This guide is tailored for a technical audience and assumes a basic level of knowledge with web servers and related concepts. Setting up a reverse proxy requires a certain level of IT expertise within your organization. Typically, your Web, IT, and/or security teams can assist marketing teams in this process.
A reverse proxy, whether it’s a server, application, or cloud service, acts as a middleman, managing and optimizing the flow of information between visitors and the website domains they want to access. When using reverse proxy with PathFactory, visitors experience a seamless navigation flow and see PathFactory destination experiences as subfolder/subdirectory URLs within your primary domain folder structure vs. as a subdomain – i.e., companydomain.com/resourcehub vs. resourcehub.companydomain.com. Additionally, reverse proxy enhances security and helps distribute incoming requests across multiple servers to balance the load on busy websites.
Note: PathFactory provides support through sample configurations and troubleshooting sessions with solutions engineers, but overall setup is owned, managed, and maintained by your organization’s IT team. If you don’t want to use a reverse proxy, you may set up a custom domain instead. To do so, refer to our guide: How To Set Up a Custom Domain.
Compatible Reverse Proxy Services
PathFactory offers support for troubleshooting reverse proxy configurations after you have established the base-level setup within your organization. Due to the diverse technology stacks across organizations, PathFactory cannot provide detailed step-by-step instructions for setting up the base-level reverse proxy. However, here are some examples of compatible reverse proxy applications along with links for further setup guidance:
- A Content Delivery Network (CDN): AKAMAI, Cloudflare (Enterprise)
- A dedicated load balancer or reverse proxy server: NGINX
- A reverse proxy/gateway module on your web server: Apache HTTP Server (mod_proxy)
Incompatible Reverse Proxy Services
Some custom reverse proxy servers are not compatible with PathFactory due to how they handle HTTP headers, particularly the Host header. By stripping the Host header from incoming requests, PathFactory cannot accurately identify and serve content to visitors.
The following are examples of incompatible reverse proxy services:
- AWS ALB (Application Load Balancer), ELB (Elastic Load Balancer), and CLB (Classic Load Balancer)
- Netlify
PathFactory Requirements for Setting up a Reverse Proxy
Before configuring your reverse proxy for PathFactory, ensure you consult the documentation provided by your reverse proxy technology for detailed setup instructions.
To ensure seamless communication with PathFactory servers, please adhere to the requirements outlined below. By following these requirements, you can ensure smooth integration of your reverse proxy with PathFactory and facilitate optimal content delivery and visitor tracking.
- Select or set up a subdirectory for the PathFactory origin server. Choose or create a preferred subdirectory for proxy requests specific to your PathFactory instance. If you encounter difficulties identifying your default PathFactory subdomain, please contact your PathFactory solutions engineer.
- Set up reverse proxy rules to ensure required request methods are passed.
- Rules must accommodate all requests that use the following methods (requests using other methods will be ignored by the PathFactory origin server):
- GET
- POST
- HEAD
- OPTION
- Rules must ensure requests are passed intact. Your reverse proxy and rule setup must preserve requests passed to the PathFactory origin server without alterations. This ensures that the origin server receives requests exactly as sent by the client, enabling accurate content delivery and visitor tracking within your PathFactory instance.
- Rules must accommodate all requests that use the following methods (requests using other methods will be ignored by the PathFactory origin server):
- Enable TLS (Transport Layer Security). Establish a secure connection (HTTPS over TLS) between the reverse proxy and the origin server. The connection will terminate at the origin server and is automatically covered by PathFactory’s certificate, eliminating the need for a separate certificate.
- Disable origin server caching. Ensure caching of the origin server is disabled, especially if utilizing a CDN. Disabling caching for the PathFactory origin server helps maintain content freshness and accuracy across your website.
Frequently Asked Questions
Q: Why do I have to preserve host and share cookies to PathFactory when sending requests through a reverse proxy application?
Some proxy servers can be set up to change components of HTTP messages, including the method and the values in the HTTP request and response header fields. This causes problems within PathFactory because some PathFactory functionality relies on our server receiving this information exactly as it was sent by the client’s browser (and vice-versa).
For example, the User-Agent and Cookie header fields, among others, are used to collect visitor metrics. If your proxy server changes the HTTP messages, this can either break that particular functionality, cause security risks to the client’s browser, or cause the PathFactory experience to stop working altogether. In addition to generally ensuring that your reverse proxy is not changing any HTTP headers, it’s particularly important that the Host header on HTTP requests is not modified in any way.
Some reverse proxies (such as Apache’s mod_proxy) change the hostname on the request header by default, and replace it with the hostname of the origin server. For example, it would change Host: www.mycompany.com/subdirectory/content track/ to Host: mycompany.pathfactory.com/. Because the goal is to show the opposite – the subdirectory URL not the subdomain URL structure, you must specifically take action to override the default behavior. For example, to preserve the original host in an Apache configuration file (usually httpd.conf or apache2.conf), you can add the following line to the configuration file: “ProxyPreserveHost On.” This will ensure that the original host is kept on the proxied request, and the Host header will not be modified by the reverse proxy.
Q: How will caching impact my reverse proxy request to PathFactory?
Some proxy servers, particularly those that are part of CDNs, enable you to cache server responses. With this reverse proxy setup, the proxy server can serve resources it has saved from its own cache, rather than requesting them from the origin server.
Using a server cache would affect PathFactory functionality. As such, you must disable caching on the proxy server to avoid affecting performance.
Q: My website uses HTTPS (SSL/TLS). If I set up a custom domain for my PathFactory experiences on a subdirectory of my website, do I need to send PathFactory a certificate?
No, you don’t have to send us a certificate in this case. When a client requests the subdirectory for your content track, the TLS connection is terminated at your domain, because the subdirectory is under that domain.
This means that it is covered by your domain’s certificate. The request is then passed on by your reverse proxy server to the PathFactory origin server (mycompany.pathfactory.com/resources/). This connection uses HTTPS, and since it terminates on PathFactory’s domain, it is covered by PathFactory’s certificate.