Re: HAProxy 1.7.9 Not Capturing Application Session Cookie
Hi Hermant, On 27/11/2017 20:31, Coscend@HAProxy wrote: > > Hello Moemen, > > > > Thank you and very thoughtful of you to educate us on how HAProxy > handles Websockets and logs cookies. Guidance such as these have > helped us grow from a rank startup to offer SLA-based healthcare > services to disadvantaged remote areas (where there are no > hospitals/clinics) through our Web-based products. These patients > indirectly benefit from your guidance, besides us who benefit directly. > > > > > It is great to know that HAProxy is contributing to such projects :) > Without the cookie in the request of the login page, our users are > unable to login into the product. Going by your guidance, it would be > advisable to insert the JSESSIONID received in server response back > into the client request. This will help our product server > authenticate users to login. Are we on the right path? > If a server is inserting a cookie when replying to HAProxy, then HAProxy should send that cookie when replying to the client (unless you are asking explicitly HAProxy to remove the cookie). So I am almost sure that if there is no cookie logged then that is because there is actually no cookies sent (via set-cookie). > https://www.haproxy.com/documentation/aloha/8-5/haproxy/traffic-capture/ > àInsert a cookie if none presented by the client > > > > If we need to course correct, please advise alternatives. > > > > As advised, we are using for Websockets > > backend subdomain_cc > > timeout tunnel 3600s > I am not sure this is going to help as you don't just need to insert a cookie but you need to have a cookie with the right value to make this work. (Unless I am mistaken about how your app works) I think we are being confused by the whole Websocket thing while it **shouldn't be** the case. Sorry for the confusion but Websocket is probably not the problem here. So I am going to get back to some of your previous questions in order to make this clearer. > > > > > > *From:*Moemen MHEDHBI [mailto:mmhed...@haproxy.com] > *Sent:* Monday, November 27, 2017 1:15 PM > *To:* haproxy@formilux.org > *Subject:* Re: HAProxy 1.7.9 Not Capturing Application Session Cookie > > > > Hi Hemant, > > When using websocket, HAProxy will switch to tunnel mode whenever it > detects the Connection: Upgrade header. > > Tunnel mode means that only the first request and response are > processed and logged and everything else will be forwarded with no > analysis, I think this is what happens with your 3.3.2 version. > Normally you will only be able to see the cookie in the log if it is > present in the request initiating the websocket connection. > > On the other hand, with your 3.3.0 version, HAProxy works in the > default keep-alive-mode where every request is processed and logged. > > ++ > > > > On 24/11/2017 23:30, Coscend@Coscend wrote: > > Hello Moemen, > > > > Thank you for your encouraging insights. Below is the information > you asked. > > > > >>Also you mentioned the application extensively uses Websockets. Is it > only 3.3.2 using websockets ? if that is the case this may be a > good lead since HAProxy does not handle websockets traffic in the > same way as it does for normal http traffic. > > > > Yes, only v. 3.3.2 uses Websockets. (v. 3.3.0 did not use > Websockets and access via HAProxy was seamless.) > > > > Could you please educate us on what configuration changes we need > to do for Websockets traffic (vs. HTTP traffic)? > Basically, There is nothing really that have to be changed in your HAProxy configuration with your 3.3.2 version, as long as you are sending the cookie in the same way (cookie header). Your new app will be talking HTTP (and that is where cookies and headers can be processed) then when switching to websocket we don't have to talk any more about the JSESSIONID or anything else related to HTTP. > > > >>In your first post you said that it is working for 3.3.0 but not > 3.3.2, then maybe this is an application issue. Are you sure 3.3.2 > does sent the JSESSIONID. > > > > Yes. Please see below JSESSIONID in the login page URL loaded, > HAProxy logs and product log. Is there any other way to verify > whether the v. 3.3.2 is publishing JSESSIONID? > I think this is the most important part, you need to know when the JSESSIONID cookie is being sent and if it is the case then you should be able to see that in HAProxy logs. > > > > Through HAProxy, login page URL loads with a JSESSIONID: > > https://coscend.com/CoscendCC.
