WAF Proxy (CloudFlare,...)
aka CloudFlare proxy
Last updated
Was this helpful?
aka CloudFlare proxy
Last updated
Was this helpful?
Setup a reverse proxy DNS on a WAF like CloudFlare is an easy and reliable way for tracking purposes using 1st party cookies.
Contact your account manager for more details.
1. In Cloudflare (or your WAF), declare the tracking domain to be used and point it to our infra (for ex. waf.myshop.com) and point it to the endpoint we've defined for the proxy:
ca-trk-proxy.commander1.com
2. On the DNS side, point your tracking domain (ex. waf.myshop.com) to Cloudflare (the CNAME is provided by cloudflare).
Declare the domain
Use our interface Domain Management to declare this domain and adjust the way Commanders Act collect the datas
Administration > Domain Management
Activate the domain Turn ON the option "Containers Integration" will allow the domain to be included in the container configuration.
All Commanders Act tags will switch to first party collection.
This action will affect Consent, Deduplication, Campaign, Segment, Server Side
What happens when I have 2 or more domains?
It prioritizes the domain of the website where the container is loaded. If no domain matches the domain of the website, the 1st in the list is used.
At this point, WebContainers and Privacy banners should be regenerated and deployed.
If applicable, adjust your existing tracking to reflect your new tracking domain. For example on a View Campaign tracking hit: https://waf.myshop.com/mix/v3/?firsttime=1&tcs=5039&chn=referrer&src=referrer_3&user_id=96177&TCID=96177&cmp=Promotionnal+game&cty=Italy
Host must be identified as waf.commandersact.com which is what is expected.
If the host is identified as ca-trk-proxy.commander1.com which is not what is expected. This probably means that the proxy is setting the host parameter in the header to the domain in commander1.com instead of leaving the original domain.
Here is the expected configuration of the proxy:
Haproxy :
server ca-trk-proxy:
server is the keyword indicating the definition of a server in a backend section.
ca-trk-proxy is the name assigned to this server. It is used to identify the server in logs and stats.
ca-trk-proxy.commander1.com:443:
This specifies the address and port of the server. Here, the server is located at ca-trk-proxy.commander1.com and listens on port 443 (which is typically used for HTTPS).
resolvers dns:
resolvers specifies the DNS resolver section to use for resolving the server's hostname.
dns refers to a previously defined resolver section in the configuration that contains the DNS server details.
check:
This enables health checks for the server. HAProxy will periodically check if the server is up and running.
inter 30s:
This sets the interval between health checks to 30 seconds.
check-sni ca-trk-proxy.commander1.com:
check-sni specifies the Server Name Indication (SNI) to use during the health check. SNI is an extension of the TLS protocol that allows the client to specify the hostname it is trying to connect to at the start of the handshake process.
ca-trk-proxy.commander1.com is the hostname used for the SNI during the health check.
sni ssl_fc_sni:
sni specifies the SNI to use when establishing connections to the server.
ssl_fc_sni is a dynamic keyword that uses the SNI value from the frontend connection for this backend connection.
check-ssl:
This enables SSL checks during health checks, ensuring the SSL/TLS layer is properly established and validated.
verify none:
This option disables the verification of the server's SSL certificate during health checks. It means HAProxy will not validate the certificate against a certificate authority (CA).
In summary, this configuration line defines a backend server named ca-trk-proxy located at ca-trk-proxy.commander1.com:443. It uses the dns resolver for DNS resolution, performs health checks every 30 seconds, uses SNI during the checks, and does not verify the SSL certificate of the server during health checks.
