Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [WARNING] The 'rspirep' directive is deprecated in favor of 'http-response replace-header' and will be removed in next version.

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 2.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      oshaker
      last edited by oshaker

      Hi,

      Using 2.4.5-RELEASE (amd64) and haproxy-devel 0.60_5 (2.0.14).

      I am receiving this warning each time when applying changes to HAProxy configuration changes:

      [WARNING] 146/045207 (9984) : parsing [/var/etc/haproxy/haproxy.cfg:61] : The 'rspirep' directive is deprecated in favor of 'http-response replace-header' and will be removed in next version.
      

      The actual lines on which the complaint occurs is as of below:

      rspirep ^(Set-Cookie:((?!;\ secure).)*)$ \1;\ secure if { ssl_fc }
      

      Any chance this will be fixed in next version of pfsense before HAProxy actually removes this directive and end up on a dead end later on, also how can I fix this issue?

      thanks!

      P 1 Reply Last reply Reply Quote 0
      • P
        PiBa @oshaker
        last edited by

        @oshaker
        For now to get rid of the warning disable the 'cookie protection' checkbox in the backend and add something like this in advanced settings:
        http-response replace-header Set-Cookie "^((?:(?!; [Ss]ecure\b).)*)\$" "\1; secure" if { ssl_fc }

        Ill try and add it to the next package version. Can you confirm it works for you.?.

        1 Reply Last reply Reply Quote 1
        • O
          oshaker
          last edited by oshaker

          Hi PiBa,

          I disabled Cookie protection Set "secure" attribure on cookies (only used on "http" frontends) in the backend settings under HSTS / Cookie protection

          Under Advanced settings for the backend in Backend pass thru, I added this line you suggested
          http-response replace-header Set-Cookie "^((?:(?!; [Ss]ecure\b).)*)\$" "\1; secure" if { ssl_fc }

          This appears to be working fine, since the older setting
          rspirep ^(Set-Cookie:((?!;\ secure).)*)$ \1;\ secure if { ssl_fc }
          was placed under the backend settings afterall.

          Thanks

          1 Reply Last reply Reply Quote 0
          • angel701129A angel701129 referenced this topic on
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.