RE: HAProxy 1.7.9 Not Capturing Application Session Cookie
Hello Moemen, Thank you and very thoughtful of you to educate us on how HAProxy handles Websockets and logs cookies. Guidance such as these have helped us grow from a rank startup to offer SLA-based healthcare services to disadvantaged remote areas (where there are no hospitals/clinics) through our Web-based products. These patients indirectly benefit from your guidance, besides us who benefit directly. Without the cookie in the request of the login page, our users are unable to login into the product. Going by your guidance, it would be advisable to insert the JSESSIONID received in server response back into the client request. This will help our product server authenticate users to login. Are we on the right path? https://www.haproxy.com/documentation/aloha/8-5/haproxy/traffic-capture/ à Insert a cookie if none presented by the client If we need to course correct, please advise alternatives. As advised, we are using for Websockets backend subdomain_cc timeout tunnel 3600s Thank you. Sincerely, Hemant K. Sabat Coscend Communications Solutions <http://www.coscend.com/> www.Coscend.com -- Real-time, Interactive Video Collaboration, Tele-healthcare, Tele-education, Telepresence Services, on the fly -- CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail Messages from Coscend Communications Solutions' posted at: <http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html> http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html From: Moemen MHEDHBI [mailto:mmhed...@haproxy.com] Sent: Monday, November 27, 2017 1:15 PM To: haproxy@formilux.org Subject: Re: HAProxy 1.7.9 Not Capturing Application Session Cookie Hi Hemant, When using websocket, HAProxy will switch to tunnel mode whenever it detects the Connection: Upgrade header. Tunnel mode means that only the first request and response are processed and logged and everything else will be forwarded with no analysis, I think this is what happens with your 3.3.2 version. Normally you will only be able to see the cookie in the log if it is present in the request initiating the websocket connection. On the other hand, with your 3.3.0 version, HAProxy works in the default keep-alive-mode where every request is processed and logged. ++ On 24/11/2017 23:30, Coscend@Coscend wrote: Hello Moemen, Thank you for your encouraging insights. Below is the information you asked. >>Also you mentioned the application extensively uses Websockets. Is it only 3.3.2 using websockets ? if that is the case this may be a good lead since HAProxy does not handle websockets traffic in the same way as it does for normal http traffic. Yes, only v. 3.3.2 uses Websockets. (v. 3.3.0 did not use Websockets and access via HAProxy was seamless.) Could you please educate us on what configuration changes we need to do for Websockets traffic (vs. HTTP traffic)? >>In your first post you said that it is working for 3.3.0 but not 3.3.2, then maybe this is an application issue. Are you sure 3.3.2 does sent the JSESSIONID. Yes. Please see below JSESSIONID in the login page URL loaded, HAProxy logs and product log. Is there any other way to verify whether the v. 3.3.2 is publishing JSESSIONID? Through HAProxy, login page URL loads with a JSESSIONID: <https://coscend.com/CoscendCC.Test/signin;jsessionid=E916C54BB7A9EA30E3EC90 21AEF4CB79> https://coscend.com/CoscendCC.Test/signin;jsessionid=E916C54BB7A9EA30E3EC902 1AEF4CB79 HAProxy log has the same JSESSIONID ONLY in the first two lines -- in server response: Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60014 [23/Nov/2017:01:29:59.588] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/0/10/10 302 343 - JSESSIONID=E916C54BB7A9EA30E3EC9021AEF4CB79 1/1/0/0/0 0/0 {|coscend.com||} {||0|no-cache||./signin;jsessionid=no-cache|} "GET /CoscendCC.Test/ HTTP/1.1" Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60014 [23/Nov/2017:01:29:59.588] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/0/10/10 302 343 - JSESSIONID=E916C54BB7A9EA30E3EC9021AEF4CB79 1/1/0/0/0 0/0 {|coscend.com||} {||0|no-cache||./signin;jsessionid=no-cache|} "GET /CoscendCC.Test/ HTTP/1.1" Product log: DEBUG 11-24 15:10:26.951 1341302 145 MainPage [105-6083-exec-6] - WebSocketBehavior::onConnect [uid: ded43405-f081-4a04-be0c-b92dd510a94a, session: 6015021798DAE92F2F989D8ED5E0B9DE, key: <mailto:org.apache.wicket.protocol.ws.api.registry.PageIdKey@0> org.apache.wicket.protocol.ws.api.registry.PageIdKey@0] We have also tried the following new configuration, but HAProxy still does not capture request cookie or response cookie after first two lines. Thank you. HAProxy.cfg -- frontend webapps-frontend bind
Re: HAProxy 1.7.9 Not Capturing Application Session Cookie
t; stick store-response cookie(JSESSIONID) > > stick store-response res.cook(JSESSIONID) > > #stick match req.cook(JSESSIONID) > > stick store-request req.cook(JSESSIONID) > > stick store-request cookie(JSESSIONID) > > stick store-request urlp(JSESSIONID) > > stick store-request urlp(jsessionid) > > acl hdr_location res.hdr(Location) -m found > > rspirep ^(Location:)\ > http://bk.coscend.local:6080/CoscendCC.Test/(.*)$ > <http://bk.coscend.local:6080/CoscendCC.Test/%28.*%29$> Location:\ > https://coscend.com/CoscendCC.Test/\2 > <https://coscend.com/CoscendCC.Test/2> if hdr_location > > > > acl hdr_set_cookie_domain res.hdr(Set-cookie) -m found sub > Domain=bk.coscend.local > > rspirep ^(Set-Cookie:.*)\ Domain=bk.coscend.local(.*) \1\ > Domain=coscend.com\2 if hdr_set_cookie_domain > > acl hdr_set_cookie_path_cc_test res.hdr(Set-cookie) -m found sub Path= > > rspirep ^(Set-Cookie:.*)\ Path=(.*)$ \1\ Path=/CoscendCC.Test\2 if > hdr_set_cookie_path_cc_test > > > > server CoscendCC.Test bk.coscend.local:6080 cookie cc-tt-d check > > > > Sincerely, > > > > Hemant K. Sabat > > > > Coscend Communications Solutions > > www.Coscend.com <http://www.coscend.com/> > > -- > > *Real-time, Interactive Video Collaboration, Tele-healthcare, > Tele-education, Telepresence Services, on the fly…* > > -- > > CONFIDENTIALITY NOTICE: See 'Confidentiality Notice Regarding E-mail > Messages from Coscend Communications Solutions' posted > at:http://www.Coscend.com/Anchor/Common/Terms_and_Conditions.html > > > > > > > > *From:*Moemen MHEDHBI [mailto:mmhed...@haproxy.com] > *Sent:* Thursday, November 23, 2017 10:49 AM > *To:* haproxy@formilux.org > *Subject:* Re: HAProxy 1.7.9 Not Capturing Application Session Cookie > > > > Hi, > > Your configuration seems correct to me. > In your first post you said that it is working for 3.3.0 but not > 3.3.2, then maybe this is an application issue. Are you sure 3.3.2 > does sent the JSESSIONID. > > Also you mentioned the application extensively uses Websockets. Is it > only 3.3.2 using websockets ? if that is the case this may be a good > lead since HAProxy does not handle websockets traffic in the same way > as it does for normal http traffic. > > ++ > > On 23/11/2017 08:43, Coscend@Coscend wrote: > > Dear HAProxy Community, > > > > This is a follow up on a previous post after doing several > additional configuration changes and tests. We would appreciate > your insights to resolve the issue we are facing with non-capture > of application session cookie in HAProxy