Code Room
System designMedium
Question
Design a centralized egress (forward) proxy that all outbound HTTP from a 5,000-service platform must route through, handling 60k outbound requests/sec to arbitrary third-party and customer-specified URLs. It must enforce an allow/deny policy (block internal IP ranges and metadata endpoints to prevent SSRF), apply per-destination rate limits and circuit breakers, reuse upstream connections for efficiency, and add under 5ms p99. Walk through the proxy architecture, the policy-enforcement model, and the central trade-off.
What a strong answer looks like
Clarify scale and constraints first. Propose a clean component breakdown, then go deep on the hard parts — data model, bottlenecks, consistency, failure modes — and name the trade-offs you are making.
Learn the concepts
Loading whiteboard…
Run or narrate your approach, then ask the coach.