Re: HAProxy 1.7.9 Not Capturing Application Session Cookie
Hi Hermant, On 27/11/2017 20:31, Coscend@HAProxy wrote: > > Hello Moemen, > > > > Thank you and very thoughtful of you to educate us on how HAProxy > handles Websockets and logs cookies. Guidance such as these have > helped us grow from a rank startup to offer SLA-based healthcare > services to disadvantaged remote areas (where there are no > hospitals/clinics) through our Web-based products. These patients > indirectly benefit from your guidance, besides us who benefit directly. > > > > > It is great to know that HAProxy is contributing to such projects :) > Without the cookie in the request of the login page, our users are > unable to login into the product. Going by your guidance, it would be > advisable to insert the JSESSIONID received in server response back > into the client request. This will help our product server > authenticate users to login. Are we on the right path? > If a server is inserting a cookie when replying to HAProxy, then HAProxy should send that cookie when replying to the client (unless you are asking explicitly HAProxy to remove the cookie). So I am almost sure that if there is no cookie logged then that is because there is actually no cookies sent (via set-cookie). > https://www.haproxy.com/documentation/aloha/8-5/haproxy/traffic-capture/ > àInsert a cookie if none presented by the client > > > > If we need to course correct, please advise alternatives. > > > > As advised, we are using for Websockets > > backend subdomain_cc > > timeout tunnel 3600s > I am not sure this is going to help as you don't just need to insert a cookie but you need to have a cookie with the right value to make this work. (Unless I am mistaken about how your app works) I think we are being confused by the whole Websocket thing while it **shouldn't be** the case. Sorry for the confusion but Websocket is probably not the problem here. So I am going to get back to some of your previous questions in order to make this clearer. > > > > > > *From:*Moemen MHEDHBI [mailto:mmhed...@haproxy.com] > *Sent:* Monday, November 27, 2017 1:15 PM > *To:* haproxy@formilux.org > *Subject:* Re: HAProxy 1.7.9 Not Capturing Application Session Cookie > > > > Hi Hemant, > > When using websocket, HAProxy will switch to tunnel mode whenever it > detects the Connection: Upgrade header. > > Tunnel mode means that only the first request and response are > processed and logged and everything else will be forwarded with no > analysis, I think this is what happens with your 3.3.2 version. > Normally you will only be able to see the cookie in the log if it is > present in the request initiating the websocket connection. > > On the other hand, with your 3.3.0 version, HAProxy works in the > default keep-alive-mode where every request is processed and logged. > > ++ > > > > On 24/11/2017 23:30, Coscend@Coscend wrote: > > Hello Moemen, > > > > Thank you for your encouraging insights. Below is the information > you asked. > > > > >>Also you mentioned the application extensively uses Websockets. Is it > only 3.3.2 using websockets ? if that is the case this may be a > good lead since HAProxy does not handle websockets traffic in the > same way as it does for normal http traffic. > > > > Yes, only v. 3.3.2 uses Websockets. (v. 3.3.0 did not use > Websockets and access via HAProxy was seamless.) > > > > Could you please educate us on what configuration changes we need > to do for Websockets traffic (vs. HTTP traffic)? > Basically, There is nothing really that have to be changed in your HAProxy configuration with your 3.3.2 version, as long as you are sending the cookie in the same way (cookie header). Your new app will be talking HTTP (and that is where cookies and headers can be processed) then when switching to websocket we don't have to talk any more about the JSESSIONID or anything else related to HTTP. > > > >>In your first post you said that it is working for 3.3.0 but not > 3.3.2, then maybe this is an application issue. Are you sure 3.3.2 > does sent the JSESSIONID. > > > > Yes. Please see below JSESSIONID in the login page URL loaded, > HAProxy logs and product log. Is there any other way to verify > whether the v. 3.3.2 is publishing JSESSIONID? > I think this is the most important part, you need to know when the JSESSIONID cookie is being sent and if it is the case then you should be able to see that in HAProxy logs. > > > > Through HAProxy, login page URL loads with a JSESSIONID: > > https://coscend.com/CoscendCC.
