Hi Igor, as I see, this is not true. I think ssl_fs is just persisted between request and response as this work fine without setting vars (as for below example), but never works for cookie header inserted by “cookie <name> insert …”. It seems that cookie insert method override every other set cookie methods (probably applied as last operation on the flow):
acl https_sess ssl_fc acl secure_c_present res.hdr(Set-Cookie),lower -m sub secure rspirep ^(set-cookie:.*) \1;\ Secure if https_sess !secure_c_present using vars instead doesn’t works, I tested trying to adding a header like this. It seems that this var is always false/null/empty: http-request set-var(txn.req_ssl) ssl_fc acl is_test var(txn.req_ssl) http-response set-header XXX-TEST-OPTIONS TEST1 if is_test is_test is never true as “http-request set-var(txn.req_ssl) ssl” is never what one think… if iI’m not wrong… [APK] [Unione] mlist APKAPPA s.r.l. sede legale Via F. Albani, 21 20149 Milano | p.iva/vat no. IT-08543640158 sede amministrativa e operativa Reggio Emilia (RE) via M. K. Gandhi, 24/A 42123 - sede operativa Magenta (MI) via Milano 89/91 20013 www.apkappa.it<http://www.apkappa.it> Ai sensi e per gli effetti della Legge sulla tutela della riservatezza personale (DL.gs. 196/03 e collegate), questa mail è destinata unicamente alle persone sopra indicate e le informazioni in essa contenute sono da considerarsi strettamente riservate. This email is confidential, do not use the contents for any purpose whatsoever nor disclose them to anyone else. If you are not the intended recipient, you should not copy, modify, distribute or take any action in reliance on it. If you have received this email in error, please notify the sender and delete this email from your system. From: Igor Cicimov <[email protected]> Sent: domenica 24 giugno 2018 10:54 To: mlist <[email protected]> Cc: [email protected] Subject: Re: cookie insert method secure On Wed, Jun 13, 2018 at 2:23 AM, mlist <[email protected]<mailto:[email protected]>> wrote: Hi, there is a mechanism to specify to command like: cookie <cokie_name> insert indirect preserve nocache httponly secure to insert secure only if the session is ssl ? So it is possible to use this command on a common http/https backend without using 2 different redundant backend ? You can use variables, set one for ssl and act upon in the backend as needed. There are also other cockie new security specifiers such as SameSite=… ? Thank you Rob [Image removed by sender. APK] [Image removed by sender. Unione] mlist APKAPPA s.r.l. sede legale Via F. Albani, 21<https://maps.google.com/?q=Via+F.+Albani,+21+20149+Milano&entry=gmail&source=g> 20149 Milano<https://maps.google.com/?q=Via+F.+Albani,+21+20149+Milano&entry=gmail&source=g> | p.iva/vat no. IT-08543640158 sede amministrativa e operativa Reggio Emilia (RE) via M. K. Gandhi, 24/A 42123 - sede operativa Magenta (MI) via Milano 89/91 20013 tel. 02 91712 000 | fax 02 91712 339 www.apkappa.it<http://www.apkappa.it> Ai sensi e per gli effetti della Legge sulla tutela della riservatezza personale (DL.gs. 196/03 e collegate), questa mail è destinata unicamente alle persone sopra indicate e le informazioni in essa contenute sono da considerarsi strettamente riservate. This email is confidential, do not use the contents for any purpose whatsoever nor disclose them to anyone else. If you are not the intended recipient, you should not copy, modify, distribute or take any action in reliance on it. If you have received this email in error, please notify the sender and delete this email from your system. -- Igor Cicimov | DevOps [Image removed by sender.] p. +61 (0) 433 078 728 e. [email protected]<http://encompasscorporation.com/> w. www.encompasscorporation.com<http://www.encompasscorporation.com> a. Level 4, 65 York Street, Sydney 2000
