You inspired me when I wrote it! Baptiste
On Fri, Jan 31, 2014 at 11:36 AM, Ricardo <[email protected]> wrote: > Hello, > > Yes, with this lines: > > acl secure res.hdr(Set-Cookie),lower -m sub secure > rspirep ^(Set-cookie:.*) \1;\ Secure if ! secure > > Lookinig for information, I arrive to this entry of the blog: > > https://blog.exceliance.fr/2014/01/30/how-to-protect-application-cookies-while-offloading-ssl/ > which have nearly the same piece of code as above. > > > Regards, > > > > ________________________________ >> Date: Tue, 28 Jan 2014 12:18:23 +0100 >> Subject: RE: Add secure to all cookies passed to the client >> From: [email protected] >> To: [email protected] >> CC: [email protected] >> >> >> Hi, >> >> You could fix this with an acl to prevent adding the secure flag if one >> is present. >> >> Baptiste >> >> Le 28 janv. 2014 12:09, "Ricardo" >> <[email protected]<mailto:[email protected]>> a écrit : >> Thanks, It works as expected. >> >> A a note, if the cookie have already the secure flag, with this rule, >> pass to have two secure flags, but I don't have any issue with this >> behavior. >> >> Regards, >> >> >> ---------------------------------------- >>> Date: Sat, 25 Jan 2014 11:26:55 +0100 >>> From: [email protected]<mailto:[email protected]> >>> To: [email protected]<mailto:[email protected]> >>> CC: [email protected]<mailto:[email protected]> >>> Subject: Re: Add secure to all cookies passed to the client >>> >>> Hi Ricardo, >>> >>> On Thu, Jan 09, 2014 at 10:35:46AM +0100, Ricardo wrote: >>>> Whit this conf, the result of the cookies passed to the client is this: >>>> >>>> Set-Cookie: JSESSIONID=1EAA38A1BD418EB1A79DD64E1AE9A407; Path=/; HttpOnly >>>> Set-Cookie: WEBSERVERID=B|Us5p2|Us5p2; path=/ >>>> >>>> But I'm looking for secure this cookies in the haproxy:443. If I >> modify the conf in the backend of this balancer with "cookie >> WEBSERVERID rewrite secure", the result is the same. >>>> >>>> If I modify to "cookie WEBSERVERID insert secure", the result is this: >>>> >>>> Set-Cookie: JSESSIONID=1EAA38A1BD418EB1A79DD64E1AE9A407; Path=/; HttpOnly >>>> Set-Cookie: WEBSERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; >> path=/; Secure >>>> >>>> But I'm looking for a complete rewrite of all cookies without >> loosing information and with the secure option. Is it possible? >>> >>> What you're talking about is rewriting cookie headers sent by the >>> server. In short, you want something like this to append "Secure" >>> to the Server cookies : >>> >>> rspirep ^(set-cookie:.*) \1;\ Secure >>> >>> And of course you keep the "secure" flag on your "cookie" statements. >>> >>> Regards, >>> Willy >>> >>>