RE: HAProxy 1.7.9 Not Capturing Application Session Cookie
Hello Moemen,
Thank you and very thoughtful of you to educate us on how HAProxy handles
Websockets and logs cookies. Guidance such as these have helped us grow
from a rank startup to offer SLA-based healthcare services to disadvantaged
remote areas (where there are no hospitals/clinics) through our Web-based
products. These patients indirectly benefit from your guidance, besides us
who benefit directly.
Without the cookie in the request of the login page, our users are unable to
login into the product. Going by your guidance, it would be advisable to
insert the JSESSIONID received in server response back into the client
request. This will help our product server authenticate users to login.
Are we on the right path?
https://www.haproxy.com/documentation/aloha/8-5/haproxy/traffic-capture/ à
Insert a cookie if none presented by the client
If we need to course correct, please advise alternatives.
As advised, we are using for Websockets
backend subdomain_cc
timeout tunnel 3600s
Thank you.
Sincerely,
Hemant K. Sabat
Coscend Communications Solutions
<http://www.coscend.com/> www.Coscend.com
--
Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education,
Telepresence Services, on the fly
--
CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
Messages from Coscend Communications Solutions' posted at:
<http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html>
http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
From: Moemen MHEDHBI [mailto:mmhed...@haproxy.com]
Sent: Monday, November 27, 2017 1:15 PM
To: haproxy@formilux.org
Subject: Re: HAProxy 1.7.9 Not Capturing Application Session Cookie
Hi Hemant,
When using websocket, HAProxy will switch to tunnel mode whenever it detects
the Connection: Upgrade header.
Tunnel mode means that only the first request and response are processed and
logged and everything else will be forwarded with no analysis, I think this
is what happens with your 3.3.2 version. Normally you will only be able to
see the cookie in the log if it is present in the request initiating the
websocket connection.
On the other hand, with your 3.3.0 version, HAProxy works in the default
keep-alive-mode where every request is processed and logged.
++
On 24/11/2017 23:30, Coscend@Coscend wrote:
Hello Moemen,
Thank you for your encouraging insights. Below is the information you
asked.
>>Also you mentioned the application extensively uses Websockets. Is it
only 3.3.2 using websockets ? if that is the case this may be a good lead
since HAProxy does not handle websockets traffic in the same way as it does
for normal http traffic.
Yes, only v. 3.3.2 uses Websockets. (v. 3.3.0 did not use Websockets and
access via HAProxy was seamless.)
Could you please educate us on what configuration changes we need to do for
Websockets traffic (vs. HTTP traffic)?
>>In your first post you said that it is working for 3.3.0 but not 3.3.2,
then maybe this is an application issue. Are you sure 3.3.2 does sent the
JSESSIONID.
Yes. Please see below JSESSIONID in the login page URL loaded, HAProxy logs
and product log. Is there any other way to verify whether the v. 3.3.2 is
publishing JSESSIONID?
Through HAProxy, login page URL loads with a JSESSIONID:
<https://coscend.com/CoscendCC.Test/signin;jsessionid=E916C54BB7A9EA30E3EC90
21AEF4CB79>
https://coscend.com/CoscendCC.Test/signin;jsessionid=E916C54BB7A9EA30E3EC902
1AEF4CB79
HAProxy log has the same JSESSIONID ONLY in the first two lines -- in
server response:
Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60014
[23/Nov/2017:01:29:59.588] webapps-frontend~ subdomain_cc/CoscendCC.Test
0/0/0/10/10 302 343 - JSESSIONID=E916C54BB7A9EA30E3EC9021AEF4CB79
1/1/0/0/0 0/0 {|coscend.com||}
{||0|no-cache||./signin;jsessionid=no-cache|} "GET
/CoscendCC.Test/ HTTP/1.1"
Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60014
[23/Nov/2017:01:29:59.588] webapps-frontend~ subdomain_cc/CoscendCC.Test
0/0/0/10/10 302 343 - JSESSIONID=E916C54BB7A9EA30E3EC9021AEF4CB79
1/1/0/0/0 0/0 {|coscend.com||}
{||0|no-cache||./signin;jsessionid=no-cache|} "GET
/CoscendCC.Test/ HTTP/1.1"
Product log: DEBUG 11-24 15:10:26.951 1341302 145 MainPage
[105-6083-exec-6] - WebSocketBehavior::onConnect [uid:
ded43405-f081-4a04-be0c-b92dd510a94a, session:
6015021798DAE92F2F989D8ED5E0B9DE, key:
<mailto:org.apache.wicket.protocol.ws.api.registry.PageIdKey@0>
org.apache.wicket.protocol.ws.api.registry.PageIdKey@0]
We have also tried the following new configuration, but HAProxy still does
not capture request cookie or response cookie after first two lines. Thank
you.
