Configure forwarding rules-Global Accelerator(GA)-阿里云帮助中心

If you need to distribute and process traffic based on request attributes such as domain names and paths, or data in requests such as HTTP headers and cookies, you can create custom forwarding rules for a listener. The listener then performs specific forwarding actions on matching requests. This topic describes how forwarding rules work and how to add and manage them.

How forwarding rules work

Types of forwarding rules

Forwarding rules are classified into two types: default and custom.

Default forwarding rule: After you create a listener, the system automatically creates a default forwarding rule and associates it with the default endpoint group. A listener has only one default forwarding rule. You cannot modify, delete, or change the priority of the default forwarding rule.
Custom forwarding rule: After you create a listener, you can create custom forwarding rules based on your business requirements. You can create multiple custom forwarding rules for a listener and change their priorities.

Components of a forwarding rule

Each forwarding rule consists of forwarding conditions and forwarding actions. When an incoming request matches all the forwarding conditions of a rule, Global Accelerator performs the corresponding forwarding actions.

The supported forwarding conditions and actions vary based on the listener protocol:

Listener protocol	Forwarding condition	Forwarding action
TCP	Domain Name	Forward, Drop Traffic
HTTP or HTTPS	Domain Name, Path, HTTP Header, HTTP Request Method, Cookie, source IP address, Query String	Forward, Redirect, Forward, Return Fixed Response, Rewrite, Add Header, Remove Header, Drop Traffic

Note

If your standard GA instance supports only the Domain Name and Path forwarding conditions and the Forward To forwarding action, your instance version may not support other condition or action types. To use these features, contact your business manager to upgrade the instance.
If your standard GA instance does not support adding forwarding rules for TCP listeners, your instance version may not support this feature. To use this feature, contact your business manager to upgrade the instance.

Matching logic

Global Accelerator matches incoming requests against custom forwarding rules in descending order of priority. A smaller rule number indicates a higher priority.
- If a request matches all forwarding conditions of a custom forwarding rule, Global Accelerator immediately performs all forwarding actions of that rule.
- If a request does not match the current custom forwarding rule, Global Accelerator evaluates it against the rule with the next lower priority.
If a request does not match any custom forwarding rule, Global Accelerator applies the default forwarding rule (which has the lowest priority) and forwards the request to the default endpoint group.

If a listener has multiple default endpoint groups, traffic is distributed based on the traffic-distribution rules of the endpoint groups. For more information, see Traffic distribution across multiple endpoint groups.

Note

If you set the path to /*, the rule matches requests for all paths. To create a catch-all rule for unexpected requests, you can set the path condition to /*, configure the forwarding action to return a fixed response with a status code of 404 or 403, and then drag the rule to the second-to-last position in the rule list.

Prerequisites

You must have created a standard GA instance.
For subscription-based GA instances, you must have purchased and associated a basic bandwidth plan.
You have added an intelligent routing listener. For more information, see Add and manage intelligent routing listeners.

Add a forwarding rule

You can add a custom forwarding rule to perform specific actions on requests that match the rule.

Log on to the GA console.
On the Instances page, find the GA instance that you want to manage and click Configure Listener in the Actions column.
On the Listeners tab, find the listener that you want to manage and click its ID.
On the listener details page, click the Forwarding Rule tab.

On the Forwarding Rule tab, click Add Forwarding Rule, configure the parameters, and then click OK.

