[WARNING] The 'rspirep' directive is deprecated in favor of 'http-response replace-header' and will be removed in next version.

oshaker

Hi,

Using 2.4.5-RELEASE (amd64) and haproxy-devel 0.60_5 (2.0.14).

I am receiving this warning each time when applying changes to HAProxy configuration changes:

[WARNING] 146/045207 (9984) : parsing [/var/etc/haproxy/haproxy.cfg:61] : The 'rspirep' directive is deprecated in favor of 'http-response replace-header' and will be removed in next version.

The actual lines on which the complaint occurs is as of below:

rspirep ^(Set-Cookie:((?!;\ secure).)*)$ \1;\ secure if { ssl_fc }

Any chance this will be fixed in next version of pfsense before HAProxy actually removes this directive and end up on a dead end later on, also how can I fix this issue?

thanks!

PiBa

@oshaker
For now to get rid of the warning disable the 'cookie protection' checkbox in the backend and add something like this in advanced settings:
http-response replace-header Set-Cookie "^((?:(?!; [Ss]ecure\b).)*)\$" "\1; secure" if { ssl_fc }

Ill try and add it to the next package version. Can you confirm it works for you.?.

oshaker

Hi PiBa,

I disabled Cookie protection Set "secure" attribure on cookies (only used on "http" frontends) in the backend settings under HSTS / Cookie protection

Under Advanced settings for the backend in Backend pass thru, I added this line you suggested
http-response replace-header Set-Cookie "^((?:(?!; [Ss]ecure\b).)*)\$" "\1; secure" if { ssl_fc }

This appears to be working fine, since the older setting
rspirep ^(Set-Cookie:((?!;\ secure).)*)$ \1;\ secure if { ssl_fc }
was placed under the backend settings afterall.

Thanks