Content Switching for Application Delivery

Content Switching and Header Modification Using the KEMP LoadMaster™


Two of LoadMaster’s less utilized features include Content Switching and Header Modification. These two HTTP/HTTPS specific features allow LoadMaster to become a valuable part of your application delivery rather than merely balancing traffic to multiple application servers.


Ordinarily, LoadMaster’s main purpose is to evenly distribute traffic to a pool of real servers. However, with Content Switching, LoadMaster takes on the role of traffic director. By examining the content of each request, traffic can be
assigned to a specific server based on pattern matching. Pattern matching can be performed upon either the URL requested, any HTTP header in the request or even the source IP of the client making the request. By leveraging the power of regular expressions, patterns can be as complex as needed to get the job done.


Some common applications of Content Switching are:
URL Switching - Dedicated application pools for specific directories or file extensions can be used when application design
calls for it.
• Hostname Specific Servers - If your organization has a single public IP that has multiple hostnames associated with it, LoadMaster can
split out requests to different hosts and direct them accordingly.
• Source IP Specific Sites
By opening internal sites to specific external IPs, you can allow distributors, partners or remote offices to access specific content.


These are just a few samples of what you can do. As of version 6.0-32, LoadMaster fully supports PCRE style regular expressions for content rules and header modifications. This allows for a tremendous amount of control
over your rules, giving administrators the flexibility they need for just about any application.


Let’s give Content Switching a shot. We’ll be creating a rule to direct requests for an intranet server to a specific server.


To create the rule, navigate to Rules & Checking > Content Rules.


Select the button on that page for Create New … to begin creating the rule.


For the Rule Name, we’ll set it as ‘Internal.’ We’ll leave the Rule Type as Content Matching and Match Type as Regular Expression. We’ll change the Header Field to “Host” so we will be examining the hostname specified in the request. For Match String, we’ll select “^internal.example.com$” which ensures that only that hostname will match the rule.


Once the rule is created, we can navigate to the service we want to content switch. Under Advanced Settings, turn on Content Switching by clicking the Enable button.


Once enabled, you can apply rules to your real servers by clicking the button under the Rules column.


We will be directing requests for “internal.example.com” to the first server and all other requests to the second server. First we select the first server and add the “Internal” rule. Then go back and select the second server. This time
we will add the “default” rule. The default rule is a catchall for everything that doesn’t match any rule. If no default rule is applied, non-matches will be rejected by the service.


Once both rules are applied, we’re done configuring the service. LoadMaster will now direct traffic based on the header specified by the client.


Now let’s turn our attention to Header Modification. Header Modification is another way LoadMaster takes advantage of regular expressions to make changes to traffic on the fly. This can accomplish some very neat effects and can reduce the amount of changes necessary on the real server to support load balancing. Header modifications can be used to insert, remove or modify HTTP headers either in requests or responses or to modify URLs before they are passed to real servers.


The impact of Header Modifications is really as wide as your imagination (and RFCs) can take you.


Some examples from the field are:
• Adding the “Connection: close” header to force connections to close after the response is sent.
• Removing the “Server” header from responses to obscure potentially secure server details.
• Replacing “http” with “https” in the Location field to alleviate unnecessary redirection and avoid redirection loops.
• Reroute requests for the root of a webserver to a specific directory. This is commonly used in Exchange 2010 deployments to direct requests to the OWA directory.
• Adding the ‘secure’ attribute to cookies being sent by the real server. This ensures that sensitive session data is never sent unencrypted.
• Removing the “Via” header to avoid server interactions with proxies.


From the examples listed, it’s plain to see that these could also be configured on real servers themselves. However by configuring these on LoadMaster you can avoid server changes. This can save time and effort and simplify your setup by
consolidating these types of changes on LoadMaster where they can be easily managed and backed up.


When configuring LoadMaster to replace text in a header or URL, it may be useful to perform backreferencing in the regular expressions so part or all of the original value is included in the replacement value. This is good for prepending or appending text to an existing string.


Select the button on that page for Create New … to begin creating the rule.
We’ll then give the rule a name. For this example, I used ‘Redirect_Root.’ I then selected ‘Modify URL’ as the Rule Type.


For the Match String I specified “^/$” — this is a regular expression that essentially states match “/” and only “/”, this corresponds to the request which is sent when no specific URL is specified. For the Modified URL I set “/owa”, but this could be any URL you’d like.


Let’s take a look at one application of header modification to get a better idea of how this works. We’ll be working with the example of redirecting the root of a web server to a specific directory using a ‘Modify URL’ rule. To create the rule,
navigate to Rules & Checking > Content Rules.  Once the rule is created, navigate to the HTTP or HTTPS service you want to apply the rule to.


Under Advanced Settings, click the button for Show Header Rules.
Then select the new rule under Request Rules and hit Add.
When you access the virtual service without any specific request, you will now see the same content as if you requested /owa. That’s all there is to it!
If you have an interesting application of Content Switching or Header Modification, we’d love to hear from you! You might even find yourself featured in our ever-growing Content Switching and Header Modification Cookbook!
Send any ideas you’d like to share to support@kemptechnologies.com or post them on our forums.

 

Andrew Conti, Support Team Lead - North America, KEMP Technologies

 

View Content Switching and Header Modification Using the KEMP LoadMaster™.pdf