If you want to distribute and process traffic based on request attributes, such as domain names and paths, or information in requests, such as HTTP headers and cookies, you can create custom forwarding rules for a listener. The listener forwards requests based on the forwarding rules.
How forwarding rules work
Types of forwarding rules
Forwarding rules are classified into default forwarding rules and custom forwarding rules:
Default forwarding rule: After you create a listener, the system automatically creates a default forwarding rule and associates the rule with the default endpoint group. A listener has only one default forwarding rule, and you cannot change the priority of, modify, or delete the default forwarding rule.
Custom forwarding rule: After you create a listener, you can create custom forwarding rules based on your business requirements. You can create multiple custom forwarding rules for a listener, and you can change the priorities of custom forwarding rules.
Components of forwarding rules
Each forwarding rule contains forwarding conditions and forwarding actions. The forwarding actions are performed on requests that match all forwarding conditions.
The forwarding conditions and the forwarding actions supported by a listener vary based on the listener protocol:
Listener protocol | Forwarding condition | Forwarding action |
TCP | Domain Names | Forward, Drop Traffic |
HTTP or HTTPS | Host, Path, HTTP Header, HTTP Request Method, Cookie, SourceIP, Query String | Forward, Redirect, Return Fixed Response, Rewrite, Add Header, Remove Header, Drop Traffic |
If your standard GA instance supports only the Domain Name and Path forwarding conditions and the Forward To forwarding action, your instance version may not support other condition or action types. To use these features, contact your business manager to upgrade the instance.
If your standard GA instance does not support adding forwarding rules for TCP listeners, your instance version may not support this feature. To use this feature, contact your business manager to upgrade the instance.
How requests are matched against forwarding rules
Requests are matched against custom forwarding rules in descending order of priority. Forwarding rules that have smaller numbers have higher priorities:
If a request matches all forwarding conditions of a custom forwarding rule, all forwarding actions of the custom forwarding rule are immediately performed.
If a request fails to match the current custom forwarding rule, the request is matched against the custom forwarding rule that has a lower priority.
If a request fails to match a custom forwarding rule, the request is forwarded to the default endpoint group based on the default forwarding rule, which has the lowest priority.
If a listener has multiple default endpoint groups, traffic is forwarded based on the traffic distribution rules of the endpoint groups. For more information, see Distribute traffic across endpoint groups in different scenarios.
If the path is set to /*, requests to all paths are matched. If you want to forward unexpected requests, you can set the path in the forwarding condition to /*, set the forwarding action to Return Fixed Response, and set the status code to 404 or 403. After you configure the forwarding rule, drag the rule to the second-to-last position in the rule list.
Prerequisites
You have created a standard GA instance.
If your GA instance uses the subscription billing method, you must purchase and attach a basic bandwidth plan.
An intelligent routing listener is added. For more information, see Add and manage intelligent routing listeners.
Create a forwarding rule
To create a forwarding rule that performs specific actions on requests that meet specific conditions, perform the following steps:
Log on to the GA console.
On the Instances page, find the GA instance and click Modify Listener in the Actions column.
On the Listeners tab, find the listener that you want to manage and click the ID of the listener.
On the listener details page, click Forwarding Rule.
On the Forwarding Rule tab, click Add Forwarding Rule, configure the following parameters, and then click OK.
Forwarding rules for HTTP or HTTPS listeners
Parameter
Description
Name
Enter a name for the forwarding rule.
If (Matching All Conditions)
Select a type of condition. You can click +Add Condition to add multiple conditions.
Host: Enter one or more domain names. Exact domain names, wildcard domain names, and regular expressions are supported. For more information, see Domain name-based forwarding rules.
You can create only one Host condition in a forwarding rule. You can specify multiple domain names in a Host condition. The logical relation between multiple domain names is OR.
Example: *.example.com
Path: Enter one or more paths. Exact paths, wildcard paths, and regular expressions are supported. For more information, see Path-based forwarding rules.
You can create multiple forwarding conditions of the Path type in a forwarding rule. The logical relation between multiple forwarding conditions of the Path type is OR. You can specify multiple paths in a Path condition. The logical relation between multiple paths is OR.
