Hello Moemen,
Thank you and very thoughtful of you to educate us on how HAProxy handles Websockets and logs cookies. Guidance such as these have helped us grow from a rank startup to offer SLA-based healthcare services to disadvantaged remote areas (where there are no hospitals/clinics) through our Web-based products. These patients indirectly benefit from your guidance, besides us who benefit directly. -------- Without the cookie in the request of the login page, our users are unable to login into the product. Going by your guidance, it would be advisable to insert the JSESSIONID received in server response back into the client request. This will help our product server authenticate users to login. Are we on the right path? https://www.haproxy.com/documentation/aloha/8-5/haproxy/traffic-capture/ à Insert a cookie if none presented by the client If we need to course correct, please advise alternatives. As advised, we are using for Websockets backend subdomain_cc timeout tunnel 3600s Thank you. Sincerely, Hemant K. Sabat Coscend Communications Solutions <http://www.coscend.com/> www.Coscend.com ------------------------------------------------------------------ Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly ------------------------------------------------------------------ CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html From: Moemen MHEDHBI [mailto:mmhed...@haproxy.com] Sent: Monday, November 27, 2017 1:15 PM To: haproxy@formilux.org Subject: Re: HAProxy 1.7.9 Not Capturing Application Session Cookie Hi Hemant, When using websocket, HAProxy will switch to tunnel mode whenever it detects the Connection: Upgrade header. Tunnel mode means that only the first request and response are processed and logged and everything else will be forwarded with no analysis, I think this is what happens with your 3.3.2 version. Normally you will only be able to see the cookie in the log if it is present in the request initiating the websocket connection. On the other hand, with your 3.3.0 version, HAProxy works in the default keep-alive-mode where every request is processed and logged. ++ On 24/11/2017 23:30, Coscend@Coscend wrote: Hello Moemen, Thank you for your encouraging insights. Below is the information you asked. >>Also you mentioned the application extensively uses Websockets. Is it only 3.3.2 using websockets ? if that is the case this may be a good lead since HAProxy does not handle websockets traffic in the same way as it does for normal http traffic. Yes, only v. 3.3.2 uses Websockets. (v. 3.3.0 did not use Websockets and access via HAProxy was seamless.) Could you please educate us on what configuration changes we need to do for Websockets traffic (vs. HTTP traffic)? >>In your first post you said that it is working for 3.3.0 but not 3.3.2, then maybe this is an application issue. Are you sure 3.3.2 does sent the JSESSIONID. Yes. Please see below JSESSIONID in the login page URL loaded, HAProxy logs and product log. Is there any other way to verify whether the v. 3.3.2 is publishing JSESSIONID? Through HAProxy, login page URL loads with a JSESSIONID: <https://coscend.com/CoscendCC.Test/signin;jsessionid=E916C54BB7A9EA30E3EC90 21AEF4CB79> https://coscend.com/CoscendCC.Test/signin;jsessionid=E916C54BB7A9EA30E3EC902 1AEF4CB79 HAProxy log has the same JSESSIONID ONLY in the first two lines -- in server response: Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60014 [23/Nov/2017:01:29:59.588] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/0/10/10 302 343 - JSESSIONID=E916C54BB7A9EA30E3EC9021AEF4CB79 ---- 1/1/0/0/0 0/0 {|coscend.com||} {||0|no-cache||./signin;jsessionid=||||||||no-cache|||||} "GET /CoscendCC.Test/ HTTP/1.1" Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60014 [23/Nov/2017:01:29:59.588] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/0/10/10 302 343 - JSESSIONID=E916C54BB7A9EA30E3EC9021AEF4CB79 ---- 1/1/0/0/0 0/0 {|coscend.com||} {||0|no-cache||./signin;jsessionid=||||||||no-cache|||||} "GET /CoscendCC.Test/ HTTP/1.1" Product log: DEBUG 11-24 15:10:26.951 1341302 145 MainPage [105-6083-exec-6] - WebSocketBehavior::onConnect [uid: ded43405-f081-4a04-be0c-b92dd510a94a, session: 6015021798DAE92F2F989D8ED5E0B9DE, key: <mailto:org.apache.wicket.protocol.ws.api.registry.PageIdKey@0> org.apache.wicket.protocol.ws.api.registry.PageIdKey@0] We have also tried the following new configuration, but HAProxy still does