Hi, You can use the respirep feature: rspirep ^Set-Cookie:\ (appsession.*) Set-Cookie:\ \1; HttpOnly
should do the trick. It should even be compatible with NTLM. Could you please give it a try and let me now if it works?? cheers On Wed, Jan 9, 2013 at 12:51 PM, duncan hall <[email protected]> wrote: > For PCI compliance I need to add the httponly cookie attribute to the > appsession cookie set by IIS 6.0. Any thoughts on how I could accomplish the > rewriting of this cookie using haproxy? > > Regards, > > Duncan
