Layer 7 Transparent Proxy

So, I have a rule that will redirect to the web proxy based on port:

[admin@MikroTik] /ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
 0    chain=dstnat action=redirect to-ports=8080 protocol=tcp dst-port=80 log=yes log-prefix="[REDIR] "

 1    ;;; default configuration
      chain=srcnat action=masquerade out-interface=WAN log=no log-prefix=""

This works.

But when I change it to use layer 7 matching rather than port, it does not work:

0    chain=dstnat action=redirect to-ports=8080 protocol=tcp layer7-protocol=http log=yes log-prefix="[REDIR] "

The layer 7 protocol is defined like this:

18 name="http" regexp="http/(0\.9|1\.0|1\.1) [1-5][0-9][0-9] [\x09-\x0d -~]*(connection:|content-type:|content-length:|date:)|post [\x09-\x0d -~]* http/[01]\.[019]\r\n"

What am I doing wrong here?

0 chain=dstnat action=redirect to-ports=8080 dst-port=80 protocol=tcp layer7-protocol=http log=yes log-prefix="[REDIR] "

I could be wrong, but…if the conversation is far enough along to recognise the protocol at L7 to be HTTP, surely it’s too late to rewrite the port?