Hello, list!
I was not clear in the previous post. I am sorry.
A frontend listen both for HTTP and for HTTPS.
It should set the "Secure" attribute to the cookies over the encrypted
channel and not on the others.
frontend XXX-FE
bind 10.64.44.160:80
bind 10.64.44.160:443 ssl crt /etc/ssl/private/XXX.pem
http-response replace-header Set-Cookie (.*) \1;\ Secure if { ssl_fc }
use_backend XXX if { path_beg -i /AAA }
backend XXX
cookie rs insert indirect nocache httponly maxidle 1h
server serverA 10.64.44.155:80 check cookie A
server serverB 10.64.44.156:80 check cookie B
Testing with curl https://someserver/something.aspx the response has
these two "Set-Coookie"
Set-Cookie: ASP.NET=1hj2c; path=/; HttpOnly; Secure
Set-Cookie: rs=A|WXipz; path=/; HttpOnly
The "Set-Cookie: ASP.NET=..." coming from the real server correctly has
the "Secure" attribute set by the frontend.
The "Set-Cookie: rs=A..." inserted by haproxy is not set as "Secure".
Is there a way to set "Secure" also on the Set-Cookie set by haproxy
with the same "if { ssl_fc }" condition?
Thank you
.marcoc
