How to configure Site Path Routing for the WAF

  • Artikel-ID: 117511
  • Bewertung:
  • Der Artikel wurde von 12 Kunden mit 2.0 von 6 bewertet
  • Aktualisiert: 09 Sep 2015

Related product: Wireless Protection

Related version: Sophos UTM v9

Site Path Routing 

This feature is used to define to which Real Webservers incoming requests are forwarded.

You can:

  • Define that all URLs with a specific path, e.g., /users/, are sent to a specific webserver.
  • You can allow more than one webserver for a specific request but add rules how to distribute the requests among the servers
  • Define that each session is bound to one webserver throughout its lifetime (sticky session).
  • Configure it to send all requests to one webserver and use the others only as a backup.
  • For each virtual webserver, one default site path route (with path /) is created automatically.

The order of the Site Path Route list is not relevant. If no route matches an incoming request, e.g., because the default route was deleted, the request will be denied. 

What To Do


To configure site path routing for WAF proceed as follows:

  1. Make sure that at least one real webserver and one virtual webserver is created.
  2. Click in the Webserver Protection | Web Application Firewall | Site Path Routing section on 'New Site Path Route'
  3. Enter a descriptive name for the site path route.
  4. Select the Virtual WebServer which you have configured at Webserver Protection | Web Application Firewall | Virtual Webservers.
  5. Enter the path for which you want to create the site path route, e.g., /products.
  6. Select the authentication profile with the users or groups that should have access to this site path route.
    When no profile is selected, no authentication is required.
    Note: Using a reverse authentication profile on a Virtual Webserver running in plain text mode will expose user credentials. Continuing will cause the Web Application Firewall to send user credentials in an unsafe manner. You can configure reverse authentication profiles in the Webserver Protection | Reverse Authentication | Profiles tab.
  7. Select the Real Webservers you want to apply the routing for by activating the concerning checkboxes.
    The order of the selected webservers is only relevant for the Enable hot-standby mode option. With the Sort icons you can change the order.
  8. (Optional) Enter a description or other information in the 'Comment' field.
  9. (Optional) 'Enable sticky section cooke' by activating the checkbox.
    Each session will be bound to one real webserver. If the server is not available, the cookie will be updated and the session will switch to another webserver.
  10. (Optional) 'Enable hot-standby mode' by activating the checkbox.
    All requests will be sent to the first selected real webserver and the others will only used as backup in case the main server fails.
  11. Click 'Save' to add the site path to the 'Site Path Routing' list.

Wenn Sie weitere Informationen oder Unterstützung benötigen, wenden Sie sich bitte an den technischen Support.

Artikel bewerten

Ungenügend Hervorragend