not capture request cookie or response cookie after first two lines. Thank you. HAProxy.cfg -------------- frontend webapps-frontend bind *:80 name http bind *:443 name https ssl crt "$SSL_CRT_FILE" option forwardfor http-request set-header X-Forwarded-Port %[dst_port] http-request set-header X-Forwarded-Proto https if { ssl_fc } option httplog log global option log-separate-errors capture cookie JSESSIONID len 63 capture request header Host len 64 capture response header Server len 20 acls acl host_coscend_http req.hdr(Host) coscend.com acl host_coscend_https req.hdr(Host) coscend.com use_backend subdomain_cc backend subdomain_cc timeout tunnel 3600s option http-buffer-request http-request set-header Host bk.coscend.local:6080 http-request set-header Origin "bk.coscend.local:6080" stick on urlp(JSESSIONID) stick on urlp(jsessionid) stick on cookie(JSESSIONID) stick store-response cookie(JSESSIONID) stick store-response res.cook(JSESSIONID) #stick match req.cook(JSESSIONID) stick store-request req.cook(JSESSIONID) stick store-request cookie(JSESSIONID) stick store-request urlp(JSESSIONID) stick store-request urlp(jsessionid) acl hdr_location res.hdr(Location) -m found rspirep ^(Location:)\ <http://bk.coscend.local:6080/CoscendCC.Test/%28.*%29$> http://bk.coscend.local:6080/CoscendCC.Test/(.*)$ Location:\ <https://coscend.com/CoscendCC.Test/2> https://coscend.com/CoscendCC.Test/\2 if hdr_location acl hdr_set_cookie_domain res.hdr(Set-cookie) -m found sub Domain=bk.coscend.local rspirep ^(Set-Cookie:.*)\ Domain=bk.coscend.local(.*) \1\ Domain=coscend.com\2 if hdr_set_cookie_domain acl hdr_set_cookie_path_cc_test res.hdr(Set-cookie) -m found sub Path= rspirep ^(Set-Cookie:.*)\ Path=(.*)$ \1\ Path=/CoscendCC.Test\2 if hdr_set_cookie_path_cc_test server CoscendCC.Test bk.coscend.local:6080 cookie cc-tt-d check Sincerely, Hemant K. Sabat Coscend Communications Solutions <http://www.coscend.com/> www.Coscend.com ------------------------------------------------------------------ Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly ------------------------------------------------------------------ CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html From: Moemen MHEDHBI [mailto:mmhed...@haproxy.com] Sent: Thursday, November 23, 2017 10:49 AM To: haproxy@formilux.org <mailto:haproxy@formilux.org> Subject: Re: HAProxy 1.7.9 Not Capturing Application Session Cookie Hi, Your configuration seems correct to me. In your first post you said that it is working for 3.3.0 but not 3.3.2, then maybe this is an application issue. Are you sure 3.3.2 does sent the JSESSIONID. Also you mentioned the application extensively uses Websockets. Is it only 3.3.2 using websockets ? if that is the case this may be a good lead since HAProxy does not handle websockets traffic in the same way as it does for normal http traffic. ++ On 23/11/2017 08:43, Coscend@Coscend wrote: Dear HAProxy Community, This is a follow up on a previous post after doing several additional configuration changes and tests. We would appreciate your insights to resolve the issue we are facing with non-capture of application session cookie in HAProxy logs. HAProxy 1.7.9 provides SSL termination and reverse proxy to our Java-based HTML5 Web application. The application extensively uses WebSockets. This application generates a session cookie that contains a JSESSIONID for session stickiness and authentication. We would like to capture the cookie contained in the request and response. With the configuration below, HAProxy fails to capture the session cookie as per the logs (see below). How could we refine our configuration? Or, is it a known limitation in HAProxy regarding application session cookie? Login page URL loads via HAProxy with a JSESSIONID: <https://coscend.com/CoscendCC.Test/signin;jsessionid=E916C54BB7A9EA30E3EC90 21AEF4CB79> https://coscend.com/CoscendCC.Test/signin;jsessionid=E916C54BB7A9EA30E3EC902 1AEF4CB79 HAProxy.cfg -------------- global defaults frontend webapps-frontend bind *:80 name http bind *:443 name https ssl crt "$SSL_CRT_FILE" option forwardfor http-request set-header X-Forwarded-Port %[dst_port] http-request set-header X-Forwarded-Proto https if { ssl_fc } option httplog log global option log-separate-errors capture cookie JSESSIONID len 63 capture request header Host len 64 capture response header Server len 20 acls acl host_coscend_http req.hdr(Host) coscend.com acl host_coscend_https req.hdr(Host) coscend.com use_backend subdomain_cc backend subdomain_cc timeout tunnel 3600s option http-buffer-request http-request set-header Host bk.coscend.local:6080 http-request set-header Origin "bk.coscend.local:6080" stick-table type string len 63 size 20M expire 360m stick store-response res.cook(JSESSIONID) stick match req.cook(JSESSIONID) #stick store-request req.cook(JSESSIONID) acl hdr_location res.hdr(Location) -m found rspirep ^(Location:)\ <http://bk.coscend.local:6080/CoscendCC.Test/%28.