HTTP or HTTPS

Parameter	Description
Name	The name of the custom forwarding rule.
If (Matching All Conditions)	Select a forwarding condition type. You can also click + Add Condition to add multiple conditions. Domain Name: Enter one or more domain names. Exact domain names, wildcard domain names, and regular expressions are supported. For more information, see Host-based rules. A single forwarding rule supports only one Domain Name-type forwarding condition. This condition can contain multiple hosts, and the relationship between them is a logical OR. Example: `.example.com` Path: Enter one or more paths. Exact paths, wildcard paths, and regular expressions are supported. For more information, see Path-based rules. You can create multiple Path* conditions in a forwarding rule. The logical relation between multiple Path conditions is OR. You can specify multiple paths in a single Path condition. The logical relation between multiple paths is OR. Example: For the URL `www.example.com/test/test1?x=1&y=2`, you can set the path to `/test/`. HTTP Header: Enter an HTTP header key in the Key* field and an HTTP header value in the Value field. You can add multiple values. You can create multiple HTTP Header conditions in a forwarding rule. The logical relation between multiple HTTP Header conditions is AND. Each HTTP header key must be unique. You can specify multiple unique values in a single HTTP Header condition. For example, the key is `user-agent`, and the value is `Mozilla/4.0`. HTTP Request Method: Select one or more HTTP request methods. Valid values: HEAD, GET, POST, OPTIONS, PUT, PATCH, and DELETE. You can create only one HTTP Request Method condition in a forwarding rule. You can specify multiple methods in a single condition. The logical relation between multiple methods is OR. Cookie: Enter one or more cookies. You can create multiple Cookie conditions in a forwarding rule. The logical relation between multiple Cookie conditions is AND. You can specify multiple key-value pairs in a single Cookie condition. The logical relation between multiple key-value pairs is OR. Example: `key`: `value`. source IP address: Enter one or more IP addresses or CIDR blocks. You can create only one source IP address condition in a forwarding rule. You can specify multiple IP addresses or CIDR blocks in a single condition. The logical relation between them is OR. Example of an IP address: `1.1.XX.XX/32`. Example of a CIDR block: `2.2.XX.XX/24`. Query String: Enter one or more query strings. You can create multiple Query String conditions in a forwarding rule. The logical relation between multiple Query String conditions is AND. You can specify multiple key-value pairs in a single Query String condition. The logical relation between multiple key-value pairs is OR. Example: For the URL `www.example.com/test/test1?x=1&y=2`, you can set the key-value pair to `x`: `1` or `y`: `2`.
Then	Select a forwarding action type. You can click + Add Action to add multiple actions. Note Each forwarding rule must contain at least one terminal action—such as Forward, Redirect, or Return Fixed Response—to ensure that client requests are not dropped. A forwarding rule can have only one terminal action, which can be Forward, Redirect, or Return Fixed Response. If a forwarding rule includes a Rewrite, Add Header, or Remove Header action, it must also include a Forward action. The other actions must be placed before the Forward action. Forward: Select a destination endpoint group. Note The selection of endpoint groups depends on the billing method of the GA instance: Pay-as-you-go: You can select multiple endpoint groups, including default and virtual endpoint groups. You can select only one endpoint group from each region. By default, you can associate up to 10 endpoint groups. To request a quota increase, contact your business manager. Subscription: You can select only one virtual endpoint group. Redirect: Select a Protocol and Status Code, and enter the destination Hosts, Port, Path, and Search string. The Protocol, Hosts, Port, Path, and Search parameters cannot all be left empty or set to their default values at the same time. For the advanced configuration rules for Path in Redirect, see Advanced configuration rules for paths in rewrites and redirects. Forward: Select a destination endpoint group to which a copy of the matched request traffic is mirrored. Note The traffic mirroring feature is in preview. To use this feature, contact your business manager. Only pay-as-you-go GA instances support the Forward action. If you configure a Forward action, you must also configure a Forward action. The Forward action must be placed before the Forward action. The endpoint groups selected for these two actions cannot be the same. You can select only one endpoint group (a default endpoint group or a virtual endpoint group) for traffic mirroring. Return Fixed Response: Enter a Response Status Code, select a Response Content Type, and enter the Response Content. Rewrite: Enter the destination Domain Name, Path, and Query String. For the enhanced configuration rules in Rewrite for Path, see Enhanced configuration rules for paths in rewrites and redirects. Add Header: Enter an HTTP header key in the Key field and a value in the Value field. This action overwrites any existing header with the same key in the request. The keys specified in Add Header actions must be unique and different from the keys specified in Remove Header actions. Note You can add System-defined Request ID to a header only if the instance uses the pay-as-you-go billing method. Remove Header: Enter an HTTP header key. The keys specified in Remove Header actions must be unique and different from the keys specified in Add Header actions. Drop Traffic: Drops all incoming traffic that matches the rule.

TCP

Important

When you add a forwarding rule for a TCP listener, make sure that the backend service to which traffic is forwarded is an HTTPS service. Otherwise, the forwarding rule does not take effect.

