Today at work we ended up having a nice discussion about how to interpret a small section of RFC 2616 in relation to load balancers. The section in question was:

A "host" without any trailing port information implies the default port for the service requested (e.g., "80" for an HTTP URL).

But first some background: We have web applications running behind HTTPS load balancers which terminate SSL traffic. The webapps are running on a non standard port and they were making some strange redirections. The load balancers don't rewrite the HTTP Host header, so the request go as plain HTTP to a non standard port requesting a host without a port number, like Host:www.example.com. The problem was that the web applications then explicitly added :80 to the redirection URL causing clients to caugh when they saw URLs like https://www.example.com:80/ (note the https added by the load balancer and the port number added by the web application). Apparently the RFC doesn't state that it is forbidden to add the port number even when it is not specified in the Host header but OTOH other applications don't include the port number in redirect when you don't include port numbers in the HTTP Host header.

In the end we got things fixed but how and why I'll post another day. First I'd like to hear opinions about how the proper way to do this.

BTW: At work we're seeking skilled Java developers, anyone interested is welcome to drop me a line (and we're a Linux shop if anyone should be in doubt).