• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

[WARNING] The 'rspirep' directive is deprecated in favor of 'http-response replace-header' and will be removed in next version.

Scheduled Pinned Locked Moved General pfSense Questions
3 Posts 2 Posters 2.6k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • O
    oshaker
    last edited by oshaker May 26, 2020, 2:02 AM May 26, 2020, 1:59 AM

    Hi,

    Using 2.4.5-RELEASE (amd64) and haproxy-devel 0.60_5 (2.0.14).

    I am receiving this warning each time when applying changes to HAProxy configuration changes:

    [WARNING] 146/045207 (9984) : parsing [/var/etc/haproxy/haproxy.cfg:61] : The 'rspirep' directive is deprecated in favor of 'http-response replace-header' and will be removed in next version.
    

    The actual lines on which the complaint occurs is as of below:

    rspirep ^(Set-Cookie:((?!;\ secure).)*)$ \1;\ secure if { ssl_fc }
    

    Any chance this will be fixed in next version of pfsense before HAProxy actually removes this directive and end up on a dead end later on, also how can I fix this issue?

    thanks!

    P 1 Reply Last reply May 31, 2020, 7:09 PM Reply Quote 0
    • P
      PiBa @oshaker
      last edited by May 31, 2020, 7:09 PM

      @oshaker
      For now to get rid of the warning disable the 'cookie protection' checkbox in the backend and add something like this in advanced settings:
      http-response replace-header Set-Cookie "^((?:(?!; [Ss]ecure\b).)*)\$" "\1; secure" if { ssl_fc }

      Ill try and add it to the next package version. Can you confirm it works for you.?.

      1 Reply Last reply Reply Quote 1
      • O
        oshaker
        last edited by oshaker May 31, 2020, 9:14 PM May 31, 2020, 9:07 PM

        Hi PiBa,

        I disabled Cookie protection Set "secure" attribure on cookies (only used on "http" frontends) in the backend settings under HSTS / Cookie protection

        Under Advanced settings for the backend in Backend pass thru, I added this line you suggested
        http-response replace-header Set-Cookie "^((?:(?!; [Ss]ecure\b).)*)\$" "\1; secure" if { ssl_fc }

        This appears to be working fine, since the older setting
        rspirep ^(Set-Cookie:((?!;\ secure).)*)$ \1;\ secure if { ssl_fc }
        was placed under the backend settings afterall.

        Thanks

        1 Reply Last reply Reply Quote 0
        • A angel701129 referenced this topic on Jul 9, 2023, 1:42 PM
        3 out of 3
        • First post
          3/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received