HAProxy.cfg
--
frontend webapps-frontend
bind
Re: HAProxy 1.7.9 Not Capturing Application Session Cookie
t; stick store-response cookie(JSESSIONID)
>
> stick store-response res.cook(JSESSIONID)
>
> #stick match req.cook(JSESSIONID)
>
> stick store-request req.cook(JSESSIONID)
>
> stick store-request cookie(JSESSIONID)
>
> stick store-request urlp(JSESSIONID)
>
> stick store-request urlp(jsessionid)
>
> acl hdr_location res.hdr(Location) -m found
>
> rspirep ^(Location:)\
> http://bk.coscend.local:6080/CoscendCC.Test/(.*)$
> <http://bk.coscend.local:6080/CoscendCC.Test/%28.*%29$> Location:\
> https://coscend.com/CoscendCC.Test/\2
> <https://coscend.com/CoscendCC.Test/2> if hdr_location
>
>
>
> acl hdr_set_cookie_domain res.hdr(Set-cookie) -m found sub
> Domain=bk.coscend.local
>
> rspirep ^(Set-Cookie:.*)\ Domain=bk.coscend.local(.*) \1\
> Domain=coscend.com\2 if hdr_set_cookie_domain
>
> acl hdr_set_cookie_path_cc_test res.hdr(Set-cookie) -m found sub Path=
>
> rspirep ^(Set-Cookie:.*)\ Path=(.*)$ \1\ Path=/CoscendCC.Test\2 if
> hdr_set_cookie_path_cc_test
>
>
>
> server CoscendCC.Test bk.coscend.local:6080 cookie cc-tt-d check
>
>
>
> Sincerely,
>
>
>
> Hemant K. Sabat
>
>
>
> Coscend Communications Solutions
>
> www.Coscend.com <http://www.coscend.com/>
>
> --
>
> *Real-time, Interactive Video Collaboration, Tele-healthcare,
> Tele-education, Telepresence Services, on the fly…*
>
> --
>
> CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail
> Messages from Coscend Communications Solutions' posted
> at:http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html
>
>
>
>
>
>
>
> *From:*Moemen MHEDHBI [mailto:mmhed...@haproxy.com]
> *Sent:* Thursday, November 23, 2017 10:49 AM
> *To:* haproxy@formilux.org
> *Subject:* Re: HAProxy 1.7.9 Not Capturing Application Session Cookie
>
>
>
> Hi,
>
> Your configuration seems correct to me.
> In your first post you said that it is working for 3.3.0 but not
> 3.3.2, then maybe this is an application issue. Are you sure 3.3.2
> does sent the JSESSIONID.
>
> Also you mentioned the application extensively uses Websockets. Is it
> only 3.3.2 using websockets ? if that is the case this may be a good
> lead since HAProxy does not handle websockets traffic in the same way
> as it does for normal http traffic.
>
> ++
>
> On 23/11/2017 08:43, Coscend@Coscend wrote:
>
> Dear HAProxy Community,
>
>
>
> This is a follow up on a previous post after doing several
> additional configuration changes and tests. We would appreciate
> your insights to resolve the issue we are facing with non-capture
> of application session cookie in HAProxy logs.
>
>
>
> HAProxy 1.7.9 provides SSL termination and reverse proxy to our
> Java-based HTML5 Web application. The application extensively
> uses WebSockets. This application generates a session cookie that
> contains a JSESSIONID for session stickiness and authentication.
> We would like to capture the cookie contained in the request and
> response. With the configuration below, HAProxy fails to capture
> the session cookie as per the logs (see below).
>
>
>
> How could we refine our configuration? Or, is it a known
> limitation in HAProxy regarding application session cookie?
