HTTP conditional dnat if Host: value in http-header matches

RouterOS General
1

I have:
Mikrotik RB750GL, os v 5.25
Subdomain: some.example.com (A record to 1.1.1.1)
External IP: 1.1.1.1
Internal IP: 2.2.2.2 with web-server on 80 port

I want if client go to address http://some.example.com, mikrotik see http-header with l7-filter regexp on 1.1.1.1 in mangle and mark it. Then in nat i am dnat this marked connection to 2.2.2.2.

Trouble is - packets don’t want marking. Packet counter is 0. Maybe because i write wrong regexp. Help me please who can.

/ip firewall nat 
chain=dstnat action=dst-nat to-addresses=2.2.2.2 to-ports=80 protocol=tcp dst-address=1.1.1.1 dst-port=80 connection-mark=some.example.com-forward
/ip firewall mangle
chain=prerouting action=mark-connection new-connection-mark=some.example.com-forward passthrough=no dst-address=1.1.1.1 layer7-protocol=dvr-http
/ip firewall layer7-protocol
 # NAME                                                                                                     REGEXP
 0 dvr-http                                                                                                 ^\S+ \S+ HTTP\/\d\.\d.+Host\:([^\n\.]+\.)*some\.example\.com.*\n\n
2

I am not good with RegExp stuff but…

Do you have another webserver the user gets pointed to if they do not specify the host header info or are you using this as a line of defense from ip scanning?

You could oversimplify the Regexp to
some.example.com

so long as you did not have other uses for the incoming detection of the URL, this should work. You can test your RegExp at this site as well: http://regexpal.com/ There are many of these sites out there.

3

I dont know enough about this setup to be able to tell you if it would work or not, but i suggest looking at a proxy server, like Squid or NGinX to act as a reverse proxy. All port 80 traffic to that box, and let it figure out where to send it in the background… thats what i do on my network…