I am running HAProxy version 2.0.12 2019/12/21 - It hosts multiple backends.
In the web layer, I have a persistent cookie which just contains a GUID and is meant to be super-long lived (50 years, but can be any large value). It needs to be set in a consistent way by the 1st page a user encounters, but is currently being set inconsistently by multiple backends -- I want HAProxy to override and manage this.
Requirements:
- foreach of these, I need to be able to handle .es, .co.uk, .com.au and .com domains.
- If an existing value comes into HAProxy with the correct settings
- Do nothing, all is ok.
- If an existing value comes into HAProxy with incorrect settings, extract the GUID, and re-emit with the proper settings.
- Ignore the backend response
- Change www.my-domain.com to .my-domain.com
- Change to Secure if not
- Change to SameSite=Lax if anything else
- Remove HttpOnly if set
- If no cookie comes into HAProxy, and the backend does not return a set-cookie header, set a new cookie
- Add my-cookie-name, containing a new GUID.
- Secure
- Samesite=Lax
- Domain=.my-domain.com
- If no cookie comes into HAProxy, but the backed does define a set-cookie header for my-cookie-name
- extract the GUID, and ensure:
- Secure
- Samesite=Lax
- Domain=.my-domain.com
The desired output is (probably):
set-cookie: my-cookie-name=55e77c42-377a-4c32-9de6-da5ab4430bb3; expires=Wed, 05-Feb-2070 23:59:59 GMT; path=/; domain=.my-domain.com; samesite=lax; Secure
The problem I have is that I want this cookie override to set Domain to the top level domain, however so far I can't find a way to use hdr_end in the 'set-var'. The only option I have found is using a regsub(), however this then means that the logic is different for a ".co.uk" or ".com.au" top level domain compared to a ".com" one. I feel like I must have missed something trying to code domain name handling into a reverse proxy :-) Am I missing something? Should I be using a different approach?
Previous (mostly working) code which was aimed at removing HttpOnly:
##############################
# Make my-cookie not HttpOnly #
##############################
##### Handle Set-Cookie on response #####
## Is my-cookie on the response?
acl is_mycookie_cookie_set_res res.cook(my-cookie) -m found
## If yes, set a var with that value
http-response set-var(txn.mycookie_value_res) res.cook(my-cookie) if is_mycookie_cookie_set_res
## And replace if HttpOnly found
http-response replace-header Set-Cookie "^my-cookie=(.*?);(.*?(?:HttpOnly)).*" "my-cookie=%[var(txn.mycookie_value_res)]; expires=Tue, 04-Feb-2070 23:59:59 GMT; path=/; samesite=lax" if is_mycookie_cookie_set_res
##### END Handle Set-Cookie on response #####
##### Handle Cookie on request #####
## Is my-cookie on the request?
## If yes, set a var with that value
http-request set-var(txn.mycookie_value_req) req.cook(my-cookie)
acl mycookie_cook_set_req var(txn.mycookie_value_req) -m found
## And set that cookie if none defined by the backend
http-response add-header Set-Cookie "my-cookie=%[var(txn.mycookie_value_req)]; expires=Tue, 04-Feb-2070 23:59:59 GMT; path=/; samesite=lax" if mycookie_cook_set_req !is_mycookie_cookie_set_res
##### END Handle Cookie on request #####
##################################
# End Make my-cookie not HttpOnly #
##################################
Partial New code trying to set the cookie to the top level domain:
# regsub() here wont deal with all the different TLDs :-(
http-request set-var(txn.my_host) req.hdr(host),lower,word(1,:).regsub("^[a-z0-9_-]+\.",".",g)
http-response add-header Set-Cookie "my-cookie-name=%[var(txn.mycookie_value_req)]; expires=Wed, 05-Feb-2070 23:59:54 GMT; path=/; domain=.%[var(txn.my_host)]; samesite=lax; Secure" if mycookie_cook_set_req !is_mycookie_cookie_set_res
How can I get HAProxy to make me a variable containing just the top level domain?