*%29$> http://bk.coscend.local:6080/CoscendCC.Test/(.*)$ Location:\ <https://coscend.com/CoscendCC.Test/2> https://coscend.com/CoscendCC.Test/\2 if hdr_location acl hdr_set_cookie_domain res.hdr(Set-cookie) -m found sub Domain=bk.coscend.local rspirep ^(Set-Cookie:.*)\ Domain=bk.coscend.local(.*) \1\ Domain=coscend.com\2 if hdr_set_cookie_domain acl hdr_set_cookie_path_cc_test res.hdr(Set-cookie) -m found sub Path= rspirep ^(Set-Cookie:.*)\ Path=(.*)$ \1\ Path=/CoscendCC.Test\2 if hdr_set_cookie_path_cc_test server CoscendCC.Test bk.coscend.local:6080 cookie cc-tt-d check LOG ------ Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60014 [23/Nov/2017:01:29:59.574] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/0/7/7 302 139 - - ---- 1/1/0/0/0 0/0 {|coscend.com||} {|||||/CoscendCC.Test|||||||||chunked||||} "GET /CoscendCC.Test HTTP/1.1" Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60014 [23/Nov/2017:01:29:59.574] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/0/7/7 302 139 - - ---- 1/1/0/0/0 0/0 {|coscend.com||} {|||||/CoscendCC.Test|||||||||chunked||||} "GET /CoscendCC.Test HTTP/1.1" Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60014 [23/Nov/2017:01:29:59.588] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/0/10/10 302 343 - JSESSIONID=E916C54BB7A9EA30E3EC9021AEF4CB79 ---- 1/1/0/0/0 0/0 {|coscend.com||} {||0|no-cache||./signin;jsessionid=||||||||no-cache|||||} "GET /CoscendCC.Test/ HTTP/1.1" Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60014 [23/Nov/2017:01:29:59.588] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/0/10/10 302 343 - JSESSIONID=E916C54BB7A9EA30E3EC9021AEF4CB79 ---- 1/1/0/0/0 0/0 {|coscend.com||} {||0|no-cache||./signin;jsessionid=||||||||no-cache|||||} "GET /CoscendCC.Test/ HTTP/1.1" Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60014 [23/Nov/2017:01:29:59.606] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/0/102/103 200 17936 - - ---- 1/1/0/0/0 0/0 {|coscend.com||} {|||no-cache||||||||||no-cache|chunked||||} "GET /CoscendCC.Test/signin;jsessionid=E916C54BB7A9EA30E3EC9021AEF4CB79 HTTP/1.1" Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60014 [23/Nov/2017:01:29:59.606] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/0/102/103 200 17936 - - ---- 1/1/0/0/0 0/0 {|coscend.com||} {|||no-cache||||||||||no-cache|chunked||||} "GET /CoscendCC.Test/signin;jsessionid=E916C54BB7A9EA30E3EC9021AEF4CB79 HTTP/1.1" Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60019 [23/Nov/2017:01:29:59.768] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/0/6/7 200 37037 - - ---- 6/6/5/5/0 0/0 {|coscend.com|| <https://coscend.com/Co> https://coscend.com/Co} {||36754|private|||||||||||||||} "GET /CoscendCC.Test/css/theme.min.css HTTP/1.1" Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60019 [23/Nov/2017:01:29:59.768] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/0/6/7 200 37037 - - ---- 6/6/5/5/0 0/0 {|coscend.com|| <https://coscend.com/Co> https://coscend.com/Co} {||36754|private|||||||||||||||} "GET /CoscendCC.Test/css/theme.min.css HTTP/1.1" Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60016 [23/Nov/2017:01:29:59.768] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/1/4/9 200 31354 - - ---- 6/6/4/4/0 0/0 {|coscend.com|| <https://coscend.com/Co> https://coscend.com/Co} {||31071|private|||||||||||||||} "GET /CoscendCC.Test/css/theme_om/jquery-ui.min.css HTTP/1.1" Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60016 [23/Nov/2017:01:29:59.768] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/1/4/9 200 31354 - - ---- 6/6/4/4/0 0/0 {|coscend.com|| <https://coscend.com/Co> https://coscend.com/Co} {||31071|private|||||||||||||||} "GET /CoscendCC.Test/css/theme_om/jquery-ui.min.css HTTP/1.1" Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60015 [23/Nov/2017:01:29:59.766] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/0/4/13 200 226575 - - ---- 