Project

General

Profile

Actions
Copy link

Bug #14536

closed

Backend cookie protection option generates invalid haproxy config file

Added by Alfredo Pironti over 1 year ago. Updated over 1 year ago.

Status:
Duplicate
Priority:
Normal
Assignee:
-
Category:
haproxy
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
2.7.0
Affected Plus Version:
Affected Architecture:
All

Description

On PFSense 2.7.0, with haproxy 0.61_10 package installed.

Create a haproxy backend, edit it and enable the "Cookie protection" flag, described as "Set "secure" attribure on cookies (only used on "http" frontends)" (note a typo on the word attribure, btw).

Save, and try to apply the changes. HAProxy cannot start, logs show the following error: "The 'rspirep' directive is not supported anymore since HAProxy 2.1. Use 'http-response replace-header' instead."

This can be tracked back to the package source code:
https://github.com/pfsense/FreeBSD-ports/blob/47d4eaf7c4e5fe3d6ec863b5db544ec6ed150268/net/pfSense-pkg-haproxy/files/usr/local/pkg/haproxy/haproxy.inc#L806

The following link proposes a solution that may help fixing the affected source code:
https://stackoverflow.com/questions/59484910/haproxy-replace-rsprep-directive-by-http-response-replace-header

Please let me know if I can be of any further help reproducing or troubleshooting the issue. Thanks!

Related issues

Is duplicate of Bug #13343: HAproxy cookie protection syntax needs updatedResolved

Actions
Actions
Copy link

Also available in: Atom PDF