API Gateway connect randomly to port 8080 in a normal HTTP call which should use port 80 .


Article ID: 145232


Updated On:


CA API Gateway API SECURITY CA API Gateway Precision API Monitoring Module for API Gateway (Layer 7) CA API Gateway Enterprise Service Manager (Layer 7) STARTER PACK-7 CA Microgateway


The gateway connect randomly to the backed on port 8080 while the service is setup to connect to port 80 using the "route to http" assertion.
Other services are supposed to use port 8080 but this one should not .


Release : 9.4

Component : API GTW 


The gateway was setup to use "keep alive" to the back-end but the service is overwriting the host header in the"route to http" assertions with the variable ${request.url.host} .

The host header  is supposed to contain the back-end target host and port .

The Host request-header field specifies the Internet host and port number of the resource being requested, as obtained from the original URI given by the user or referring resource (generally an HTTP URL,

as described in section 3.2.2). The Host field value MUST represent the naming authority of the origin server or gateway given by the original URL. This allows the origin server or gateway to differentiate between internally-ambiguous URLs, such as the root "/" URL of a server for multiple host names on a single IP address.

       Host = "Host" ":" host [ ":" port ] ; Section 3.2.2
Setting this to ${request.url.host}  is conflicting with the keep alive which is using the header to determine if a connection is eligible for reuse causing the gateway to potential reuse a wrong open tcp connection.