[squid-users] SSL Terminating Reverse Proxy with Referral Tracking
Amos Jeffries
squid3 at treenet.co.nz
Wed Sep 15 00:09:50 UTC 2021
On 13/09/21 4:16 pm, Mehrdad Fatemi wrote:
> Hi Everyone,
> I'm looking for an elegant technology option to have telcos zero-rate
> all of the traffic to a set of online destinations.
Can you clarify what you mean exactly by "zero rate" ?
What does it have to do with actions the proxy is performing?
> Using an SSL
> terminating reverse proxy could be a potential answer to this as we can
> focus on zero-rating the proxy's downstream traffic with each ISP/Telco
> without worrying about upstream servers.
>
> There are two challenges to address here though:
> 1) Modern web applications on the upstream servers use many 3rd party
> and X-a-a-S resources (e.g. embedded media, libraries, etc) that we
> also want to pass through the proxy to ensure they are zero-rated.
>
To be clear; "reverse proxy" is just an old term for CDN frontend. It
requires public DNS records for the domains it services point all their
traffic to the CDN/proxy.
I'm not sure you are talking about the same thing. Maybe you are needing
an interception proxy or other QoS related systems.
In general;
a) If those upstream servers are doing XaaS fetches as their internal
operations there is no relevance to the gateway. It simply passes
traffic to upstream and they do their thing.
b) If those upstream servers are embedding URLs for clients to directly
contact the XaaS services. Then your desire is not possible without
redesigning the upstream service(s) such that they stop exposing their
use of the XaaS. Which often also means redesigning the XaaS service
itself too.
> 2) For a user to complete an end-to-end process they may get referred to
> 3rd party websites (like a payment gateway) that we only want to
> zero-rate if the referral is from one of our designated upstream servers.
>
That is not possible for a reverse-proxy to do. It will never see the
third-party traffic, as mentioned by (b) above.
Amos
More information about the squid-users
mailing list