logs. > > > > HAProxy 1.7.9 provides SSL termination and reverse proxy to our > Java-based HTML5 Web application. The application extensively > uses WebSockets. This application generates a session cookie that > contains a JSESSIONID for session stickiness and authentication. > We would like to capture the cookie contained in the request and > response. With the configuration below, HAProxy fails to capture > the session cookie as per the logs (see below). > > > > How could we refine our configuration? Or, is it a known > limitation in HAProxy regarding application session cookie? > > > > Login page URL loads via HAProxy with a JSESSIONID: > > https://coscend.com/CoscendCC.Test/signin;jsessionid=E916C54BB7A9EA30E3EC9021AEF4CB79 > > > > HAProxy.cfg > > -- > > global > > … > > defaults > > … > > frontend webapps-frontend > > bind *:80 name http > > bind *:443 name https ssl crt "$SSL_CRT_FILE" > > option forwardfor > > http-request set-header X-Forwarded-Port %[dst_port] > > http-request set-header X-Forwarded-Proto https if { ssl_fc > } > > option httplog > > log global > > option log-separate-errors > > … > > capture cookie JSESSIONID len 63 > > capture request header Host len 64 > > … > > capture response header Server len 20 > > … > > acls… > > acl host_cos
RE: HAProxy 1.7.9 Not Capturing Application Session Cookie
html From: Moemen MHEDHBI [mailto:mmhed...@haproxy.com] Sent: Thursday, November 23, 2017 10:49 AM To: haproxy@formilux.org Subject: Re: HAProxy 1.7.9 Not Capturing Application Session Cookie Hi, Your configuration seems correct to me. In your first post you said that it is working for 3.3.0 but not 3.3.2, then maybe this is an application issue. Are you sure 3.3.2 does sent the JSESSIONID. Also you mentioned the application extensively uses Websockets. Is it only 3.3.2 using websockets ? if that is the case this may be a good lead since HAProxy does not handle websockets traffic in the same way as it does for normal http traffic. ++ On 23/11/2017 08:43, Coscend@Coscend wrote: Dear HAProxy Community, This is a follow up on a previous post after doing several additional configuration changes and tests. We would appreciate your insights to resolve the issue we are facing with non-capture of application session cookie in HAProxy logs. HAProxy 1.7.9 provides SSL termination and reverse proxy to our Java-based HTML5 Web application. The application extensively uses WebSockets. This application generates a session cookie that contains a JSESSIONID for session stickiness and authentication. We would like to capture the cookie contained in the request and response. With the configuration below, HAProxy fails to capture the session cookie as per the logs (see below). How could we refine our configuration? Or, is it a known limitation in HAProxy regarding application session cookie? Login page URL loads via HAProxy with a JSESSIONID: https://coscend.com/CoscendCC.Test/signin;jsessionid=E916C54BB7A9EA30E3EC902 1AEF4CB79 HAProxy.cfg -- global . defaults . frontend webapps-frontend bind *:80 name http bind *:443 name https ssl crt "$SSL_CRT_FILE" optionforwardfor http-request set-header X-Forwarded-Port %[dst_port] http-request set-header X-Forwarded-Proto https if { ssl_fc } optionhttplog log global optionlog-separate-errors . capture cookie JSESSIONID len 63 capture request header Host len 64 . capture response header Server len 20 . acls. acl host_coscend_httpreq.hdr(Host) coscend.com acl host_coscend_httpsreq.hdr(Host) coscend.com . use_backend subdomain_cc . backend subdomain_cc timeout tunnel 3600s option http-buffer-request http-request set-header Host bk.coscend.local:6080 http-request set-header Origin "bk.coscend.local:6080" stick-table type string len 63 size 20M expire 360m stick store-response res.cook(JSESSIONID) stick match req.cook(JSESSIONID) #stick store-request req.cook(JSESSIONID) acl hdr_location res.hdr(Location) -m found rspirep ^(Location:)\ http://bk.coscend.local:6080/CoscendCC.Test/(.*)$ Location:\ https://coscend.com/CoscendCC.Test/\2 <https://coscend.com/CoscendCC.Test/2> if hdr_location acl hdr_set_cookie_domain res.hdr(Set-cookie) -m found sub Domain=bk.coscend.local rspirep ^(Set-Cookie:.*)\ Domain=bk.coscend.local(.*) \1\ Domain=coscend.com\2 if hdr_set_cookie_domain acl hdr_set_cookie_path_cc_test res.hdr(Set-cookie) -m found sub Path= rspirep ^(Set-Cookie:.*)\ Path=(.*)$ \1\ Path=/CoscendCC.Test\2 if hdr_set_cookie_path_cc_test server CoscendCC.Test bk.coscend.local:6080 cookie cc-tt-d check LOG -- Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60014 [23/Nov/2017:01:29:59.574] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/0/7/7 302 139 - - 1/1/0/0/0 0/0 {|coscend.com||} {|/CoscendCC.Test|chunked} "GET /CoscendCC.Test HTTP/1.1" Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60014 [23/Nov/2017:01:29:59.574] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/0/7/7 302 139 - - 1/1/0/0/0 0/0 {|coscend.com||} {|/CoscendCC.Test|chunked} "GET /CoscendCC.Test HTTP/1.1" Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60014 [23/Nov/2017:01:29:59.588] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/0/10/10 302 343 - JSESSIONID=E916C54BB7A9EA30E3EC9021AEF4CB79 1/1/0/0/0 0/0 {|coscend.com||} {||0|no-cache||./signin;jsessionid=no-cache|} "GET /CoscendCC.Test/ HTTP/1.1" Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60014 [23/Nov/2017:01:29:59.588] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/0/10/10 302 343 - JSESSIONID=E916C54BB7A9EA30E3EC9021AEF4CB79 1/1/0/0/0 0/0 {|coscend.com||} {||0|no-cache||./signin;jsessionid=no-cache|} "GET /CoscendCC.Test/ HTTP/1.1" Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60014 [23/Nov/2017:01:29:59.606] webapps-fr
Re: HAProxy 1.7.9 Not Capturing Application Session Cookie
Hi, Your configuration seems correct to me. In your first post you said that it is working for 3.3.0 but not 3.3.2, then maybe this is an application issue. Are you sure 3.3.2 does sent the JSESSIONID. Also you mentioned the application extensively uses Websockets. Is it only 3.3.2 using websockets ? if that is the case this may be a good lead since HAProxy does not handle websockets traffic in the same way as it does for normal http traffic. ++ On 23/11/2017 08:43, Coscend@Coscend wrote: > > Dear HAProxy Community, > > > > This is a follow up on a previous post after doing several additional > configuration changes and tests. We would appreciate your insights to > resolve the issue we are facing with non-capture of application > session cookie in HAProxy logs. > > > > HAProxy 1.7.9 provides SSL termination and reverse proxy to our > Java-based HTML5 Web application. The application extensively uses > WebSockets. This application generates a session cookie that contains > a JSESSIONID for session stickiness and authentication. We would like > to capture the cookie contained in the request and response. With the > configuration below, HAProxy fails to capture the session cookie as > per the logs (see below). > > > > How could we refine our configuration? Or, is it a known limitation > in HAProxy regarding application session cookie? > > > > Login page URL loads via HAProxy with a JSESSIONID: > https://coscend.com/CoscendCC.Test/signin;jsessionid=E916C54BB7A9EA30E3EC9021AEF4CB79 > > > > HAProxy.cfg > > -- > > global > > … > > defaults > > … > > frontend webapps-frontend > > bind *:80 name http > > bind *:443 name https ssl crt "$SSL_CRT_FILE" > > option forwardfor > > http-request set-header X-Forwarded-Port %[dst_port] > > http-request set-header X-Forwarded-Proto https if { ssl_fc } > > option httplog > > log global > > option log-separate-errors > > … > > capture cookie JSESSIONID len 63 > > capture request header Host len 64 > > … > > capture response header Server len 20 > > … > > acls… > > acl host_coscend_http req.hdr(Host) coscend.com > > acl host_coscend_https req.hdr(Host) coscend.com > > … > > use_backend subdomain_cc … > > > > backend subdomain_cc > > timeout tunnel > 3600s > > > > option > http-buffer-request > > > > http-request set-header Host bk.coscend.local:6080 > > http-request set-header Origin "bk.coscend.local:6080" > > > stick-table type string len 63 size 20M expire 360m > > stick store-response res.cook(JSESSIONID) > > stick match req.cook(JSESSIONID) > > #stick store-request req.cook(JSESSIONID) > > acl hdr_location res.hdr(Location) -m found > > rspirep ^(Location:)\ > http://bk.coscend.local:6080/CoscendCC.Test/(.*)$ Location:\ > https://coscend.com/CoscendCC.Test/\2 if hdr_location > > > > acl hdr_set_cookie_domain res.hdr(Set-cookie) -m found sub > Domain=bk.coscend.local > > rspirep ^(Set-Cookie:.*)\ Domain=bk.coscend.local(.*) \1\ > Domain=coscend.com\2 if hdr_set_cookie_domain > > acl hdr_set_cookie_path_cc_test res.hdr(Set-cookie) -m found sub Path= > > rspirep ^(Set-Cookie:.*)\ Path=(.*)$ \1\ Path=/CoscendCC.Test\2 if > hdr_set_cookie_path_cc_test > > > > server CoscendCC.Test bk.coscend.local:6080 cookie cc-tt-d check > > > > LOG > > -- > > Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60014 > [23/Nov/2017:01:29:59.574] webapps-frontend~ > subdomain_cc/CoscendCC.Test 0/0/0/7/7 302 139 - - 1/1/0/0/0 0/0 > {|coscend.com||} {|/CoscendCC.Test|chunked} "GET > /CoscendCC.Test HTTP/1.1" > > Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60014 > [23/Nov/2017:01:29:59.574] webapps-frontend~ > subdomain_cc/CoscendCC.Test 0/0/0/7/7 302 139 - - 1/1/0/0/0 0/0 > {|coscend.com||} {|/CoscendCC.Test|chunked} "GET > /CoscendCC.Test HTTP/1.1" > > Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60014 > [23/Nov/2017:01:29:59.588] webapps-frontend~ > subdomain_cc/CoscendCC.Test 0/0/0/10/10 302 343 - > JSESSIONID=E916C54BB7A9EA30E3EC9021AEF4CB79 1/1/0/0/0 0/0 > {|coscend.com||} > {||0|no-cache||./signin;jsessionid=no-cache|} "GET > /CoscendCC.Test/ HTTP/1.1" > > Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60014 > [23/Nov/2017:01:29:59.588] webapps-frontend~ > subdomain_cc/CoscendCC.Test 0/0/0/10/10 302 343 - > JSESSIONID=E916C54BB7A9EA30E3EC9021AEF4CB79 1/1/0/0/0 0/0 > {|coscend.com||} >
RE: HAProxy 1.7.9 Not Capturing Application Session Cookie
Dear HAProxy Community, This is a follow up on a previous post after doing several additional configuration changes and tests. We would appreciate your insights to resolve the issue we are facing with non-capture of application session cookie in HAProxy logs. HAProxy 1.7.9 provides SSL termination and reverse proxy to our Java-based HTML5 Web application. The application extensively uses WebSockets. This application generates a session cookie that contains a JSESSIONID for session stickiness and authentication. We would like to capture the cookie contained in the request and response. With the configuration below, HAProxy fails to capture the session cookie as per the logs (see below). How could we refine our configuration? Or, is it a known limitation in HAProxy