Parameter	Description
Name	The name of the custom forwarding rule.
If (Matching All Conditions)	Configure the forwarding condition. Only the Domain Name type is supported. Exact domain names, wildcard domain names, and regular expressions are supported. For more information, see Host-based rules. Example: `.example.com` You can click + Add Host* to add multiple hosts. The relationship between them is a logical OR.
Actions	Select a forwarding action type. A forwarding rule can contain only one action of the Forward or Drop Traffic type. Forward: Select the destination default endpoint group or virtual endpoint group. Note The selection of endpoint groups depends on the billing method of the GA instance: Pay-as-you-go: You can select multiple endpoint groups, including default and virtual endpoint groups. You can select only one endpoint group from each region. By default, you can associate up to 10 endpoint groups. To request a quota increase, contact your business manager. Subscription: You can select only one default endpoint group or virtual endpoint group. Drop Traffic: Drops all incoming traffic that matches the rule.

You can click Add New Rule to add multiple forwarding rules at a time.

If you want to add more forwarding rules, click Add Forwarding Rule.

More operations

Note

You cannot edit, delete, or change the priority of the default forwarding rule.

Actions	Description
Edit a forwarding rule	On the Forwarding Rule tab, find the rule that you want to edit. Hover over the upper-right corner of the rule and click the resulting icon. After you edit the rule, click Save.
Change the priority of a forwarding rule	Global Accelerator evaluates rules in descending order of priority. A smaller number indicates a higher priority. You can change the priority of any custom forwarding rule. On the Forwarding Rule tab, find the rule and drag it to the desired position. Then, click Save Priority Changes in the upper-right corner of the page.
Delete a forwarding rule	Delete a single forwarding rule On the Forwarding Rule tab, find the rule that you want to delete. Hover over the upper-right corner of the rule and click the resulting icon. In the dialog box that appears, confirm the rule ID and click OK. Delete multiple forwarding rules On the Forwarding Rule tab, select the checkboxes of the rules that you want to delete and click Delete in the upper-right corner of the page. In the dialog box that appears, confirm the rule IDs and click OK.

Use cases

Forwarding to a virtual endpoint group

A web application is deployed on two servers and provides services through two different domain names, example.com and example.net. Global Accelerator is used to improve service quality and user experience.

You can configure an HTTPS listener in Global Accelerator, add a default endpoint group, and bind a default certificate to the listener. This way, requests to example.com are forwarded to the default endpoint group. You can then add a virtual endpoint group, bind an additional certificate, and create a Domain Name forwarding rule to forward requests destined for example.net to the specified virtual endpoint group.

The following figure shows the configuration of the Domain Name forwarding rule in this example. 转发至虚拟终端节点组

Note

For more information about how to configure multiple certificates and forwarding rules to accelerate access to multiple HTTPS domains, see Use a single GA instance to accelerate access to multiple HTTPS domains.

Redirect HTTP requests to HTTPS

To improve security, a website switches from HTTP to HTTPS. However, existing users may not be able to access the website by using HTTP. In this case, you can use a Redirect forwarding rule in Global Accelerator. By default, the rule uses an HTTP 301 redirect to change incoming HTTP requests into more secure HTTPS requests.

In this example, requests to HTTP port 80 are redirected to HTTPS port 443. The following figure shows the configuration of the Redirect forwarding rule.

重定向

Domain-based traffic blocking

A website provides services through the domain name example.com and is hosted on a third-party Content Delivery Network (CDN) service. To improve the global user experience, the website uses Alibaba Cloud Global Accelerator and sets the CDN as its backend service to accelerate content delivery.

CDN services are multi-tenant and share ingress IP addresses. When Global Accelerator accelerates access to example.com, it effectively opens an acceleration channel for the entire CDN service. If other tenants of the CDN service obtain the accelerated IP address from Global Accelerator, they can resolve other domain names, such as example.net, to that IP address. This practice, known as "hitchhiking," increases traffic costs for the owner of example.com and may pose security risks.

To mitigate this risk, you can use forwarding rules in Global Accelerator to allow only requests from example.com and drop all other requests. This strictly isolates traffic from different domains and validates the request source, which ensures the security of your website.

In this example, requests from example.com are forwarded to the backend service in the corresponding endpoint group. A second rule is configured to Drop Traffic for all other domains.

References

CreateForwardingRules: Creates forwarding rules.
UpdateForwardingRules: Updates forwarding rules.
ListForwardingRules: Queries information about created forwarding rules.
DeleteForwardingRules: Deletes forwarding rules.