>
>
>
> Login page URL loads via HAProxy with a JSESSIONID:
>
> https://coscend.com/CoscendCC.Test/signin;jsessionid=E916C54BB7A9EA30E3EC9021AEF4CB79
>
>
>
> HAProxy.cfg
>
> --
>
> global
>
> …
>
> defaults
>
> …
>
> frontend webapps-frontend
>
> bind *:80 name http
>
> bind *:443 name https ssl crt "$SSL_CRT_FILE"
>
> option forwardfor
>
> http-request set-header X-Forwarded-Port %[dst_port]
>
> http-request set-header X-Forwarded-Proto https if { ssl_fc
> }
>
> option httplog
>
> log global
>
> option log-separate-errors
>
> …
>
> capture cookie JSESSIONID len 63
>
> capture request header Host len 64
>
> …
>
> capture response header Server len 20
>
> …
>
> acls…
>
> acl host_cos
RE: HAProxy 1.7.9 Not Capturing Application Session Cookie
html
From: Moemen MHEDHBI [mailto:mmhed...@haproxy.com]
Sent: Thursday, November 23, 2017 10:49 AM
To: haproxy@formilux.org
Subject: Re: HAProxy 1.7.9 Not Capturing Application Session Cookie
Hi,
Your configuration seems correct to me.
In your first post you said that it is working for 3.3.0 but not 3.3.2, then
maybe this is an application issue. Are you sure 3.3.2 does sent the
JSESSIONID.
Also you mentioned the application extensively uses Websockets. Is it only
3.3.2 using websockets ? if that is the case this may be a good lead since
HAProxy does not handle websockets traffic in the same way as it does for
normal http traffic.
++
On 23/11/2017 08:43, Coscend@Coscend wrote:
Dear HAProxy Community,
This is a follow up on a previous post after doing several additional
configuration changes and tests. We would appreciate your insights to
resolve the issue we are facing with non-capture of application session
cookie in HAProxy logs.
HAProxy 1.7.9 provides SSL termination and reverse proxy to our Java-based
HTML5 Web application. The application extensively uses WebSockets. This
application generates a session cookie that contains a JSESSIONID for
session stickiness and authentication. We would like to capture the cookie
contained in the request and response. With the configuration below,
HAProxy fails to capture the session cookie as per the logs (see below).
How could we refine our configuration? Or, is it a known limitation in
HAProxy regarding application session cookie?
Login page URL loads via HAProxy with a JSESSIONID:
https://coscend.com/CoscendCC.Test/signin;jsessionid=E916C54BB7A9EA30E3EC902
1AEF4CB79
HAProxy.cfg
--
global
.
defaults
.
frontend webapps-frontend
bind *:80 name http
bind *:443 name https ssl crt "$SSL_CRT_FILE"
optionforwardfor
http-request set-header X-Forwarded-Port %[dst_port]
http-request set-header X-Forwarded-Proto https if { ssl_fc }
optionhttplog
log global
optionlog-separate-errors
.
capture cookie JSESSIONID len 63
capture request header Host len 64
.
capture response header Server len 20
.
acls.
acl host_coscend_httpreq.hdr(Host) coscend.com
acl host_coscend_httpsreq.hdr(Host) coscend.com
.
use_backend subdomain_cc .
