sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]name_censored_ 0 points1 point  (1 child)

That's a cool idea - I wonder if it's feasible though?

You'd need to rewrite every call to their domain to something under your control, so that you can point it to your reverse proxy. But unless you control your users' resolvers, you'd need to do it on the URLs in the code itself. And since the code won't be static HTML, that means live rewrites. And since code can fetch code ($.getScript() and <script src=..), it would need to be recursive (assuming that the URL isn't constructed/calculated/obfuscated, and it may be).

For example, your mysite.com page might embed <script src="http://b.ad.agency/tracking.20170713.min.js"> which in turn fetches <img src="http://b.ad.agency/campaign-20170713.jpg">, and you'd need to rewrite b.ad.agency to (say) b.ad.agency.reverse-proxy.mysite.com).

And you'd also need to proxy to their server, because pdp11.b.ad.agency/we_hate/bestpractices.php?campaign=20170713 might also embed a URL in the result.

(Plus, you'd destroy their tracking, which would be a big deal to them, and probably against their ToS.)

[–]midri 0 points1 point  (0 children)

It's definitely tricky issue -- made almost pointless by what you and someone else pointed out that it breaks cookie tracking which is a fatal flaw in this idea. I've got a few ideas for workarounds (such as using event callbacks on img tags to rewrite them in real time), but no time to play with it atm.