Backend ACLs

With HTTP and SSL termination ADCs you can route traffic to multiple backends based on several selectable rules. This allows you to do things like sending different hostnames to different backends.


When you select multiple backends you must then change the "When" column to one of the predefined match types. Attach a match type to each selected backend in order to tell them how to route traffic.

If you get an HTTP 503 error afterwards it means it could not select a valid route for your traffic, e.g. no ACLs matched.

Rule Types

You are given a choice of 6 rule types when matching HTTP/SSL content for routing. These are detailed below:

Rule Explanation
Hostname The exact hostname sent in the HTTP Host Header
Hostname Regex A regular expression match of the HTTP Host Header
Exact Path The exact path with no trailing content
Path Beginning The start of the path with any trailing content
Path Regex A regular expression based on the path
SNI Host The SSL SNI host name that was presented for use with Layer 4
SNI L7 Host The SSL SNI host name that was presented for use with Layer 7 (terminated SSL)


We have several examples to assist with creating the most common types of content routing:

Rule Explanation
Hostname - to match exactly ""
Hostname Regex ^dev.* - to match anything starting with dev
Exact Path /login - to match exactly
Path Beginning /images - to match anything in the /images path
Path Regex ^/api/v(.*)/cars - match /api/*/cars - e.g. /api/201901/cars
SNI Host - to match exactly "" in the clients browser
SNI L7 Host - to match exactly "" on the SSL certificate selection