Project

General

Profile

Actions

Bug #13343

open

haproxy

Added by Johannes Goldynia 11 months ago. Updated 5 months ago.

Status:
Confirmed
Priority:
Normal
Assignee:
-
Category:
haproxy
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
22.05
Affected Architecture:
All

Description

A bug has been found after UPdate to pfSense plus 22.05: the generated code by HaProxy-GUI

rspirep ^(Set-Cookie:((?!;\ secure).)*)$ \1;\ secure if { ssl_fc }

used by the checkbox /backend settings ... HSTS / Cookie protection is obsolete.
So I fix it - temporary - by disabling the checkbox but adding the following "Backend pass thru":

http-response replace-header Set-Cookie "^((?:(?!; [Ss]ecure\b).)*)\$" "\1; secure" if { ssl_fc }

Still waiting for a fix in the GUI of haproxy.

Actions #1

Updated by Kris Phillips 11 months ago

Hello,

Is this present on the stable or devel branch? Or both?

Actions #2

Updated by Johannes Goldynia 11 months ago

Hello,

the bug is there if the haproxy package installation dependency is set to use
haproxy22-2.2.22 (no more "rspirep" support)

If it is to the "old"
haproxy18-1.8.30
it is OK because "rspirep" is supported ...

It is on the stable branch pfsense plus 22.05 together with haproxy (NOT devel).

BR Johannes

Actions #3

Updated by Kris Phillips 9 months ago

  • Status changed from New to Confirmed

Here is the error message in 2.0 of HAProxy:

The 'rspirep' directive is deprecated in favor of 'http-response replace-header' and will be removed in next version.

The function needs to be changed on the webConfigurator interface to represent the new way of formatting this, as it'll affect devel as well.

Actions #4

Updated by Alexandre J 5 months ago

Hello,

Thank you Johannes Goldynia for the work-around, this worked for me too.

Is the fix in the GUI function difficult to put in place? I don't see any due date for that bug to be corrected.

Actions

Also available in: Atom PDF