We’re currently using stick tables to do dynamic proxying of on-demand rdp connections, something like:
frontend tls bind :443 mode tcp use_backend rdp-proxy if RDP_COOKIE backend rdp stick-table type string len 15 size 25 nopurge peers mypeers stick on rdp_cookie(msts),map(/usr/local/etc/haproxy/rdp-cookie-to-ip.map)
We programmatically (via stats socket) add entries to a map to correlate the special msts rdp cookie to an IP address. The problem is that we can’t terminate the session once it has been created. Basically, the map is only used to establish the connection, but after that, we don’t have a handle on the specific tcp session that is “stuck”.
Is there a way to track/identify the session when it gets “stuck” so that we can call
shutdown session <id> without having to kill all sessions to that specific server? Is that something that can be achieved by sampling
ssl_fc_session_id, or is there some more direct way to get the session identifier?