Bug #13343
closed
HAproxy cookie protection syntax needs updated
Added by Johannes Goldynia over 2 years ago.
Updated over 1 year ago.
Affected Plus Version:
22.05
Affected Architecture:
All
Description
A bug has been found after UPdate to pfSense plus 22.05: the generated code by HaProxy-GUI
rspirep ^(Set-Cookie:((?!;\ secure).)*)$ \1;\ secure if { ssl_fc }
used by the checkbox /backend settings ... HSTS / Cookie protection is obsolete.
So I fix it - temporary - by disabling the checkbox but adding the following "Backend pass thru":
http-response replace-header Set-Cookie "^((?:(?!; [Ss]ecure\b).)*)\$" "\1; secure" if { ssl_fc }
Still waiting for a fix in the GUI of haproxy.
Hello,
Is this present on the stable or devel branch? Or both?
Hello,
the bug is there if the haproxy package installation dependency is set to use
haproxy22-2.2.22 (no more "rspirep" support)
If it is to the "old"
haproxy18-1.8.30
it is OK because "rspirep" is supported ...
It is on the stable branch pfsense plus 22.05 together with haproxy (NOT devel).
BR Johannes
- Status changed from New to Confirmed
Here is the error message in 2.0 of HAProxy:
The 'rspirep' directive is deprecated in favor of 'http-response replace-header' and will be removed in next version.
The function needs to be changed on the webConfigurator interface to represent the new way of formatting this, as it'll affect devel as well.
Hello,
Thank you Johannes Goldynia for the work-around, this worked for me too.
Is the fix in the GUI function difficult to put in place? I don't see any due date for that bug to be corrected.
- Has duplicate Bug #14536: Backend cookie protection option generates invalid haproxy config file added
- Subject changed from haproxy to HAproxy cookie protection syntax needs updated
- Status changed from Confirmed to Pull Request Review
- Status changed from Pull Request Review to Feedback
PR merged, thanks!
Packages are building for Plus 23.05.1 and CE 2.7.0, they will be available shortly.
Hello,
it works now together with the haproxy version 0.61_11.
Thanks!
- Status changed from Feedback to Resolved
- % Done changed from 0 to 100
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by 
Updated by