regarding application session cookie? Login page URL loads via HAProxy with a JSESSIONID: https://coscend.com/CoscendCC.Test/signin;jsessionid=E916C54BB7A9EA30E3EC902 1AEF4CB79 HAProxy.cfg -- global . defaults . frontend webapps-frontend bind *:80 name http bind *:443 name https ssl crt "$SSL_CRT_FILE" optionforwardfor http-request set-header X-Forwarded-Port %[dst_port] http-request set-header X-Forwarded-Proto https if { ssl_fc } optionhttplog log global optionlog-separate-errors . capture cookie JSESSIONID len 63 capture request header Host len 64 . capture response header Server len 20 . acls. acl host_coscend_httpreq.hdr(Host) coscend.com acl host_coscend_httpsreq.hdr(Host) coscend.com . use_backend subdomain_cc . backend subdomain_cc timeout tunnel 3600s option http-buffer-request http-request set-header Host bk.coscend.local:6080 http-request set-header Origin "bk.coscend.local:6080" stick-table type string len 63 size 20M expire 360m stick store-response res.cook(JSESSIONID) stick match req.cook(JSESSIONID) #stick store-request req.cook(JSESSIONID) acl hdr_location res.hdr(Location) -m found rspirep ^(Location:)\ http://bk.coscend.local:6080/CoscendCC.Test/(.*)$ Location:\ https://coscend.com/CoscendCC.Test/\2 if hdr_location acl hdr_set_cookie_domain res.hdr(Set-cookie) -m found sub Domain=bk.coscend.local rspirep ^(Set-Cookie:.*)\ Domain=bk.coscend.local(.*) \1\ Domain=coscend.com\2 if hdr_set_cookie_domain acl hdr_set_cookie_path_cc_test res.hdr(Set-cookie) -m found sub Path= rspirep ^(Set-Cookie:.*)\ Path=(.*)$ \1\ Path=/CoscendCC.Test\2 if hdr_set_cookie_path_cc_test server CoscendCC.Test bk.coscend.local:6080 cookie cc-tt-d check LOG -- Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60014 [23/Nov/2017:01:29:59.574] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/0/7/7 302 139 - - 1/1/0/0/0 0/0 {|coscend.com||} {|/CoscendCC.Test|chunked} "GET /CoscendCC.Test HTTP/1.1" Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60014 [23/Nov/2017:01:29:59.574] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/0/7/7 302 139 - - 1/1/0/0/0 0/0 {|coscend.com||} {|/CoscendCC.Test|chunked} "GET /CoscendCC.Test HTTP/1.1" Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60014 [23/Nov/2017:01:29:59.588] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/0/10/10 302 343 - JSESSIONID=E916C54BB7A9EA30E3EC9021AEF4CB79 1/1/0/0/0 0/0 {|coscend.com||} {||0|no-cache||./signin;jsessionid=no-cache|} "GET /CoscendCC.Test/ HTTP/1.1" Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60014 [23/Nov/2017:01:29:59.588] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/0/10/10 302 343 - JSESSIONID=E916C54BB7A9EA30E3EC9021AEF4CB79 1/1/0/0/0 0/0 {|coscend.com||} {||0|no-cache||./signin;jsessionid=no-cache|} "GET /CoscendCC.Test/ HTTP/1.1" Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60014 [23/Nov/2017:01:29:59.606] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/0/102/103 200 17936 - - 1/1/0/0/0 0/0 {|coscend.com||} {|||no-cache||no-cache|chunked} "GET /CoscendCC.Test/signin;jsessionid=E916C54BB7A9EA30E3EC9021AEF4CB79 HTTP/1.1" Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60014 [23/Nov/2017:01:29:59.606] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/0/102/103 200 17936 - - 1/1/0/0/0 0/0 {|coscend.com||} {|||no-cache||no-cache|chunked} "GET /CoscendCC.Test/signin;jsessionid=E916C54BB7A9EA30E3EC9021AEF4CB79 HTTP/1.1" Nov 23 01:29:59 localhost haproxy[6585]: 192.168.100.152:60019 [23/Nov/2017:01:29:59.768] webapps-frontend~ subdomain_cc/CoscendCC.Test 0/0/0/6/7 200 37037 - - 6/6/5/5/0 0/0 {|coscend.com||https://coscend.com/Co} {||36754|private|||} "GET