For example, if the URL is
www.example.com/test/test1?x=1&y=2, you can set the parameter to /test/*.HTTP Header: Enter the key of an HTTP header in the Key field and the value of the HTTP header in the Value field. You can enter multiple values. You can create multiple HTTP Header conditions in a forwarding rule. The logical relation between multiple HTTP Header conditions is AND. Each HTTP header key must be unique. You can configure multiple HTTP header values in each HTTP Header condition. Each HTTP header value must be unique.
Example: Key: user-agent, Value: *Mozilla/4.0*.
HTTP Request Method: Select an HTTP request method. Valid values: HEAD, GET, POST, OPTIONS, PUT, PATCH, and DELETE. You can create only one HTTP Request Method condition in a forwarding rule. You can specify multiple HTTP request methods in one condition. The logical relation between multiple HTTP request methods is OR.
Cookie: Enter one or more cookies. You can create multiple Cookie conditions in a forwarding rule. The logical relation between multiple Cookie conditions is AND. You can specify multiple key-value pairs in a Cookie condition. The logical relation between multiple key-value pairs is OR.
Example: key: value.
SourceIP: Enter one or more IP addresses or CIDR blocks. You can create only one SourceIP condition in a forwarding rule. You can specify multiple IP addresses or CIDR blocks in a condition. The logical relation between multiple IP addresses or CIDR blocks is OR.
Example of an IP address: 1.1.XX.XX/32. Example of a CIDR block: 2.2.XX.XX/24.
Query String: Enter one or more query strings. You can create multiple Query String conditions in a forwarding rule. The logical relation between multiple Query String conditions is AND. You can specify multiple key-value pairs in a Query String condition. The logical relation between multiple key-value pairs is OR.
For example, if the URL is
www.example.com/test/test1?x=1&y=2, you can set the parameter to x: 1 or y: 2.
Then
Select a type of action. You can click +Add Action to add multiple actions.
NoteEach forwarding rule must contain a Forward, Redirect, or Return Fixed Response action. This ensures that the GA instance continues to forward client requests.
A forwarding rule can contain only one action of the following types: Forward, Redirect, or Return Fixed Response.
If a forwarding rule contains an action of the Rewrite, Add Header, or Remove Header type, configure an action of the Forward type for the forwarding rule. The Rewrite, Add Header, or Remove Header action must be executed before the Forward action.
Forward: Select the destination endpoint group.
NoteThe selection of endpoint groups is subject to the following restrictions based on the billing method of your GA instance:
Pay-as-you-go: You can select multiple endpoint groups, including default and virtual endpoint groups. You can select only one endpoint group per region.By default, you can associate up to 10 endpoint groups. If you need a larger quota, contact your business manager.
Subscription: You can select only one virtual endpoint group.
Redirect: Configure the Protocol, Status Code, Hosts, Port, Path, and Search parameters. You cannot leave the Protocol, Hosts, Port, Path, and Search parameters empty at the same time or use the default values for the parameters at the same time.
For more information about how to configure Path for a Redirect action, see Configure paths for rewrites and redirects.
Return Fixed Response: Configure the Response Status Code, Response Content Type, and Response Content parameters.
Rewrite: Configure the Domain Name, Path, and Search parameters.
For more information about how to configure Path for a Rewrite action, see Configure paths for rewrites and redirects.
Add Header: Enter an HTTP header key in the Key field and an HTTP header value in the Value field. The specified header overwrites the headers in requests. The HTTP header keys in different Add Header actions must be unique and must be different from the keys in the Remove Header actions.
NoteOnly in pay-as-you-go mode, you can write System-defined Request Identifiers to headers.
Remove Header: Enter an HTTP header key. The HTTP header keys in different Remove Header actions must be unique and must be different from the keys in the Add Header actions.
Drop Traffic: GA drops traffic.
Forwarding rules of TCP listeners
ImportantWhen you add a forwarding rule for a TCP listener, make sure that the backend service to which traffic is forwarded is an HTTPS service. Otherwise, the forwarding rule does not take effect.
Parameter
Description
Name
Enter a name for the forwarding rule.
If (Matching All Conditions)
Select a type of condition. Only Host is supported.
Exact domain names, wildcard domain names, and regular expressions are supported. For more information, see Domain name-based forwarding rules.
