Hello,

When the cs_uri field is not present in the log, the url field is evaluated from cs_uri_scheme, cs_host, cs_uri_path  and cs_uri_query. 
But it does not take in account the cs_uri_port in case the url use a non standard port.
For instance, if the real URL is http://somesite:8080/foo/bar, the TA will compute the url field as http://somesite/foo/bar.

To solve this for the most common protocols (http, https with and w/o interception, ftp & rtsp), the line 
EVAL-url = coalesce(cs_uri, if(isnull(cs_uri_scheme) OR (cs_uri_scheme=="-"), "", cs_uri_scheme+"://") + cs_host + cs_uri_path + if(isnull(cs_uri_query) OR (cs_uri_query == "-"), "", cs_uri_query))
should be replaced by 
EVAL-url = coalesce(cs_uri, if(isnull(cs_uri_scheme) OR (cs_uri_scheme=="-"), "", cs_uri_scheme+"://") + cs_host + if((cs_uri_scheme=="http" AND cs_uri_port!=80) OR (cs_uri_scheme IN ("https","ssl") AND cs_uri_port!=443) OR (cs_uri_scheme="tcp" AND cs_method="CONNECT" AND cs_uri_port!="443") OR (cs_uri_scheme="ftp" AND cs_uri_port!=21) OR (cs_uri_scheme=="rtsp" AND cs_uri_port!=554),":".cs_uri_port,"") + cs_uri_path + if(isnull(cs_uri_query) OR (cs_uri_query == "-"), "", cs_uri_query))