Related product: Wireless Protection
Related version: Sophos UTM v9
Site Path Routing
This feature is used to define to which Real Webservers incoming requests are forwarded.
- Define that all URLs with a specific path, e.g., /users/, are sent to a specific webserver.
- You can allow more than one webserver for a specific request but add rules how to distribute the requests among the servers
- Define that each session is bound to one webserver throughout its lifetime (sticky session).
- Configure it to send all requests to one webserver and use the others only as a backup.
- For each virtual webserver, one default site path route (with path /) is created automatically.
The order of the Site Path Route list is not relevant. If no route matches an incoming request, e.g., because the default route was deleted, the request will be denied.
What To Do
To configure site path routing for WAF proceed as follows:
- Make sure that at least one real webserver and one virtual webserver is created.
- Click in the Webserver Protection | Web Application Firewall | Site Path Routing section on 'New Site Path Route'
- Enter a descriptive name for the site path route.
- Select the Virtual WebServer which you have configured at Webserver Protection | Web Application Firewall | Virtual Webservers.
- Enter the path for which you want to create the site path route, e.g.,
- Select the authentication profile with the users or groups that should have access to this site path route.
When no profile is selected, no authentication is required.
Note: Using a reverse authentication profile on a Virtual Webserver running in plain text mode will expose user credentials. Continuing will cause the Web Application Firewall to send user credentials in an unsafe manner. You can configure reverse authentication profiles in the Webserver Protection | Reverse Authentication | Profiles tab.
- Select the Real Webservers you want to apply the routing for by activating the concerning checkboxes.
The order of the selected webservers is only relevant for the Enable hot-standby mode option. With the Sort icons you can change the order.
- (Optional) Enter a description or other information in the 'Comment' field.
- (Optional) 'Enable sticky section cooke' by activating the checkbox.
Each session will be bound to one real webserver. If the server is not available, the cookie will be updated and the session will switch to another webserver.
- (Optional) 'Enable hot-standby mode' by activating the checkbox.
All requests will be sent to the first selected real webserver and the others will only used as backup in case the main server fails.
- Click 'Save' to add the site path to the 'Site Path Routing' list.