Hi Igor, I use fe_https:443-> be_http From: Igor Cicimov [mailto:[email protected]] Sent: venerdì 22 settembre 2017 00:44 To: rob.mlist <[email protected]> Cc: HAProxy <[email protected]> Subject: Re: Set-Cookie Secure
On 18 Sep 2017 10:37 pm, "rob.mlist" <[email protected]<mailto:[email protected]>> wrote: I set 2 cookies on behalf of Backend Servers: one with these configuration lines at Frontend: rspadd Set-Cookie:\ x_cookie_servedby=web1_;\ path=/ if id_web1 !back_cookie_present rspadd Set-Cookie:\ x_cookie_servedby=web4_;\ path=/ if id_web4 !back_cookie_present rspadd Set-Cookie:\ x_cookie_servedby=web10_;\ path=/ if id_web10 !back_cookie_present one at Backend with these line (and Backend cookie directive on each server): cookie cookie_ha_srvid insert indirect preserve nocache now I need to change every response to clients to add "secure" attribute for all client encrypted connections. I applied following rules, but no secure attribute is added to the response: acl https_sess ssl_fc acl secured_cookie res.hdr(Set-Cookie),lower -m sub secure rspirep ^(set-cookie:.*) \1;\ Secure if https_sess !secured_cookie Roberto Well if you are handling the requests in two different, lets call them pipelines, like fe_http:80->be_http and fe_https:443-> be_https you can obviously set secure cookies for the second one only without any acl gymnastics.
