You can create forwarding rules for an ALB listener to control how requests are distributed to backend servers in server groups and how responses are returned to clients.
Overview
You can create multiple forwarding rules for each listener of an ALB instance. Forwarding rules are divided into inbound and outbound forwarding rules. Basic ALB instances support only inbound forwarding rules. Standard and WAF-enabled ALB instances support inbound and outbound forwarding rules. Each forwarding rule consists of conditions and actions. When a request matches the conditions specified in a forwarding rule, the actions specified in the forwarding rule are performed. You can specify one or more conditions and one or more actions in a forwarding rule.
After a standard ALB instance or a WAF-enabled ALB instance receives a request, the ALB instance distributes the request to a backend server based on an inbound forwarding rule. Then, the response from the backend server is processed based on an outbound forwarding rule of the ALB instance and returned to the client.
When you create an inbound forwarding rule, you can specify only inbound conditions and actions.
When you create an outbound forwarding rule, you can specify both inbound and outbound conditions. However, you can specify only outbound actions in an outbound forwarding rule.
An inbound forwarding rule must contain one Forward, Redirect, or Return Fixed Responses action. This ensures that the ALB instance can forward client requests without interruptions.
NoteBasic ALB instances support only inbound forwarding rules. Standard and WAF-enabled ALB instances support inbound and outbound forwarding rules.
Table 1. Forwarding rules supported by basic ALB instances Category
Condition
Action
Inbound forwarding rule
Domain Name, Path, and HTTP Header
Forward and Redirect
Table 2. Forwarding rules supported by standard and WAF-enabled instances Category
Condition
Action
Inbound forwarding rule
Domain Name, Path, HTTP Header, Query String, HTTP Request Method, Cookie, and Source IP
Forward, Redirect, Return Fixed Responses, Rewrite, Add Header, Remove Header, Throttle Traffic, Mirror Traffic, and CORS
Outbound forwarding rule
Inbound conditions (optional): Domain Name, Path, HTTP Header, Query String, HTTP Request Method, Cookie, and Source IP
Outbound conditions: Response Status Code and Response Header
Return Fixed Responses, Add Header, and Remove Header
Matching policy
Matching policy: Each client request is matched against forwarding rules in descending order of priority. A smaller rule number indicates a higher priority. Once a forwarding rule is matched, the traffic is immediately forwarded based on the rule and the matching stops.
Requests that fail to match custom inbound forwarding rules are forwarded based on the default forwarding rule.
Responses that fail to match custom outbound forwarding rules are directly returned to clients by ALB.
If the path is set to /*
, requests to all paths are matched. If you want to forward unexpected requests, you can set the path in the forwarding condition to /*
, set the forwarding action to Return Fixed Responses, and set the status code to 404 or 403. After you configure the forwarding rule, drag and drop the rule to the second-to-last position in the rule list.
Forwarding rule priority: Requests are matched against forwarding rules in descending order of priority. A smaller number indicates a higher priority. Rules are sorted by rule number, as shown in the following figure.
Default forwarding rule: After you create a listener, the system automatically creates a default inbound forwarding rule. The forwarding condition is set to -
, which indicates that all client requests are matched. The forwarding action is set to Forward. In this case, traffic is forwarded to the server group that is associated with the listener.
You cannot delete the default forwarding rule. However, you can change the destination server group by configuring the forwarding action. The priority of the default forwarding rule is the lowest and cannot be adjusted.
Limits
When you create a forwarding rule for a basic ALB instance, you can set the condition to Domain Name, Path, or HTTP Header and set the action to Forward or Redirect. If you want to specify other conditions and actions, upgrade the ALB instance to a standard or WAF-enabled ALB instance. For more information, see Modify the configurations of ALB instances.
For more information about the features and quotas of basic ALB instances, standard ALB instances, and WAF-enabled ALB instances, see Functions and features and ALB quotas.
Prerequisites
A server group is created and backend servers are added to the server group. For more information, see Create and manage server groups.
A standard or WAF-enabled ALB instance is created and a listener is configured for the instance. For more information, see Create an ALB instance.
Create a forwarding rule
You can configure the default forwarding rule when you create a listener. You can also add forwarding rules after you create a listener.
- Log on to the ALB console.
In the top navigation bar, select the region where the ALB instance is deployed.
On the Instances page, click the ID of the instance that you want to manage.
Click the Listener tab, find the listener that you want to manage, and then click View/Modify Forwarding Rule in the Actions column.
On the Forwarding Rules tab, select Inbound Forwarding Rules or Outbound Forwarding Rules, and then click Add New Rule.
In the Add Forwarding Rule section, set the following parameters and click OK.
NoteThe logical operator among the actions for each condition is OR. If you specify multiple actions for a condition, requests that match one of the actions are forwarded.
The logical operator among different conditions is AND. If you specify multiple conditions in a forwarding rule, a request is forwarded when all conditions are met.
Create inbound forwarding rules
Parameter
Description
Rule Name
Specify a name for the custom rule. If you do not enter a name, the system automatically generates one.
You can specify only one name for a forwarding rule.