6/6/3/4/0 0/0 {|coscend.com|| <https://coscend.com/Co> https://coscend.com/Co} {||226247|max-age=||||||||||cache|||||} "GET /CoscendCC.Test/wicket/resource/com.googlecode.wicket.kendo.ui.theme.Initial izer/kendo.common.min-ver-8A3704789F34B31A2CDF93FA6821B677.css HTTP/1.1" Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60015 [23/Nov/2017:01:29:59.766] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/0/4/13 200 226575 - - ---- 6/6/3/4/0 0/0 {|coscend.com|| <https://coscend.com/Co> https://coscend.com/Co} {||226247|max-age=||||||||||cache|||||} "GET /CoscendCC.Test/wicket/resource/com.googlecode.wicket.kendo.ui.theme.Initial izer/kendo.common.min-ver-8A3704789F34B31A2CDF93FA6821B677.css HTTP/1.1" Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60017 [23/Nov/2017:01:29:59.767] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/0/12/17 200 74365 - - ---- 6/6/2/2/0 0/0 {|coscend.com|| <https://coscend.com/Co> https://coscend.com/Co} {||74038|max-age=||||||||||cache|||||} "GET /CoscendCC.Test/wicket/resource/com.googlecode.wicket.kendo.ui.theme.Initial izer/kendo.default.min-ver-0A155AEB6D10327A05ADE80441C82B72.css HTTP/1.1" Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60017 [23/Nov/2017:01:29:59.767] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/0/12/17 200 74365 - - ---- 6/6/2/2/0 0/0 {|coscend.com|| <https://coscend.com/Co> https://coscend.com/Co} {||74038|max-age=||||||||||cache|||||} "GET /CoscendCC.Test/wicket/resource/com.googlecode.wicket.kendo.ui.theme.Initial izer/kendo.default.min-ver-0A155AEB6D10327A05ADE80441C82B72.css HTTP/1.1" Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60018 [23/Nov/2017:01:29:59.768] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/0/11/18 200 112970 - - ---- 6/6/1/2/0 0/0 {|coscend.com|| <https://coscend.com/Co> https://coscend.com/Co} {||112642|max-age=||||||||||cache|||||} "GET /CoscendCC.Test/wicket/resource/com.googlecode.wicket.kendo.ui.theme.Initial izer/kendo.default.mobile.min-ver-0F7D5348F49A4944681805E12457E9E0.css HTTP/1.1" Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60018 [23/Nov/2017:01:29:59.768] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/0/11/18 200 112970 - - ---- 6/6/1/2/0 0/0 {|coscend.com|| <https://coscend.com/Co> https://coscend.com/Co} {||112642|max-age=||||||||||cache|||||} "GET /CoscendCC.Test/wicket/resource/com.googlecode.wicket.kendo.ui.theme.Initial izer/kendo.default.mobile.min-ver-0F7D5348F49A4944681805E12457E9E0.css HTTP/1.1" Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60014 [23/Nov/2017:01:29:59.757] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/0/30/34 200 86916 - - ---- 6/6/0/1/0 0/0 {|coscend.com|| <https://coscend.com/Co> https://coscend.com/Co} {||86575|max-age=||||||||||cache|||||} "GET /CoscendCC.Test/wicket/resource/org.apache.wicket.resource.JQueryResourceRef erence/jquery/jquery-3.2.1-ver-3B390F5614B3789CE71FFA5C856AA35E.js HTTP/1.1" Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60014 [23/Nov/2017:01:29:59.757] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/0/30/34 200 86916 - - ---- 6/6/0/1/0 0/0 {|coscend.com|| <https://coscend.com/Co> https://coscend.com/Co} {||86575|max-age=||||||||||cache|||||} "GET /CoscendCC.Test/wicket/resource/org.apache.wicket.resource.JQueryResourceRef erence/jquery/jquery-3.2.1-ver-3B390F5614B3789CE71FFA5C856AA35E.js HTTP/1.1" Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60017 [23/Nov/2017:01:29:59.806] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/0/3/3 200 5538 - - ---- 6/6/4/4/0 0/0 {|coscend.com|| <https://coscend.com/Co> https://coscend.com/Co} {||5198|max-age=||||||||||cache|||||} "GET /CoscendCC.Test/wicket/resource/org.apache.wicket.ajax.AbstractDefaultAjaxBe havior/res/js/wicket-event-jquery-ver-E34C6FE16C54FE3DF3591290A48A496A.js HTTP/1.1" Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60017 [23/Nov/2017:01:29:59.806] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/0/3/3 200 5538 - - ---- 6/6/4/4/0 0/0 {|coscend.com|| <https://coscend.com/Co> https://coscend.com/Co} {||5198|max-age=||||||||||cache|||||} "GET /CoscendCC.Test/wicket/resource/org.apache.wicket.ajax.AbstractDefaultAjaxBe havior/res/js/wicket-event-jquery-ver-E34C6FE16C54FE3DF3591290A48A496A.js HTTP/1.1" Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60015 [23/Nov/2017:01:29:59.808] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/0/4/5 200 49654 - - ---- 