[WARNING] The 'rspirep' directive is deprecated in favor of 'http-response replace-header' and will be removed in next version.
-
Hi,
Using 2.4.5-RELEASE (amd64) and haproxy-devel 0.60_5 (2.0.14).
I am receiving this warning each time when applying changes to HAProxy configuration changes:
[WARNING] 146/045207 (9984) : parsing [/var/etc/haproxy/haproxy.cfg:61] : The 'rspirep' directive is deprecated in favor of 'http-response replace-header' and will be removed in next version.The actual lines on which the complaint occurs is as of below:
rspirep ^(Set-Cookie:((?!;\ secure).)*)$ \1;\ secure if { ssl_fc }Any chance this will be fixed in next version of pfsense before HAProxy actually removes this directive and end up on a dead end later on, also how can I fix this issue?
thanks!
-
@oshaker
For now to get rid of the warning disable the 'cookie protection' checkbox in the backend and add something like this in advanced settings:
http-response replace-header Set-Cookie "^((?:(?!; [Ss]ecure\b).)*)\$" "\1; secure" if { ssl_fc }Ill try and add it to the next package version. Can you confirm it works for you.?.
-
Hi PiBa,
I disabled Cookie protection Set "secure" attribure on cookies (only used on "http" frontends) in the backend settings under HSTS / Cookie protection
Under Advanced settings for the backend in Backend pass thru, I added this line you suggested
http-response replace-header Set-Cookie "^((?:(?!; [Ss]ecure\b).)*)\$" "\1; secure" if { ssl_fc }This appears to be working fine, since the older setting
rspirep ^(Set-Cookie:((?!;\ secure).)*)$ \1;\ secure if { ssl_fc }
was placed under the backend settings afterall.Thanks