backend subdomain_cc
timeout tunnel 3600s
option http-buffer-request
http-request set-header Host bk.coscend.local:6080
http-request set-header Origin "bk.coscend.local:6080"
stick-table type string len 63 size 20M expire 360m
stick store-response res.cook(JSESSIONID)
stick match req.cook(JSESSIONID)
#stick store-request req.cook(JSESSIONID)
acl hdr_location res.hdr(Location) -m found
rspirep ^(Location:)\ http://bk.coscend.local:6080/CoscendCC.Test/(.*)$
Location:\ https://coscend.com/CoscendCC.Test/\2
<https://coscend.com/CoscendCC.Test/2> if hdr_location
acl hdr_set_cookie_domain res.hdr(Set-cookie) -m found sub
Domain=bk.coscend.local
rspirep ^(Set-Cookie:.*)\ Domain=bk.coscend.local(.*) \1\
Domain=coscend.com\2 if hdr_set_cookie_domain
acl hdr_set_cookie_path_cc_test res.hdr(Set-cookie) -m found sub Path=
rspirep ^(Set-Cookie:.*)\ Path=(.*)$ \1\ Path=/CoscendCC.Test\2 if
hdr_set_cookie_path_cc_test
server CoscendCC.Test bk.coscend.local:6080 cookie cc-tt-d check
LOG
--
Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60014
[23/Nov/2017:01:29:59.574] webapps-frontend~ subdomain_cc/CoscendCC.Test
0/0/0/7/7 302 139 - - 1/1/0/0/0 0/0 {|coscend.com||}
{|/CoscendCC.Test|chunked} "GET /CoscendCC.Test HTTP/1.1"
Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60014
[23/Nov/2017:01:29:59.574] webapps-frontend~ subdomain_cc/CoscendCC.Test
0/0/0/7/7 302 139 - - 1/1/0/0/0 0/0 {|coscend.com||}
{|/CoscendCC.Test|chunked} "GET /CoscendCC.Test HTTP/1.1"
Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60014
[23/Nov/2017:01:29:59.588] webapps-frontend~ subdomain_cc/CoscendCC.Test
0/0/0/10/10 302 343 - JSESSIONID=E916C54BB7A9EA30E3EC9021AEF4CB79
1/1/0/0/0 0/0 {|coscend.com||}
{||0|no-cache||./signin;jsessionid=no-cache|} "GET
/CoscendCC.Test/ HTTP/1.1"
Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60014
[23/Nov/2017:01:29:59.588] webapps-frontend~ subdomain_cc/CoscendCC.Test
0/0/0/10/10 302 343 - JSESSIONID=E916C54BB7A9EA30E3EC9021AEF4CB79
1/1/0/0/0 0/0 {|coscend.com||}
{||0|no-cache||./signin;jsessionid=no-cache|} "GET
/CoscendCC.Test/ HTTP/1.1"
Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60014
[23/Nov/2017:01:29:59.606] webapps-fr
Re: HAProxy 1.7.9 Not Capturing Application Session Cookie
Hi,
Your configuration seems correct to me.
In your first post you said that it is working for 3.3.0 but not 3.3.2,
then maybe this is an application issue. Are you sure 3.3.2 does sent
the JSESSIONID.
Also you mentioned the application extensively uses Websockets. Is it
only 3.3.2 using websockets ? if that is the case this may be a good
lead since HAProxy does not handle websockets traffic in the same way as
it does for normal http traffic.
++
On 23/11/2017 08:43, Coscend@Coscend wrote:
>
> Dear HAProxy Community,
>
>
>
> This is a follow up on a previous post after doing several additional
> configuration changes and tests. We would appreciate your insights to
> resolve the issue we are facing with non-capture of application
> session cookie in HAProxy logs.
>
>
>
> HAProxy 1.7.9 provides SSL termination and reverse proxy to our
> Java-based HTML5 Web application. The application extensively uses
> WebSockets. This application generates a session cookie that contains
> a JSESSIONID for session stickiness and authentication. We would like
> to capture the cookie contained in the request and response. With the
> configuration below, HAProxy fails to capture the session cookie as
> per the logs (see below).
>
>
>
> How could we refine our configuration? Or, is it a known limitation
> in HAProxy regarding application session cookie?
