Hi,
We’re currently using stick tables to do dynamic proxying of on-demand rdp connections, something like:
frontend tls
bind :443
mode tcp
use_backend rdp-proxy if RDP_COOKIE
backend rdp
stick-table type string len 15 size 25 nopurge peers mypeers
stick on rdp_cookie(msts),map(/usr/local/etc/haproxy/rdp-cookie-to-ip.map)
We programmatically (via stats socket) add entries to a map to correlate the special msts rdp cookie to an IP address. The problem is that we can’t terminate the session once it has been created. Basically, the map is only used to establish the connection, but after that, we don’t have a handle on the specific tcp session that is “stuck”.
Is there a way to track/identify the session when it gets “stuck” so that we can call shutdown session <id> without having to kill all sessions to that specific server? Is that something that can be achieved by sampling ssl_fc_unique_id or ssl_fc_session_id, or is there some more direct way to get the session identifier?