haproxy selective httponly

Like with Apache httpd, haproxy could do the same cookie manipulation: ### acl block for cookie identification acl httponly_cookie res.hdr(Set-Cookie),lower -m sub httponly acl xsrf_present res.cook(XSRF-TOKEN) -m found acl secure_cookie res.hdr(Set-Cookie),lower -m sub secure #response block for cookie manipulation rspirep ^(set-cookie:.*) \1;\ HttpOnly if !httponly_cookie !xsrf_present rspirep ^(set-cookie:.*) \1;\ Secure if !secure_cookie #block for xframe Read More …