-
-
Save haproxytechblog/370d0e5bec96825d3183e118c630df52 to your computer and use it in GitHub Desktop.
Secure Cookies Using HAProxy Enterprise
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Set-Cookie: User=Seb; path=/; Secure; HttpOnly |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| set-cookie: Cookie1=Value1 | |
| set-cookie: Cookie2=Value-of-cookie2 | |
| set-cookie: Cookie3=Other-value; path=/ | |
| # Same result, but using header folding | |
| set-cookie: Cookie1=Value1 | |
| set-cookie: Cookie2=Value-of-cookie2, Cookie3=Other-value; path=/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| backend webservers | |
| [...] | |
| cookie SRV insert indirect httponly secure | |
| server s1 192.168.0.101:80 check cookie s1 | |
| server s2 192.168.0.102:80 check cookie s2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| set-cookie: Cookie1=Value1 | |
| set-cookie: Cookie2=Value-of-cookie2, Cookie3=Other-value; path=/ | |
| set-cookie: SRV=s1; path=/; HttpOnly; Secure |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| acl https ssl_fc | |
| acl secured_cookie res.hdr(Set-Cookie),lower -m sub secure | |
| rspirep ^(set-cookie:.*) \1;\ Secure if https !secured_cookie |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| set-cookie: Cookie1=Value1, Cookie2=Value-of-cookie2; HttpOnly | |
| set-cookie: Cookie3=Other-value; path=/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| acl http_cookie res.hdr(Set-Cookie),lower -m sub httponly | |
| http-response replace-header Set-Cookie "(.*)" "\1; HttpOnly" if !http_cookie |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| set-cookie: Cookie1=Value1, Cookie2=Value-of-cookie2; HttpOnly | |
| set-cookie: Cookie3=Other-value; path=/ | |
| set-cookie: SRV=s1; path=/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Enterprise edition | |
| /opt/hapee-2.6/sbin/hapee-lb -vv | grep 'Built with PCRE' | |
| # Community edition | |
| haproxy -vv | grep 'Built with PCRE' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Built with PCRE2 version : 10.32 2018-09-10 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| http-response replace-header Set-Cookie '(^((?!(?i)httponly).)*$)' "\1; HttpOnly" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| set-cookie: Cookie1=Value1, Cookie2=Value-of-cookie2; HttpOnly | |
| set-cookie: Cookie3=Other-value; path=/; HttpOnly | |
| set-cookie: SRV=s1; path=/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| http-response replace-value Set-Cookie '(^((?!(?i)httponly).)*$)' "\1; HttpOnly" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| set-cookie: Cookie1=Value1; HttpOnly, Cookie2=Value-of-cookie2; HttpOnly | |
| set-cookie: Cookie3=Other-value; path=/; HttpOnly | |
| set-cookie: SRV=s1; path=/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| http-after-response replace-value Set-Cookie '(^((?!(?i)httponly).)*$)' "\1; HttpOnly" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| set-cookie: Cookie1=Value1; HttpOnly, Cookie2=Value-of-cookie2; HttpOnly | |
| set-cookie: Cookie3=Other-value; path=/; HttpOnly | |
| set-cookie: SRV=s1; path=/; HttpOnly |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Set-Cookie: Cookie1=Value1; expires=Tue, 27-Sept-2023 09:14:05 GMT |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Set-Cookie: Cookie1=Value1; expires=Tue; HttpOnly, 27-Sept-2023 09:14:05 GMT; HttpOnly |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| http-after-response replace-header Set-Cookie '(^((?!(?i)httponly).)*$)' "\1; HttpOnly" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| frontend www_fe | |
| bind :80 | |
| bind :443 ssl crt my-cert.pem | |
| mode http | |
| use_backend www_be | |
| http-after-response replace-header Set-Cookie '(^((?!(?i)httponly).)*$)' "\1; HttpOnly" | |
| http-after-response replace-header Set-Cookie '(^((?!(?i)secure).)*$)' "\1; Secure" if { ssl_fc } | |
| backend webservers | |
| mode http | |
| cookie SRV insert indirect | |
| server s1 192.168.10.101:8000 check cookie s1 | |
| server s2 192.168.10.102:8000 check cookie s2 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment