Then you can unconditionally include Secure in your "rspadd Set-Cookie ..." since the communication between the client and HAP is always over SSL. Or am I missing something?
On Fri, Sep 22, 2017 at 10:18 AM, mlist <[email protected]> wrote: > Hi Igor, I use fe_https:443-> be_http > > > > *From:* Igor Cicimov [mailto:[email protected]] > *Sent:* venerdì 22 settembre 2017 00:44 > *To:* rob.mlist <[email protected]> > *Cc:* HAProxy <[email protected]> > *Subject:* Re: Set-Cookie Secure > > > > > > > > On 18 Sep 2017 10:37 pm, "rob.mlist" <[email protected]> wrote: > > I set 2 cookies on behalf of Backend Servers: one with these configuration > lines at Frontend: > > > > rspadd Set-Cookie:\ x_cookie_servedby=web1_;\ path=/ if id_web1 > !back_cookie_present > > rspadd Set-Cookie:\ x_cookie_servedby=web4_;\ path=/ if id_web4 > !back_cookie_present > > rspadd Set-Cookie:\ x_cookie_servedby=web10_;\ path=/ if id_web10 > !back_cookie_present > > > > one at Backend with these line (and Backend cookie directive on each > server): > > cookie cookie_ha_srvid insert indirect preserve nocache > > > > now I need to change every response to clients to add "secure" attribute > for all client encrypted connections. > > I applied following rules, but *no secure attribute is added to the > response*: > > > > acl https_sess ssl_fc > > acl secured_cookie res.hdr(Set-Cookie),lower -m sub secure > > rspirep ^(set-cookie:.*) \1;\ Secure if https_sess !secured_cookie > > > > > > Roberto > > Well if you are handling the requests in two different, lets call them > pipelines, like fe_http:80->be_http and fe_https:443-> be_https you can > obviously set secure cookies for the second one only without any acl > gymnastics. > > >
