Hello, list!

I was not clear in the previous post. I am sorry.

A frontend listen both for HTTP and for HTTPS.
It should set the "Secure" attribute to the cookies over the encrypted channel and not on the others.

frontend XXX-FE
  bind ssl crt /etc/ssl/private/XXX.pem
  http-response replace-header Set-Cookie (.*) \1;\ Secure if { ssl_fc }
  use_backend XXX if { path_beg -i /AAA }

backend XXX
  cookie rs insert indirect nocache httponly maxidle 1h
  server serverA check cookie A
  server serverB check cookie B

Testing with curl https://someserver/something.aspx the response has these two "Set-Coookie"

  Set-Cookie: ASP.NET=1hj2c; path=/; HttpOnly; Secure
  Set-Cookie: rs=A|WXipz; path=/; HttpOnly

The "Set-Cookie: ASP.NET=..." coming from the real server correctly has the "Secure" attribute set by the frontend.
The "Set-Cookie: rs=A..." inserted by haproxy is not set as "Secure".

Is there a way to set "Secure" also on the Set-Cookie set by haproxy with the same "if { ssl_fc }" condition?

Thank you


Reply via email to