>
>
>
> Login page URL loads via HAProxy with a JSESSIONID:
> https://coscend.com/CoscendCC.Test/signin;jsessionid=E916C54BB7A9EA30E3EC9021AEF4CB79
>
>
>
> HAProxy.cfg
>
> --
>
> global
>
> …
>
> defaults
>
> …
>
> frontend webapps-frontend
>
> bind *:80 name http
>
> bind *:443 name https ssl crt "$SSL_CRT_FILE"
>
> option forwardfor
>
> http-request set-header X-Forwarded-Port %[dst_port]
>
> http-request set-header X-Forwarded-Proto https if { ssl_fc }
>
> option httplog
>
> log global
>
> option log-separate-errors
>
> …
>
> capture cookie JSESSIONID len 63
>
> capture request header Host len 64
>
> …
>
> capture response header Server len 20
>
> …
>
> acls…
>
> acl host_coscend_http req.hdr(Host) coscend.com
>
> acl host_coscend_https req.hdr(Host) coscend.com
>
> …
>
> use_backend subdomain_cc …
>
>
>
> backend subdomain_cc
>
> timeout tunnel
> 3600s
>
>
>
> option
> http-buffer-request
>
>
>
> http-request set-header Host bk.coscend.local:6080
>
> http-request set-header Origin "bk.coscend.local:6080"
>
>
> stick-table type string len 63 size 20M expire 360m
>
> stick store-response res.cook(JSESSIONID)
>
> stick match req.cook(JSESSIONID)
>
> #stick store-request req.cook(JSESSIONID)
>
> acl hdr_location res.hdr(Location) -m found
>
> rspirep ^(Location:)\
> http://bk.coscend.local:6080/CoscendCC.Test/(.*)$ Location:\
> https://coscend.com/CoscendCC.Test/\2 if hdr_location
>
>
>
> acl hdr_set_cookie_domain res.hdr(Set-cookie) -m found sub
> Domain=bk.coscend.local
>
> rspirep ^(Set-Cookie:.*)\ Domain=bk.coscend.local(.*) \1\
> Domain=coscend.com\2 if hdr_set_cookie_domain
>
> acl hdr_set_cookie_path_cc_test res.hdr(Set-cookie) -m found sub Path=
>
> rspirep ^(Set-Cookie:.*)\ Path=(.*)$ \1\ Path=/CoscendCC.Test\2 if
> hdr_set_cookie_path_cc_test
>
>
>
> server CoscendCC.Test bk.coscend.local:6080 cookie cc-tt-d check
>
>
>
> LOG
>
> --
>
> Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60014
> [23/Nov/2017:01:29:59.574] webapps-frontend~
> subdomain_cc/CoscendCC.Test 0/0/0/7/7 302 139 - - 1/1/0/0/0 0/0
> {|coscend.com||} {|/CoscendCC.Test|chunked} "GET
> /CoscendCC.Test HTTP/1.1"
>
> Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60014
> [23/Nov/2017:01:29:59.574] webapps-frontend~
> subdomain_cc/CoscendCC.Test 0/0/0/7/7 302 139 - - 1/1/0/0/0 0/0
> {|coscend.com||} {|/CoscendCC.Test|chunked} "GET
> /CoscendCC.Test HTTP/1.1"
>
> Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60014
> [23/Nov/2017:01:29:59.588] webapps-frontend~
> subdomain_cc/CoscendCC.Test 0/0/0/10/10 302 343 -
> JSESSIONID=E916C54BB7A9EA30E3EC9021AEF4CB79 1/1/0/0/0 0/0
> {|coscend.com||}
> {||0|no-cache||./signin;jsessionid=no-cache|} "GET
> /CoscendCC.Test/ HTTP/1.1"
>
> Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60014
> [23/Nov/2017:01:29:59.588] webapps-frontend~
> subdomain_cc/CoscendCC.Test 0/0/0/10/10 302 343 -
> JSESSIONID=E916C54BB7A9EA30E3EC9021AEF4CB79 1/1/0/0/0 0/0
> {|coscend.com||}
>
RE: HAProxy 1.7.9 Not Capturing Application Session Cookie
Dear HAProxy Community,
This is a follow up on a previous post after doing several additional
configuration changes and tests. We would appreciate your insights to
resolve the issue we are facing with non-capture of application session
cookie in HAProxy logs.
HAProxy 1.7.9 provides SSL termination and reverse proxy to our Java-based
HTML5 Web application. The application extensively uses WebSockets. This
application generates a session cookie that contains a JSESSIONID for
session stickiness and authentication. We would like to capture the cookie
contained in the request and response. With the configuration below,
HAProxy fails to capture the session cookie as per the logs (see below).
How could we refine our configuration? Or, is it a known limitation in
HAProxy regarding application session cookie?