6/6/3/2/0 0/0 {|coscend.com|| <https://coscend.com/Co> https://coscend.com/Co} {||49313|max-age=||||||||||cache|||||} "GET /CoscendCC.Test/wicket/resource/org.apache.wicket.ajax.AbstractDefaultAjaxBe havior/res/js/wicket-ajax-jquery-ver-F8010FEDC5FD9B05434A6023763E3050.js HTTP/1.1" Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60015 [23/Nov/2017:01:29:59.808] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/0/4/5 200 49654 - - ---- 6/6/3/2/0 0/0 {|coscend.com|| <https://coscend.com/Co> https://coscend.com/Co} {||49313|max-age=||||||||||cache|||||} "GET /CoscendCC.Test/wicket/resource/org.apache.wicket.ajax.AbstractDefaultAjaxBe havior/res/js/wicket-ajax-jquery-ver-F8010FEDC5FD9B05434A6023763E3050.js HTTP/1.1" Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60018 [23/Nov/2017:01:29:59.808] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/0/4/4 200 1972 - - ---- 6/6/2/1/0 0/0 {|coscend.com|| <https://coscend.com/Co> https://coscend.com/Co} {||1632|max-age=||||||||||cache|||||} "GET /CoscendCC.Test/wicket/resource/org.apache.wicket.markup.html.pages.BrowserI nfoForm/wicket-browser-info-ver-1B39F312E99A7047E967FDBBFE35211B.js HTTP/1.1" Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60018 [23/Nov/2017:01:29:59.808] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/0/4/4 200 1972 - - ---- 6/6/2/1/0 0/0 {|coscend.com|| <https://coscend.com/Co> https://coscend.com/Co} {||1632|max-age=||||||||||cache|||||} "GET /CoscendCC.Test/wicket/resource/org.apache.wicket.markup.html.pages.BrowserI nfoForm/wicket-browser-info-ver-1B39F312E99A7047E967FDBBFE35211B.js HTTP/1.1" Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60016 [23/Nov/2017:01:29:59.794] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/0/9/21 200 252879 - - ---- 6/6/1/1/0 0/0 {|coscend.com|| <https://coscend.com/Co> https://coscend.com/Co} {||252537|max-age=||||||||||cache|||||} "GET /CoscendCC.Test/wicket/resource/com.googlecode.wicket.jquery.ui.resource.JQu eryUIResourceReference/jquery-ui-ver-0A819924D70A18322660DEE759225D2B.js HTTP/1.1" Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60016 [23/Nov/2017:01:29:59.794] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/0/9/21 200 252879 - - ---- 6/6/1/1/0 0/0 {|coscend.com|| <https://coscend.com/Co> https://coscend.com/Co} {||252537|max-age=||||||||||cache|||||} "GET /CoscendCC.Test/wicket/resource/com.googlecode.wicket.jquery.ui.resource.JQu eryUIResourceReference/jquery-ui-ver-0A819924D70A18322660DEE759225D2B.js HTTP/1.1" Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60017 [23/Nov/2017:01:29:59.831] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/0/2/2 200 810 - - ---- 6/6/1/1/0 0/0 {|coscend.com|| <https://coscend.com/Co> https://coscend.com/Co} {||471|max-age=||||||||||cache|||||} "GET /CoscendCC.Test/wicket/resource/org.apache.coscendcc.web.common.MainPanel/ma in-ver-FEAEFD3550212BD00D7AA7077A9284CA.js HTTP/1.1" Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60017 [23/Nov/2017:01:29:59.831] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/0/2/2 200 810 - - ---- 6/6/1/1/0 0/0 {|coscend.com|| <https://coscend.com/Co> https://coscend.com/Co} {||471|max-age=||||||||||cache|||||} "GET /CoscendCC.Test/wicket/resource/org.apache.coscendcc.web.common.MainPanel/ma in-ver-FEAEFD3550212BD00D7AA7077A9284CA.js HTTP/1.1" Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60019 [23/Nov/2017:01:29:59.803] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/1/8/46 200 793589 - - ---- 6/6/0/0/0 0/0 {|coscend.com|| <https://coscend.com/Co> https://coscend.com/Co} {||793247|max-age=||||||||||cache|||||} "GET /CoscendCC.Test/wicket/resource/com.googlecode.wicket.kendo.ui.resource.Kend oUIJavaScriptResourceReference/kendo.ui.core.min-ver-BE95097F3DA64C6922D4916 1284F7AE8.js HTTP/1.1" Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60019 [23/Nov/2017:01:29:59.803] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/1/8/46 200 793589 - - ---- 6/6/0/0/0 0/0 {|coscend.com|| <https://coscend.com/Co> https://coscend.com/Co} {||793247|max-age=||||||||||cache|||||} "GET /CoscendCC.Test/wicket/resource/com.googlecode.wicket.kendo.ui.resource.Kend oUIJavaScriptResourceReference/kendo.ui.core.min-ver-BE95097F3DA64C6922D4916 1284F7AE8.js HTTP/1.1" Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60018 [23/Nov/2017:01:29:59.895] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/1/3/4 200 3284 - - ---- 6/6/0/0/0 