diff --git a/Dockerfile b/Dockerfile
index 090b43851a0dceddedccc6b0adfd476b495d2033..0a6d35e95813fabad4ba19b437764d1619fbbffa 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -18,6 +18,7 @@ ENV AUTH=0 \
     POST=0 \
     SECRETS=0 \
     SERVICES=0 \
+    SESSION=0 \
     SWARM=0 \
     SYSTEM=0 \
     TASKS=0 \
diff --git a/README.md b/README.md
index 818e16bb4c4dc00b4af411e769db75d5dd2ab89a..7b015fe619f366a0b75e0d20d33bb11ac2225eb7 100644
--- a/README.md
+++ b/README.md
@@ -135,6 +135,7 @@ does not need.
 - `NODES`
 - `PLUGINS`
 - `SERVICES`
+- `SESSION`
 - `SWARM`
 - `SYSTEM`
 - `TASKS`
diff --git a/haproxy.cfg b/haproxy.cfg
index fd27a33d7947914d3db0cb5a8004aae335fb95ad..3a5c67758b049c61e35b2d442dc28b8116aa2303 100644
--- a/haproxy.cfg
+++ b/haproxy.cfg
@@ -59,6 +59,7 @@ frontend dockerfrontend
     http-request deny if { path,url_dec -m reg -i ^(/v[\d\.]+)?/post } ! { env(POST) -m bool }
     http-request deny if { path,url_dec -m reg -i ^(/v[\d\.]+)?/secrets } ! { env(SECRETS) -m bool }
     http-request deny if { path,url_dec -m reg -i ^(/v[\d\.]+)?/services } ! { env(SERVICES) -m bool }
+    http-request deny if { path,url_dec -m reg -i ^(/v[\d\.]+)?/session } ! { env(SESSION) -m bool }
     http-request deny if { path,url_dec -m reg -i ^(/v[\d\.]+)?/swarm } ! { env(SWARM) -m bool }
     http-request deny if { path,url_dec -m reg -i ^(/v[\d\.]+)?/system } ! { env(SYSTEM) -m bool }
     http-request deny if { path,url_dec -m reg -i ^(/v[\d\.]+)?/tasks } ! { env(TASKS) -m bool }