So I thougt to catch the second one with another csw-rule "csw-rule r2 header "Host" equals "www.xxx.com:443" and just forward it only,
without changing it. But it seems Serveriron (ServerIronGT C-Series with WSM6-SSL 10.2.01w) ignore the port part (:443). I can't catch the double point, so I can't recognice the request arrives with: ":443" or without it. Does someone know a workaround for my problem?