0/0 {|coscend.com|| <https://coscend.com/Co> https://coscend.com/Co} {||2944|max-age=||||||||||cache|||||} "GET /CoscendCC.Test/wicket/resource/org.wicketstuff.urlfragment.UrlParametersRec eivingBehavior/urlfragment-ver-DBC507E012E2A775149FD09196030D3D.js HTTP/1.1" Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60018 [23/Nov/2017:01:29:59.895] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/1/3/4 200 3284 - - ---- 6/6/0/0/0 0/0 {|coscend.com|| <https://coscend.com/Co> https://coscend.com/Co} {||2944|max-age=||||||||||cache|||||} "GET /CoscendCC.Test/wicket/resource/org.wicketstuff.urlfragment.UrlParametersRec eivingBehavior/urlfragment-ver-DBC507E012E2A775149FD09196030D3D.js HTTP/1.1" Nov 23 01:30:00 localhost haproxy[6585]: 192.168.100.152:60018 [23/Nov/2017:01:29:59.998] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/1/73/75 200 26319 - - ---- 6/6/0/0/0 0/0 {|coscend.com|| <https://coscend.com/Co> https://coscend.com/Co} {|||max-age=||||||||||cache|chunked||||} "GET /CoscendCC.Test/wicket/bookmarkable/org.apache.coscendcc.web.pages.auth.Sign InPage;jsessionid=E916C54BB7A9EA30E3EC9021AEF4CB79?1--register-form-captcha- captcha HTTP/1.1" Nov 23 01:30:00 localhost haproxy[6585]: 192.168.100.152:60018 [23/Nov/2017:01:29:59.998] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/1/73/75 200 26319 - - ---- 6/6/0/0/0 0/0 {|coscend.com|| <https://coscend.com/Co> https://coscend.com/Co} {|||max-age=||||||||||cache|chunked||||} "GET /CoscendCC.Test/wicket/bookmarkable/org.apache.coscendcc.web.pages.auth.Sign InPage;jsessionid=E916C54BB7A9EA30E3EC9021AEF4CB79?1--register-form-captcha- captcha HTTP/1.1" Nov 23 01:30:00 localhost haproxy[6585]: 192.168.100.152:60018 [23/Nov/2017:01:30:00.081] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/0/32/33 200 22867 - - ---- 6/6/0/0/0 0/0 {|coscend.com|| <https://coscend.com/Co> https://coscend.com/Co} {|||max-age=||||||||||cache|chunked||||} "GET /CoscendCC.Test/wicket/bookmarkable/org.apache.coscendcc.web.pages.auth.Sign InPage;jsessionid=E916C54BB7A9EA30E3EC9021AEF4CB79?1--forget-form-captcha-ca ptcha HTTP/1.1" Nov 23 01:30:00 localhost haproxy[6585]: 192.168.100.152:60018 [23/Nov/2017:01:30:00.081] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/0/32/33 200 22867 - - ---- 6/6/0/0/0 0/0 {|coscend.com|| <https://coscend.com/Co> https://coscend.com/Co} {|||max-age=||||||||||cache|chunked||||} "GET /CoscendCC.Test/wicket/bookmarkable/org.apache.coscendcc.web.pages.auth.Sign InPage;jsessionid=E916C54BB7A9EA30E3EC9021AEF4CB79?1--forget-form-captcha-ca ptcha HTTP/1.1" Nov 23 01:30:00 localhost haproxy[6585]: 192.168.100.152:60019 [23/Nov/2017:01:30:00.246] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/1/2/3 200 3710 - - ---- 6/6/1/1/0 0/0 {|coscend.com|| <https://coscend.com/Co> https://coscend.com/Co} {||3428|private|||||||||||||||} "GET /CoscendCC.Test/css/images/logo.png HTTP/1.1" Nov 23 01:30:00 localhost haproxy[6585]: 192.168.100.152:60019 [23/Nov/2017:01:30:00.246] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/1/2/3 200 3710 - - ---- 6/6/1/1/0 0/0 {|coscend.com|| <https://coscend.com/Co> https://coscend.com/Co} {||3428|private|||||||||||||||} "GET /CoscendCC.Test/css/images/logo.png HTTP/1.1" Nov 23 01:30:00 localhost haproxy[6585]: 192.168.100.152:60018 [23/Nov/2017:01:30:00.245] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/0/5/6 200 64488 - - ---- 6/6/0/0/0 0/0 {|coscend.com|| <https://coscend.com/Co> https://coscend.com/Co} {||64184|max-age=||||||||||cache|||||} "GET /CoscendCC.Test/wicket/resource/com.googlecode.wicket.kendo.ui.theme.Initial izer/images/kendoui.woff?v=1.1 HTTP/1.1" Nov 23 01:30:00 localhost haproxy[6585]: 192.168.100.152:60018 [23/Nov/2017:01:30:00.245] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/0/5/6 200 64488 - - ---- 6/6/0/0/0 0/0 {|coscend.com|| <https://coscend.com/Co> https://coscend.com/Co} {||64184|max-age=||||||||||cache|||||} "GET /CoscendCC.Test/wicket/resource/com.googlecode.wicket.kendo.ui.theme.Initial izer/images/kendoui.woff?v=1.1 HTTP/1.1" Nov 23 01:30:00 localhost haproxy[6585]: 192.168.100.152:60018 [23/Nov/2017:01:30:00.322] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/1/2/4 200 4831 - - ---- 6/6/0/0/0 0/0 {|coscend.com|| <https://coscend.com/Co> https://coscend.com/Co} {||4549|private|||||||||||||||} "GET /CoscendCC.Test/css/theme_om/images/ui-icons_3d80b3_256x240.png HTTP/1.1" Nov 23 01:30:00 localhost