Login page URL loads via HAProxy with a JSESSIONID:
https://coscend.com/CoscendCC.Test/signin;jsessionid=E916C54BB7A9EA30E3EC902
1AEF4CB79
HAProxy.cfg
--
global
.
defaults
.
frontend webapps-frontend
bind *:80 name http
bind *:443 name https ssl crt "$SSL_CRT_FILE"
optionforwardfor
http-request set-header X-Forwarded-Port %[dst_port]
http-request set-header X-Forwarded-Proto https if { ssl_fc }
optionhttplog
log global
optionlog-separate-errors
.
capture cookie JSESSIONID len 63
capture request header Host len 64
.
capture response header Server len 20
.
acls.
acl host_coscend_httpreq.hdr(Host) coscend.com
acl host_coscend_httpsreq.hdr(Host) coscend.com
.
use_backend subdomain_cc .
backend subdomain_cc
timeout tunnel 3600s
option http-buffer-request
http-request set-header Host bk.coscend.local:6080
http-request set-header Origin "bk.coscend.local:6080"
stick-table type string len 63 size 20M expire 360m
stick store-response res.cook(JSESSIONID)
stick match req.cook(JSESSIONID)
#stick store-request req.cook(JSESSIONID)
acl hdr_location res.hdr(Location) -m found
rspirep ^(Location:)\ http://bk.coscend.local:6080/CoscendCC.Test/(.*)$
Location:\ https://coscend.com/CoscendCC.Test/\2 if hdr_location
acl hdr_set_cookie_domain res.hdr(Set-cookie) -m found sub
Domain=bk.coscend.local
rspirep ^(Set-Cookie:.*)\ Domain=bk.coscend.local(.*) \1\
Domain=coscend.com\2 if hdr_set_cookie_domain
acl hdr_set_cookie_path_cc_test res.hdr(Set-cookie) -m found sub Path=
rspirep ^(Set-Cookie:.*)\ Path=(.*)$ \1\ Path=/CoscendCC.Test\2 if
hdr_set_cookie_path_cc_test
server CoscendCC.Test bk.coscend.local:6080 cookie cc-tt-d check
LOG
--
Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60014
[23/Nov/2017:01:29:59.574] webapps-frontend~ subdomain_cc/CoscendCC.Test
0/0/0/7/7 302 139 - - 1/1/0/0/0 0/0 {|coscend.com||}
{|/CoscendCC.Test|chunked} "GET /CoscendCC.Test HTTP/1.1"
Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60014
[23/Nov/2017:01:29:59.574] webapps-frontend~ subdomain_cc/CoscendCC.Test
0/0/0/7/7 302 139 - - 1/1/0/0/0 0/0 {|coscend.com||}
{|/CoscendCC.Test|chunked} "GET /CoscendCC.Test HTTP/1.1"
Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60014
[23/Nov/2017:01:29:59.588] webapps-frontend~ subdomain_cc/CoscendCC.Test
0/0/0/10/10 302 343 - JSESSIONID=E916C54BB7A9EA30E3EC9021AEF4CB79
1/1/0/0/0 0/0 {|coscend.com||}
{||0|no-cache||./signin;jsessionid=no-cache|} "GET
/CoscendCC.Test/ HTTP/1.1"
Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60014
[23/Nov/2017:01:29:59.588] webapps-frontend~ subdomain_cc/CoscendCC.Test
0/0/0/10/10 302 343 - JSESSIONID=E916C54BB7A9EA30E3EC9021AEF4CB79
1/1/0/0/0 0/0 {|coscend.com||}
{||0|no-cache||./signin;jsessionid=no-cache|} "GET
/CoscendCC.Test/ HTTP/1.1"
Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60014
[23/Nov/2017:01:29:59.606] webapps-frontend~ subdomain_cc/CoscendCC.Test
0/0/0/102/103 200 17936 - - 1/1/0/0/0 0/0 {|coscend.com||}
{|||no-cache||no-cache|chunked} "GET
/CoscendCC.Test/signin;jsessionid=E916C54BB7A9EA30E3EC9021AEF4CB79 HTTP/1.1"
Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60014
[23/Nov/2017:01:29:59.606] webapps-frontend~ subdomain_cc/CoscendCC.Test
0/0/0/102/103 200 17936 - - 1/1/0/0/0 0/0 {|coscend.com||}
{|||no-cache||no-cache|chunked} "GET
/CoscendCC.Test/signin;jsessionid=E916C54BB7A9EA30E3EC9021AEF4CB79 HTTP/1.1"
Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60019
[23/Nov/2017:01:29:59.768] webapps-frontend~ subdomain_cc/CoscendCC.Test
0/0/0/6/7 200 37037 - - 6/6/5/5/0 0/0
{|coscend.com||https://coscend.com/Co} {||36754|private|||} "GET
