Bug #13343
open
haproxy
0%
Description
A bug has been found after UPdate to pfSense plus 22.05: the generated code by HaProxy-GUI
rspirep ^(Set-Cookie:((?!;\ secure).)*)$ \1;\ secure if { ssl_fc }
used by the checkbox /backend settings ... HSTS / Cookie protection is obsolete.
So I fix it - temporary - by disabling the checkbox but adding the following "Backend pass thru":
http-response replace-header Set-Cookie "^((?:(?!; [Ss]ecure\b).)*)\$" "\1; secure" if { ssl_fc }
Still waiting for a fix in the GUI of haproxy.
Updated by Kris Phillips 11 months ago
Hello,
Is this present on the stable or devel branch? Or both?
Updated by Johannes Goldynia 11 months ago
Hello,
the bug is there if the haproxy package installation dependency is set to use
haproxy22-2.2.22 (no more "rspirep" support)
If it is to the "old"
haproxy18-1.8.30
it is OK because "rspirep" is supported ...
It is on the stable branch pfsense plus 22.05 together with haproxy (NOT devel).
BR Johannes
Updated by Kris Phillips 9 months ago
- Status changed from New to Confirmed
Here is the error message in 2.0 of HAProxy:
The 'rspirep' directive is deprecated in favor of 'http-response replace-header' and will be removed in next version.
The function needs to be changed on the webConfigurator interface to represent the new way of formatting this, as it'll affect devel as well.
Updated by Alexandre J 5 months ago
Hello,
Thank you Johannes Goldynia for the work-around, this worked for me too.
Is the fix in the GUI function difficult to put in place? I don't see any due date for that bug to be corrected.