haproxy[6585]: 192.168.100.152:60018 [23/Nov/2017:01:30:00.322] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/1/2/4 200 4831 - - ---- 6/6/0/0/0 0/0 {|coscend.com|| <https://coscend.com/Co> https://coscend.com/Co} {||4549|private|||||||||||||||} "GET /CoscendCC.Test/css/theme_om/images/ui-icons_3d80b3_256x240.png HTTP/1.1" Nov 23 01:30:00 localhost haproxy[6585]: 192.168.100.152:60019 [23/Nov/2017:01:30:00.368] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/0/2/2 200 11553 - - ---- 6/6/1/1/0 0/0 {|coscend.com|| <https://coscend.com/Co> https://coscend.com/Co} {||11294|private|||||||||||||||} "GET /CoscendCC.Test/public/favicon.ico HTTP/1.1" Nov 23 01:30:00 localhost haproxy[6585]: 192.168.100.152:60019 [23/Nov/2017:01:30:00.368] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/0/2/2 200 11553 - - ---- 6/6/1/1/0 0/0 {|coscend.com|| <https://coscend.com/Co> https://coscend.com/Co} {||11294|private|||||||||||||||} "GET /CoscendCC.Test/public/favicon.ico HTTP/1.1" Nov 23 01:30:00 localhost haproxy[6585]: 192.168.100.152:60018 [23/Nov/2017:01:30:00.366] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/1/5/7 200 312 - - ---- 6/6/0/0/0 0/0 {|coscend.com|| <https://coscend.com/Co> https://coscend.com/Co} {|||no-cache||||||||||no-cache|chunked||||} "GET /CoscendCC.Test/wicket/bookmarkable/org.apache.coscendcc.web.pages.auth.Sign InPage;jsessionid=E916C54BB7A9EA30E3EC9021AEF4CB79?1-1.0-&_=1511422199788& HTTP/1.1" Nov 23 01:30:00 localhost haproxy[6585]: 192.168.100.152:60018 [23/Nov/2017:01:30:00.366] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/1/5/7 200 312 - - ---- 6/6/0/0/0 0/0 {|coscend.com|| <https://coscend.com/Co> https://coscend.com/Co} {|||no-cache||||||||||no-cache|chunked||||} "GET /CoscendCC.Test/wicket/bookmarkable/org.apache.coscendcc.web.pages.auth.Sign InPage;jsessionid=E916C54BB7A9EA30E3EC9021AEF4CB79?1-1.0-&_=1511422199788& HTTP/1.1" Nov 23 01:30:00 localhost haproxy[6585]: 192.168.100.152:60018 [23/Nov/2017:01:30:00.429] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/1/4/5 200 388 - - ---- 6/6/0/0/0 0/0 {|coscend.com|| <https://coscend.com/Co> https://coscend.com/Co} {|||no-cache||||||||||no-cache|chunked||||} "GET /CoscendCC.Test/wicket/bookmarkable/org.apache.coscendcc.web.pages.auth.Sign InPage;jsessionid=E916C54BB7A9EA30E3EC9021AEF4CB79?1-1.0-signin&_=1511422199 789&navigatorAppName=Netscape&navigatorAppVersion=5.0%20(Windows%20NT%2010.0 %3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20C hrome%2F62.0.3202.94%20Safari%2F537.36&navigatorAppCodeName=Mozilla&navigato rCookieEnabled=true&navigatorJavaEnabled=false&navigatorLanguage=en-US&navig atorPlatform=Win32&navigatorUserAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3 B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chr ome%2F62.0.3202.94%20Safari%2F537.36&screenWidth=1600&screenHeight=900&scree nColorDepth=24&utcOffset=-6& Nov 23 01:30:00 localhost haproxy[6585]: 192.168.100.152:60018 [23/Nov/2017:01:30:00.429] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/1/4/5 200 388 - - ---- 6/6/0/0/0 0/0 {|coscend.com|| <https://coscend.com/Co> https://coscend.com/Co} {|||no-cache||||||||||no-cache|chunked||||} "GET /CoscendCC.Test/wicket/bookmarkable/org.apache.coscendcc.web.pages.auth.Sign InPage;jsessionid=E916C54BB7A9EA30E3EC9021AEF4CB79?1-1.0-signin&_=1511422199 789&navigatorAppName=Netscape&navigatorAppVersion=5.0%20(Windows%20NT%2010.0 %3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20C hrome%2F62.0.3202.94%20Safari%2F537.36&navigatorAppCodeName=Mozilla&navigato rCookieEnabled=true&navigatorJavaEnabled=false&navigatorLanguage=en-US&navig atorPlatform=Win32&navigatorUserAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3 B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chr ome%2F62.0.3202.94%20Safari%2F537.36&screenWidth=1600&screenHeight=900&scree nColorDepth=24&utcOffset=-6& Thank you. Sincerely, Hemant K. Sabat Coscend Communications Solutions <http://www.coscend.com/> www.Coscend.com ------------------------------------------------------------------ Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly ------------------------------------------------------------------ CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html From: Coscend@Coscend [mailto:haproxy.insig...