Google Cloud Platform load balancer routing issue with URL mapping and backend selection

I’m working with a GCP application load balancer that has two different backends configured. My setup should route most traffic to the primary backend, but I need all requests going to /login/* to be handled by my authentication backend instead.

I’ve tried different URL mapping configurations but can’t get the routing to work correctly. Here’s what I’m seeing:

Incoming URL Should go to Expected path Actually goes to Actual path
mydomain.com primary-backend mydomain.com auth-backend ''
mydomain.com/ primary-backend mydomain.com/ auth-backend ''
mydomain.com/test primary-backend mydomain.com/test auth-backend ''
mydomain.com/login/verify auth-backend mydomain.com/verify auth-backend mydomain.com/login/verify

My current URL map looks like this:

defaultService: https://www.googleapis.com/compute/v1/projects/my-app/global/backendServices/primary-backend
hostRules:
- hosts: [mydomain.com, '*.mydomain.com']
  pathMatcher: main-matcher
name: app-urlmap
pathMatchers:
- defaultService: https://www.googleapis.com/compute/v1/projects/my-app/global/backendServices/primary-backend
  name: main-matcher
  routeRules:
  - matchRules:
    - pathTemplateMatch: /login/{route=**}
    priority: 1
    service: https://www.googleapis.com/compute/v1/projects/my-app/global/backendBuckets/auth-backend
    routeAction:
      urlRewrite:
        pathTemplateRewrite: /{route}

When I run the validation, most requests are going to the wrong backend and the URL rewriting isn’t working as expected. What could be causing this routing problem?

check your priority settings - routeRules might conflict with defaultService. that pathTemplateMatch syntax looks off too. try pathPrefixMatch: “/login/” instead. i had the same weird routing issues when my path matching got too complex and gcp just fell back to defaults.

This looks like a mismatch between your backend service and backend bucket references in your URL map config. You’ve got auth-backend defined as a backend bucket in the route rule, but your main backend is correctly set as a backend service. This inconsistency breaks the load balancer’s routing validation and causes weird default behavior.

I ran into the exact same issue when I mixed backend services and backend buckets in one URL map. Fix: make sure both backends are the same type. If your auth backend is actually a compute service, switch the service reference to use backendServices instead of backendBuckets. Also check that your path template matching syntax is right - the {route=**} pattern should capture everything after /login/ but verify both backends are actually deployed and healthy in the same region as your load balancer.

hmm curious about your path rewriting - are you sure the auth backend expects the stripped paths? when /login/verify becomes /verify, does your auth service actually handle that route? also what happens if you test without the urlRewrite first to see if basic routing works?