Hi, (haproxy 1.5.x)
I'm trying to redirect url and set cookie with expire / secure / HttpOnly. Is there a better way than (ab)using errorfile 503 and backend with no servers: frontend testing ... acl is_ie_frontpage path_beg /test_frontpage ... use_backend BE_ie if is_ie_frontpage backend BE_ie errorfile 503 /etc/haproxy/errors/ie_redirect.html (and ie_redirect.html: HTTP/1.1 302 Found Set-Cookie: uefspnego=1; Expires=Mon, 09 Jun 2025 10:18:14 GMT; path=/idp; secure; HttpOnly Cache-Control: no-cache Content-Length: 0 Location: http://real.front.page/ Connection: close (I've tried with: backend BE_ie rspadd Set-Cookie:\ uefspnego=1... redirect location http://real.front.page/ code 303/302 but the rspadd didn't seem to work ? And since I need to add a long Expires can't use redirect location http... code 303 set cookie ...) (the uefspnego cookie should only be added when browser visits the /test_frontpage url). What I'm trying to accomplish is setting uefspnego cookie to browsers that are in our active directory domain (ie. capable of spnego/kerberos authentication). --> With group policy set Internet Explorer home page to this special url(https://.../test_frontpage) and this special url sets uefspnego cookie and redirects the browser to "real" homepage. Or is there a way to add cookie to Internet Explorer with group policy (or some other automation tool, we have a few thousand machines so I'd like to avoid anything that requires user interaction / manual labor). (I guess instead of uefspnego cookie we could add a string to User-Agent, I assume this is possible with group policy, but I guess changing UA makes it a bit easier to track our users). All ideas welcome. -Jarno -- Jarno Huuskonen