@coscend.com] Sent: Thursday, September 21, 2017 2:27 PM To: haproxy@formilux.org <mailto:haproxy@formilux.org> Subject: HAProxy 1.7.9 Not Capturing Application Session Cookie Dear HAProxy Community, Your guidance on the following issue we are facing would be appreciated. CONTEXT ---------- We are running two versions of our application--APP-3.3.0 and APP-3.3.2--on the same server and same environment. Both the APPs are running perfectly if we directly access them, while bypassing HAProxy. ISSUE --------- While accessing these APPs through HAProxy, 1. APP-3.3.0: HAProxy is capturing JSESSIONID in logs. 2. APP-3.3.2: HAProxy is NOT capturing JSESSIONID in logs. QUESTION ---------------- Could you please advise how HAProxy captures application session cookies? Is the capture portion of our HAProxy config below incorrect? Or, is there a problem with our APP-3.3.2? Thank you. =========LOGS and CONFIG PARAMETERS============= HAProxy logs ----------------- APP-3.3.0: HAProxy captures JSESSIONID in each log line. Sep 21 13:36:07 localhost haproxy[10415]: 192.168.100.152:56085 [21/Sep/2017:13:36:07.914] webapps-frontend~ subdomain-backend/APP-3.3.0 0/0/0/3/10 200 86916 JSESSIONID=66BC3A6F228503A5D39F4B8E6F1FF951 - ---- 6/6/0/0/0 0/0 {<ourdomain>.com|| <https://> https://<ourdomain>.com/Co} {|86575|max-age=||||||||||cache|||||} "GET /APP-3.3.0/wicket/resource/org.apache.wicket.resource.JQueryResourceReferenc e/jquery/jquery-3.2.1-ver-3B390F5614B3789CE71FFA5C856AA35E.js HTTP/1.1" APP-3.3.2: JSESSIONID is missing in majority of the log lines. Sep 21 13:39:23 localhost proxy-server[10517]: 192.168.100.152:56391 [21/Sep/2017:13:39:23.450] webapps-frontend~ subdomain-backend/APP-3.3.2 0/0/1/4/8 200 86916 - - ---- 6/6/0/0/0 0/0 {<ourdomain>.com|| <https://> https://<ourdomain>.com/Co} {|86575|max-age=||||||||||cache|||||} "GET /APP-3.3.2/wicket/resource/org.apache.wicket.resource.JQueryResourceReferenc e/jquery/jquery-3.2.1-ver-3B390F5614B3789CE71FFA5C856AA35E.js HTTP/1.1" HAProxy 1.7.9 config (Relevant portion) ====================== frontend webapps-frontend http-request set-header X-Forwarded-Port %[dst_port] http-request set-header X-Forwarded-Proto https if { ssl_fc } ### Logging options option httplog log global #option logasap capture cookie JSESSIONID len 124 capture request header Host len 64 capture request header Content-Length len 10 capture request header Referer len 32 capture response header Server len 20 capture response header Content-Length len 10 capture response header Cache-Control len 8 capture response header Via len 20 capture response header Location len 20 capture response header X-Backend-Server-Name len 20 capture response header Content-Security-Policy len 128 capture response header Strict-Transport-Security len 64 capture response header X-Frame-Options len 32 capture response header X-XSS-Protection len 32 capture response header X-Content-Type-Options len 32 capture response header Referrer-Policy len 32 capture response header Pragma len 32 capture response header Transfer-Encoding len 32 capture response header Access-Control-Allow-Origin len 32 capture response header Access-Control-Allow-Headers len 32 capture response header Access-Control-Allow-Methods len 32 capture response header Access-Control-Allow-Credentials len 20 backend subdomain-backend http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" http-response set-header X-Frame-Options "SAMEORIGIN" # or "DENY" http-response set-header X-XSS-Protection "1; mode=block" http-response set-header X-Content-Type-Options "nosniff" http-response set-header Referrer-Policy "no-referrer-when-downgrade" http-response set-header Pragma "no-cache" #Deprecated, only for backwards compatibility with HTTP/1.0 clients. http-response set-header Cache-Control "nocache, no-store" http-response set-header Access-Control-Allow-Origin "*" #"%%{AccessControlAllowOrigin} env=AccessControlAllowOrigin" http-response set-header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, X-CSRF-Token, X-XSRF-TOKEN" http-response set-header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" http-response set-header Access-Control-Allow-Credentials "true" http-response set-header X-Backend-Server-Name %s <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_cam paign=sig-email&utm_content=emailclient> Virus-free. <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_cam paign=sig-email&utm_content=emailclient> www.avg.com -- Moemen MHEDHBI -- Moemen MHEDHBI --- This email has been checked for viruses by AVG. http://www.avg.com