I had the below config in place so TCP 443 traffic terminated on 184.108.40.206 and unencrypted traffic was sent onto backend servers via a content rule setup to listen on TCP 80 for IP address 10.10.10.10.
If i used a browser and connected to the VIP 220.127.116.11:443 then all was good and everything worked as expected. However we have an application that specifies the port along with the host in the HTTP host header so rather than Host: 18.104.22.168 it would have Host: 22.214.171.124:443
For whatever reason when the host header has the port appended things brake and i'm not sure what the CSS does but the backend servers never receive any traffic. From the client end it seems to go through the client/server hello and at least sends the HTTPS request.
To fix this, i just changed the 10.10.10.10 to be 126.96.36.199 so the VIP was the same as the back-end content rule IP used with the cipher suite.
More out of curiosity than anything but is this a known bug or by design? I'm not sure why having the SSL VIP being different to the backend content rule IP would allow HTTP requests with just the host in the host header and not when there is a port appended ?