Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SSL 443 to Clear 8080 Application wants to see :8080 in hdr


I'm using a CSS11501 with SSLmod SSLclient_side - ClearServer_side.

All is fine except that the back-end (java) application wants to see :8080 in the header as if it were entered from a browser.



Is there a way of inserting :8080 to calls to the server ?

I am sending traffic to the servers on port 8080 ok but get a MOCK application error returned - it just needs the :8080

A network trace showed the only difference between routing over the CSS (successful) or hitting the VIP (error returned) was that :8080 was missing in the http GET.

Any ideas ?



Cisco Employee

Re: SSL 443 to Clear 8080 Application wants to see :8080 in hdr


unfortunately the CSS (and it's the same for other loadbalancers) do not change the content of the traffic.

So, there is no way to add the :8080 to the Host Field.

(modifying the content means computing new CRC, checking packet size so it stays below MSS and MTU, ...)

You could either change your application to not look at the port inside the host field, or try a trick by redirecting the client to https://....:8080/...., decrypt this traffic and send it cleartext to the server.

It should come with the host field set to ...:8080


New Member

Re: SSL 443 to Clear 8080 Application wants to see :8080 in hdr

Many thanks Gilles

I think they will need to change their application.

I had tried everything I could think of but thought if there was another way - you would know.

A case of developers testing app's in an environment that in no way reflects the real world, I think?

Thanks again.


Re: SSL 443 to Clear 8080 Application wants to see :8080 in hdr

Hi Gilles, you suggestion has picqued my interest somewhat, but I am not sure where this redirection would potentially fit - are you proposing this before the initial SSL content rule?

I do agree the best option would be to mod the application, but it is always useful to know options, even if they are not the best of ideas!