Example: *.example.com
You can click + Add Domain Name to add multiple forwarding conditions of the Host type. The logical relation between multiple Host conditions is OR.
Then The Forwarding Action Is
Select a type of action.
A forwarding rule can contain only one forwarding action of the Forward or Drop Traffic type.
Forward: Select the default endpoint group or a virtual endpoint group.
NoteThe selection of endpoint groups is subject to the following restrictions based on the billing method of your GA instance:
Pay-as-you-go: You can select multiple endpoint groups, including default and virtual endpoint groups. You can select only one endpoint group per region.By default, you can associate up to 10 endpoint groups. If you need a larger quota, contact your business manager.
Subscription: You can select only one default endpoint group or virtual endpoint group.
Drop Traffic: Drops traffic.
You can click Add New Rule to add multiple forwarding policies at a time.
If you want to add multiple forwarding rules, click Add Forwarding Rule.
More operations
You cannot modify, change the priority of, or delete the default forwarding rule.
Operation | Procedure |
Modify a forwarding rule | On the Forwarding Rule tab, find the forwarding rule that you want to modify, move the pointer over the upper-right corner, and then click the |
Change the priority of a forwarding rule | Rules are evaluated in descending order of priority. A lower value indicates a higher priority. You can change the priority of a custom forwarding rule. You cannot change the priority of the default forwarding rule. On the Forwarding Rule tab, find and drag the forwarding rule to the desired position, and then click Save Priority Changes in the upper-right corner. |
Delete a forwarding rule | Delete a forwarding rule
Delete multiple forwarding rules
|
icon that appears. Configure the forwarding rule and click Save.
icon that appears.Examples
Forward requests to a specific virtual endpoint group
A web application is deployed on two servers and provides services by using the domain names example.com and example.net. Global Accelerator is used to improve the quality of the web application service and enhance user experience.
You can create an HTTPS listener in Global Accelerator, add a default endpoint group, and associate a default certificate with the listener. This way, requests destined for example.com are forwarded to the default endpoint group. Then, you can add a virtual endpoint group, associate an additional certificate with the listener, and then create a Host forwarding rule to forward requests that are destined for example.net to a specific virtual endpoint group.
The following figure shows how to configure a Host forwarding rule.
For more information about how to configure multiple certificates and forwarding rules to accelerate access to multiple domain names over HTTPS, see Use one GA instance to accelerate access to multiple HTTPS-capable domain names.
Redirect HTTP requests to HTTPS
To improve security, a website switches from HTTP to HTTPS. However, existing users may not be able to access the website by using HTTP. In this example, you can create a Redirect forwarding rule in Global Accelerator, and use HTTP 301 status code to redirect HTTP requests to HTTPS requests, which are more secure.
In this example, requests destined for port 80 of the HTTP listener are redirected to port 443 of the HTTPS listener. The following figure shows how to configure a Redirect forwarding rule.
Configure domain-based traffic blocking
A website provides external services through the domain name example.com and hosts the domain name on a Content Delivery Network (CDN) service. To further improve user experience globally, the website deploys Alibaba Cloud Global Accelerator and specifies the CDN service as the backend service of Global Accelerator. This way, the delivery of website resources is accelerated.
Multiple tenants connect to the CDN service by sharing the same IP address. When Global Accelerator accelerates access to example.com, Global Accelerator also provides an acceleration channel for the CDN service. If other tenants of the CDN service obtain the accelerated IP address of Global Accelerator, the tenants can resolve other domain names, such as example.net, to the accelerated IP address and "hitchhike" on the acceleration. This results in additional traffic and costs for example.com, and may cause potential security risks.
To prevent these risks, you can use the forwarding rule feature of Global Accelerator to configure rules that allow only requests from example.com to access Global Accelerator and drop all other requests. This achieves strict isolation of access requests from different domain names and verification of request sources, ensuring website security.
In this example, requests from the example.com domain name are forwarded to the backend service in the corresponding endpoint group. Requests from all other domain names are Dropped.
References
CreateForwardingRules: creates a forwarding rule.
UpdateForwardingRules: updates a forwarding rule.
ListForwardingRules: queries information about forwarding rules.
DeleteForwardingRules: deletes forwarding rules.