If (Matching All Conditions)
Specify one of the following conditions. You can also click + Add Condition to add more conditions:
Domain Name: Specify one or more domain names. The domain name must be 3 to 128 characters in length. You can use asterisks (*) and question marks (?) as wildcards. Asterisks (*) represent strings while question marks (?) represent single strings. You can specify a specific domain name, a wildcard domain name, or a regular expression. For more information, see Domain name-based forwarding rules.
In this example,
*.example.com
is entered.Path: Specify one or more URLs. You can specify a URL or a regular expression. For more information, see URL-based forwarding rules.
For example, if the URL is
www.example.com/test/test1?x=1&y=2
, you can set the parameter to/test/*
.HTTP Header: Specify the name of an HTTP header in the Key field and the value of the HTTP header in the Value field. The key of the HTTP header must be 1 to 40 characters in length, and can contain only letters, digits, hyphens (-), and underscores (_). The value of the HTTP header must be 1 to 128 characters in length, and can contain printable characters. It must not start or end with a space.
In this example, the key
user-agent
and the value*Mozilla/4.0*
are specified.Query String: Add key-value pairs of one or more query strings. The key must be 1 to 100 characters in length. The value must be 1 to 128 characters in length. The key and the value can contain lowercase letters and other printable characters. You can use asterisks (*) and question marks (?) as wildcards. The key and the value cannot contain space characters or the following special characters:
# [ ] { } \ | < > &
.For example, if the URL is
www.example.com/test/test1?x=1&y=2
, you can set the parameter tox:1
ory:2
.HTTP Request Method: Add one or more HTTP request methods. Valid values: HEAD, GET, POST, OPTIONS, PUT, PATCH, and DELETE.
Cookie: Add one or more cookies. The key must be 1 to 100 characters in length. The value must be 1 to 128 characters in length. The key and the value can contain lowercase letters and other printable characters. You can use asterisks (*) and question marks (?) as wildcards. The key and the value cannot contain space characters or the following special characters:
# [ ] { } \ | < > &
.In this example, the key
key
and the valuevalue
are specified.Source IP: Add one or more IP addresses or CIDR blocks. Zero addresses (0.0.0.0/x) are not supported.
Example:
192.168.1.1/32
Action
Specify one of the following actions. You can also click + Add Action to add more actions:
Forward: Select a server group from the drop-down list. The supported server group types include the Server, IP, and Function Compute types. You can add multiple server groups and enable the session persistence feature for all the added server groups.
Redirect: Select a protocol from the Protocol drop-down list, and then select a status code from the Status Code drop-down list. Specify the Domain Name, Port, and Path to which requests are redirected and enter a query string in the Search field. You cannot leave Protocol, Domain Name, Port, Path, and Search empty at the same time or use the default values for the parameters at the same time.
NoteFor more information about how to configure Path for the Redirect action, see Advanced URL-based forwarding rule settings for rewrites and redirects.
If you specify ${x}, the value returned in the response is used. Otherwise, the default value specified in each request is used.
For more information about HTTP status codes, see HTTP status codes.
Return Fixed Responses: Specify an HTTP status code in the Response Status Code field, select a Response Content Type, and then enter the Response Content. The response status code must be one of the following numeric strings: 2xx, 4xx, and 5xx. The letter x indicates a number from 0 to 9.
Rewrite: Specify Domain Name, Path, and Search. For more information about how to configure Path for the Rewrite action, see Advanced URL-based forwarding rule settings for rewrites and redirects.
Add Header: Specify the key and the value of the header that you want to add to requests that match the condition. Newly added headers overwrite the existing headers. The key of the header must be 1 to 40 characters in length and can contain letters, digits, underscores (_), and hyphens (-). The value of the header must be 1 to 128 characters in length and can contain letters and other printable characters. The value cannot start or end with a space.
Remove Header: Specify the value of the header that you want to remove from requests that match the condition.
Throttle Traffic: Configure the following parameters based on your business requirements.
QPS (Total): Specify the maximum number of requests per second. Valid values: 1 to 100000. If the number of requests reaches the specified limit, new requests are dropped and the 503 status code is returned to the client.
QPS (Per Client IP): Specify the maximum number of requests per second for each client IP address. The value of this parameter must be smaller than the value of the QPS (Total) parameter. If the number of requests reaches the specified limit, new requests are dropped and the 503 status code is returned to the client.
Mirror Traffic: Select a server group from the drop-down list. You can select a server group of the Server Type or IP type.
When you choose an IP type server group, take note of the following items:
You can add only internal-facing servers and cannot add Internet-facing servers.
You cannot add a backend server of the IP type to an ALB instance, a Network Load Balancer (NLB) instance, and a Classic Load Balancer (CLB) instance in the same VPC.
You can use Enterprise Edition transit routers and Express Connect circuits for cross-region forwarding. Basic Edition transit routers are not supported.
Each region in a network that is managed by a Cloud Enterprise Network (CEN) instance can have only one VPC that contains one or more ALB instances to which backend servers are added across regions.
You cannot enable ALB instances in multiple VPCs in the same region to use the same transit router to access backend services.
You cannot enable ALB instances in multiple VPCs in the same region to use multiple transit routers to access the same backend service.
