Hey Oren- I was just looking at this code yesterday for another reason. This decision happens here: https://github.com/apache/incubator-trafficcontrol/blob/d86d6b5a218431ff42445e0efefddd5378883d8f/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/ds/DeliveryService.java#L230-L233
It looks sound, so perhaps either isSecure() is broken or there is a bypass port in the CRconfig? —Eric On Nov 1, 2017, at 7:01 AM, Oren Shemesh <or...@qwilt.com<mailto:or...@qwilt.com>> wrote: Hello, We have recently encountered some unexplained behaviour of TR, when there are no caches available so it redirects to the configured 'Bypass FQDN'. Below you can see a request to an HTTPS-only delivery service. The 'Bypass FQDN' configured for this DS is : bypass.videos.xxx.com<http://bypass.videos.xxx.com> TR redirects the https request to https://bypass.videos.xxx.com:80/... (I replaced some strings with 'xxx' and 'yyy' for my privacy :-0) To me it looks like a bug, who does TR specify port 80 for an HTTPS transaction, without any explicit configuration to do so ? Note that when there are caches available, the redirect to the cache happens without the :80, as it should be. Also note, in case it is relevant, that the origin URL for this DS is: https://<something> Any comments on this would be welcome. When no cache is available: orens@cq-rd09:~$ curl -sk -D - -o /dev/null https://tr.xxx.stage-cdn.yyy/AAA HTTP/1.1 302 Moved Temporarily Server: Apache-Coyote/1.1 Location: https://bypass.videos.xxx.com:80/AAA Content-Length: 0 Date: Wed, 01 Nov 2017 10:31:29 GMT When a cache is available: orens@cq-rd09:~$ curl -sk -D - -o /dev/null https://tr.xxx.stage-cdn.yyy/AAA HTTP/1.1 302 Moved Temporarily Server: Apache-Coyote/1.1 Location: https://p39-edge-lab.xxx.stage-cdn.yyy/AAA Content-Length: 0 Date: Wed, 01 Nov 2017 10:56:11 GMT Thanks, Oren. -- *Oren Shemesh* Qwilt | Work: +972-72-2221637| Mobile: +972-50-2281168 | or...@qwilt.com<mailto:or...@qwilt.com> <y...@qwilt.com<mailto:y...@qwilt.com>>
