Creating a Load Balancer Rule Set

Create a rule set composed of actions that are applied to traffic of a load balancer's listener.

For prerequisite information, see Rule Sets for Load Balancers.

    1. Open the navigation menu, click Networking, and then click Load balancers. Click Load balancer. The Load balancers page appears.

    2. Select the Compartment from the list. All load balancers in that compartment are listed in tabular form.

    3. Select a State from the list to limit the load balancers displayed to that state.

    4. Select the load balancer for which you want to create a rule set. Its Details page appears.

    5. Click Rule sets under Resources. The Rule sets list appears. All rule sets are listed in tabular form.

    6. Click Create rule set. The Create rule set dialog box appears.

    7. Enter the following:

      • Name: Specify a friendly name for the rule set. The name must be unique, and cannot be changed.

      • Specify access control rules: Check this box to add access control rules.

        • IP address CIDR: Enter the IP address CIDR block from which access is allowed.

        • + Another access control rule: Click this button to enter another IP address CIDR or click the corresponding X to remove an existing entry.

      • Specify access method rules: Check this box to add access method rules.

        • Allowed methods: From the list, select the HTTP methods to allow. You can select multiple methods. Click the label's X to remove an existing method.

      • Specify URL redirect rules: Check this box to add URL redirect rules.

        • Source path: Specify the incoming path string that triggers the redirect rule. For example, /video.

        • Match type: Choose the match condition to apply when evaluating an incoming path string. The available match types are:

          • FORCE_LONGEST_PREFIX_MATCH

            The system looks for a redirect rule path string with the best, longest match of the beginning portion of the incoming URL path.

          • EXACT_MATCH

            The incoming URL path must exactly and completely match the specified path string.

          • PREFIX_MATCH

            The beginning portion of the incoming URL path must exactly match the specified path string.

          • SUFFIX_MATCH

            The ending portion of the incoming URL path must exactly match the specified path string.

        • Redirect to: Specify a value for at least one URL component field. Any component fields that you do not modify retain the incoming URL's values.

          Optionally, click the Switch to full URL link to enter the redirect URL manually.

          Important

          Failure to specify a value for at least one URL component field can result in a redirect loop.

          • Protocol: Specify the HTTP protocol to use in the redirect URL. Valid values are:

            • {protocol}

            • HTTPS

            • HTTP

          • Host: Specify a valid domain name (hostname) or IP address for the redirect URL. All redirect URL tokens are valid for this property.

          • Port: Specify the communication port to use in the redirect URL. Valid values include integers from 1 to 65535.

          • Path: The HTTP URL path to use in the redirect URL. All redirect URL tokens are valid for this property. If the path string does not begin with the {path} token, it must begin with the forward slash character /.

          • Query: Specify the query string to use in the redirect URL. All redirect URL tokens are valid for this property. If the query string does not begin with the {query} token, it must begin with the question mark ? character.

          • Response code: Specify the HTTP status code to return when the incoming request is redirected. The default response code is 302 found.

            Valid response codes for redirection from the standard HTTP specification are:

            • 301 Moved Permanently

            • 302 Found

            • 303 See Other

            • 307 Temporary Redirect

            • 308 Permanent Redirect

        • + Another URL redirect rule Click this button to create another rule or click the corresponding X to delete an existing rule.

      • Specify request header rules: Check this box to add request header rules.

        • Order: If you have multiple rules, you can click the up or down arrows to move the corresponding rule.

        • Action: Select the action that the rule applies. Available actions include:

          • Add request header:

            Adds the specified header and value to the incoming request. If the specified header is already present, the system replaces it. If more than one header with the same name is present, the system removes all of them and adds one header corresponding to the specified header and value.

          • Extend request header:

            Adds the specified prefix or suffix to the incoming request. Provide a prefix value, a suffix value, or both when you choose this action. The system does not support this rule for headers with multiple values.

          • Remove request header: These rules apply only to HTTP or HTTP2 headers.

            Removes the specified header. If the same header appears more than once in the request, the load balancer removes all occurrences of the specified header.

        • Header: A header name that conforms to RFC 7230.

          The system does not distinguish between underscore and dash characters in headers. That is, it treats example_header_name and example-header-name as identical. Oracle recommends that you do not rely on underscore or dash characters to uniquely distinguish header names.

        • Value: (Add rules only.) A header value that conforms to RFC 7230.

        • Prefix: (Extend rules only.) A character string to add to the beginning of the existing header name. The resulting header must conform to RFC 7230.

        • Suffix: (Extend rules only.) A character string to add to the end of the existing header name. The resulting header must conform to RFC 7230.

        • + Another request header rule: Click to create another rule or click the corresponding X to delete an existing rule.

      • Specify response header rules: Check this box to add response header rules.

        • Order: If you have multiple rules, you can click the up or down arrows to move the corresponding rule.

        • Action: Select the action that the rule applies. Available actions include:

          • Add response header

            Adds the specified header and value to the outgoing response. If the specified header is already present, the system replaces it. If more than one header with the same name is present, the system removes all of them and adds one header corresponding to the specified header and value.

          • Extend response header

            Adds the specified prefix or suffix to the incoming request. Provide a prefix value, a suffix value, or both when you choose this action. The system does not support this rule for headers with multiple values.

          • Remove response header: These rules apply only to HTTP or HTTP2 headers.

            Removes the specified header. If the same header appears more than once in the response, the load balancer removes all occurrences of the specified header.

        • Header: A header name that conforms to RFC 7230.

          The system does not distinguish between underscore and dash characters in headers. That is, it treats example_header_name and example-header-name as identical. Oracle recommends that you do not rely on underscore or dash characters to uniquely distinguish header names.

        • Value: (Add rules only.) A header value that conforms to RFC 7230.

        • Prefix: (Extend rules only.) A character string to add to the beginning of the existing header name. The resulting header must conform to RFC 7230.

        • Suffix: (Extend rules only.) A character string to add to the end of the existing header name. The resulting header must conform to RFC 7230.

        • + Another response header rule: Click this button to create another rule or click the corresponding X to delete an existing rule.

      • Specify HTTP rules: Select to specify HTTP header options for a listener.

        • HTTP header buffer size: Select one of the following buffer sizes for the HTTP header from the list: None, 8k, 16k, 32k, 64k.

        • Allow invalid characters in HTTP header: Select to allow periods (".") and underscores ("_") in the HTTP header.

      • Specify HTTP header options: Select to specify HTTP header options for a listener.
        • HTTP header buffer size: Select one of the following buffer sizes for the HTTP header from the list: None, 8k, 16k, 32k, 64k.

        • Allow invalid characters in HTTP header: Check this box to allow invalid characters in the HTTP header.

    8. Click Create.

    After you create a rule set, the set becomes available for use with the associated load balancer. Update a listener to apply the rule set.

  • Use the oci lb rule-set create command and required parameters to create a rule set for a load balancer:

    oci lb rule-set create --name name --load-balancer-id load_balancer_id --items items [OPTIONS]

    For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

  • Run the CreateRuleSet operation to create a rule set for a load balancer.