Network traffic between an ALB instance and its backend servers can be routed only based on the system route table. VPC custom route tables are not supported.
CORS: If the response is returned from a URL (including a protocol, domain name, and port) different from the one requested by the client, Cross-origin Resource Sharing (CORS) is enabled. Cross-origin requests are divided into simple requests and preflight requests.
Trusted Origins: Specify the URLs that are allowed to access cross-region resources through a browser.
Trusted Method:: Specify the HTTP methods that the specified URLs can use to access cross-origin resources. Valid values: GET, POST, PUT, DELETE, HEAD, OPTIONS, and PATCH.
Trusted Request Headers: Specify the headers that can be carried in CORS requests aside from the built-in headers of browsers.
Trusted Response Headers: Specify the response headers that can be parsed by a browser or JavaScript.
Trusted Credentials: Specify whether to allow credentials in CORS requests. Valid values: Allow and Deny. Default value: Allow.
Browser Cache Time: Specify the maximum period of time for which a preflight request that uses the OPTIONS method can be cached. Unit: seconds. Valid values: -1 to 172800.
Create outbound forwarding rules
Parameter
Description
Rule Name
Specify a name for the custom rule. If you do not enter a name, the system automatically generates the name.
You can specify only one name for a forwarding rule.
Inbound Conditions (Optional)
Select an inbound condition. You can click + Add Inbound Condition to add more inbound conditions. For more information about how to configure conditions in inbound forwarding rules, see the "Create inbound forwarding rules" section of Create a forwarding rule.
Outbound Conditions
Select an outbound condition. You can click + Add Outbound Condition to add more outbound conditions.
Response Status Code: Specify the response status code to return to the client. Valid values: 100 to 599.
You can specify ranges or specific status codes. Separate multiple values with commas (,). Example: 200-233,301.
Response Header: Specify the HTTP headers carried in the response. Enter the name of the HTTP header in the Key field and the value of the HTTP header in the Value field. You can specify multiple HTTP headers.
Action
Select an outbound action. You can click + Add Action to add more outbound actions.
Return Fixed Responses: Specify an HTTP status code in the Response Status Code field, select a Response Content Type, and then enter the Response Content. The response status code must be one of the following numeric strings: 2xx, 4xx, and 5xx. The letter x indicates a number from 0 to 9.
Add Header: Specify the name and the value of the header that you want to add to the response. Newly added headers overwrite the existing headers.
Remove Header: Specify the value of the header that you want to remove from the response.
Create scripts by using AScript
You can click + Add Script After Forwarding Rule Is Applied to add a script. For more information, see Configure scripts for forwarding rules.
NoteTo use the AScript feature, make sure that the following requirements are met:
A standard or WAF-enabled ALB instance is created.
By default, the AScript feature is unavailable. To use this feature, log on to the Quota Center console. On the Privileges page, enter the quota ID
slb_user_visible_gray_label/ascript
and click Apply in the Actions column. For more information, see Manage ALB quotas.
Modify a forwarding rule
- Log on to the ALB console.
In the top navigation bar, select the region where the ALB instance is deployed.
On the Instances page, click the ID of the instance that you want to manage.
Click the Listener tab, find the listener that you want to manage, and then click View/Modify Forwarding Rule in the Actions column.
On the Forwarding Rules tab, select Inbound Forwarding Rules or Outbound Forwarding Rules, select the rule that you want to modify, and then click the
icon in the upper-right corner.
After you modify the rule, click Save.
Modify the priority of a forwarding rule
Forwarding rules are evaluated in descending order of priority. A lower value specifies a higher priority. You can modify the priority of a custom forwarding rule anytime. You cannot modify the priority of the default forwarding rule.
- Log on to the ALB console.
In the top navigation bar, select the region where the ALB instance is deployed.
On the Instances page, click the ID of the instance that you want to manage.
Click the Listener tab, find the listener that you want to manage, and then click View/Modify Forwarding Rule in the Actions column.
On the Forwarding Rules tab, select Inbound Forwarding Rules or Outbound Forwarding Rules, move the forwarding rule that you want to manage to the desired position, and then click Save Priority Changes.
Delete a forwarding rule
You can delete the custom forwarding rules of a listener anytime. The default forwarding rule cannot be deleted. If you delete a listener, all forwarding rules of the listener are deleted.
- Log on to the ALB console.
In the top navigation bar, select the region where the ALB instance is deployed.
On the Instances page, click the ID of the instance that you want to manage.
Click the Listener tab, find the listener that you want to manage, and then click View/Modify Forwarding Rule in the Actions column.
On the Forwarding Rules tab, select Inbound Forwarding Rules or Outbound Forwarding Rules, select the forwarding rule that you want to delete, and then click the
icon.
In the message that appears, click OK.
References
CreateRule: creates a forwarding rule.
CreateRules: creates forwarding rules.
DeleteRule: deletes a forwarding rule.
DeleteRules: deletes forwarding rules.
ListRules: queries the forwarding rules in a region.
UpdateRuleAttribute: updates the configurations of a forwarding rule, such as the conditions, actions, and name.
UpdateRulesAttribute: updates the configurations of multiple forwarding rules.