Unfortunately forwarding by URL is very tricky. The problem is that ideally you are running your traffic over an SSL tunnel (https) so that the same encryption that keeps bad guys from sniffing out credentials and data is also the same encryption that keeps the router from sniffing out the intended URL.
There are two ways to resolve this. The first is to replace your router with a higher-end security device that is capable of performing รค technique sometimes referred to as ssl-bridging. In this scenario, your public SSL certificates get installed on the edge device and each server on the private network uses a private certificate singed by an internal CA. Because the public certificate is on the security device, it is capable of encrypting and decrypting traffic. It can then read the URL, re-encrypt the traffic using the private certificate of the intended destination machine, and pass the traffic along. Microsoft's ISA server and TMG server are capable of this, among others. The downside to this technique is that administrative overhad goes up a bit. You have to understand exactly what is happening on the ISA server to effectively administer such a setup and troubleshooting can be tricky. Only a very skilled and experienced IT admin should tackle this setup. But when it works, it works EXTREMELY well.
The secound option is to purchase a second IP address from your ISP. You'll also need a router capable of binding to two IP addresses, but there are many on the market that do this. Then you can forward all traffic from <address 1>:443 to server A and all traffic from <address 2>:443 to server B. You aren't doing any filtering and no decryption is happening at the edge, but the result is a much easier layout, simple to setup and maintain.
Hope that helps.
