We have a a typical setup where a public web site server has haproxy running so that users can reach a lan web server.
The problem is that users can access the proxy links directly while we need them to not be allowed to reach them unless they are logged into the public server.
We need two things.
1: A way to prevent direct access to the proxied server, perhaps by using some form of authentication on that server which prevents direct connections, allowing them only when initiated from the public web server.
2: Setting an expiring cookie with haproxy from the public web server which terminates after X amount of time based on an idle session.
The point again is that users should never have direct access to the proxied server unless they have logged into the public web site and clicked on a link which gives them the required cookie and initiates the connection to the private server.
There is no remote access available, your task will be mainly to consult us using chat.