 9001, requesting the GET http://www.myserver.com
- The web server process on the real server is configured to redirect the user, and returns the HTTP redirect to http://www.myserver.com:9001/otherLoginURL
- The web browser on client PC tries to access http://www.myserver.com:9001/otherLoginURL , with no success.
Initial FortiBalancer configuration (an example for the above scenario):
Virtual servers
slb virtual http "VirtualServer" 10.1.1.1 80 arp 0
Real Servers
slb real http "Server1" 10.100.100.11 9001 1000 tcp 3 3
slb real http "Server2" 10.100.100.12 9001 1000 tcp 3 3
Server groups
slb group member "ServerGroup" "Server1" 1 0
slb group member "ServerGroup" "Server2" 1 0
slb group activation "ServerGroup" 1
slb group method "ServerGroup" sr
Policy
slb policy default "VirtualServer" "ServerGroup"
SolutionConfigure the port number rewrite in the HTTP response, using the CLI:
FBL(config)#http rewrite response port VirtualServer remove
This will remove the port number from the HTTP header of the reply, so that the web browser on end user PC will always send request to the default port 80.