Thanks, It works as expected. A a note, if the cookie have already the secure flag, with this rule, pass to have two secure flags, but I don't have any issue with this behavior.
Regards, ---------------------------------------- > Date: Sat, 25 Jan 2014 11:26:55 +0100 > From: [email protected] > To: [email protected] > CC: [email protected] > Subject: Re: Add secure to all cookies passed to the client > > Hi Ricardo, > > On Thu, Jan 09, 2014 at 10:35:46AM +0100, Ricardo wrote: >> Whit this conf, the result of the cookies passed to the client is this: >> >> Set-Cookie: JSESSIONID=1EAA38A1BD418EB1A79DD64E1AE9A407; Path=/; HttpOnly >> Set-Cookie: WEBSERVERID=B|Us5p2|Us5p2; path=/ >> >> But I'm looking for secure this cookies in the haproxy:443. If I modify the >> conf in the backend of this balancer with "cookie WEBSERVERID rewrite >> secure", the result is the same. >> >> If I modify to "cookie WEBSERVERID insert secure", the result is this: >> >> Set-Cookie: JSESSIONID=1EAA38A1BD418EB1A79DD64E1AE9A407; Path=/; HttpOnly >> Set-Cookie: WEBSERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; >> Secure >> >> But I'm looking for a complete rewrite of all cookies without loosing >> information and with the secure option. Is it possible? > > What you're talking about is rewriting cookie headers sent by the > server. In short, you want something like this to append "Secure" > to the Server cookies : > > rspirep ^(set-cookie:.*) \1;\ Secure > > And of course you keep the "secure" flag on your "cookie" statements. > > Regards, > Willy > >
