Rule-based routing to resources through a network
First Claim
Patent Images
1. A method for routing requests to a resource in a computer network, the method comprising:
- receiving, using hardware processor, a redirection rule list at a client device from a redirection rule server in the computer network, wherein the redirection rule list includes a redirection rule specifying that resource requests having an identified spoofed address are to be forwarded to a first resource server;
sorting the redirection rule list by the client device;
obtaining an existing Proxy Auto Configuration (PAC) file and logic associated with an evaluation logic template;
merging the sorted redirection rule list, the existing PAC file, and the logic associated with the evaluation logic template to create a new PAC file,initializing a local circuit proxy at the client device;
registering the new PAC file to enable redirection of Virtual Private Network (VPN) resource access requests;
receiving a request to access a first resource at the first resource server in the computer network;
evaluating the request to access the first resource at the first resource server in the computer network via execution of the logic associated with the evaluation logic template included in the new PAC file to determine whether the request includes the identified spoofed address; and
processing the evaluated request,wherein the processing of the evaluated request when the evaluated request includes the identified spoofed address includes;
providing the identified spoofed address to the local circuit proxy at the client device for accessing the first resource at the first resource server in the computer network via a VPN connection based on the new PAC file that enables the redirection of the VPN resource access requests, wherein the identified spoofed address is mapped to a second address in the computer network that corresponds to the first resource at the first resource server in the computer network; and
forwarding the evaluated request to a server associated with the second address in the computer network according to the redirection rule mapping of the identified spoofed address to the second address, wherein the evaluated request is forwarded by the local circuit proxy at the client device over the computer network to the server associated with the second address in the computer network, and the first resource is accessed from the server in the computer network according to the redirection rule via the VPN connection based on the forwarded evaluated request; and
wherein the processing of the evaluated request when the evaluated request does not include the identified spoofed address includes;
matching a resource identifier referenced in the evaluated request against an address rule list, andredirecting the evaluated request via the local circuit proxy of the client device based on the matched resource identifier in the address rule list.
17 Assignments
0 Petitions
Accused Products
Abstract
Techniques for determining which resource access requests are handled locally at a remote computer, and which resource access requests are routed or “redirected” through a virtual private network. One or more routing or “redirection” rules are downloaded from a redirection rule server to a remote computer. When the node of the virtual private network running on the remote computer receives a resource access request, it compares the identified resource with the rules. Based upon how the identified resource matches one or more rules, the node will determine whether the resource access request is redirected through the virtual private network or handled locally (e.g., retrieved locally from another network). A single set of redirection rules can be distributed to and employed by a variety of different virtual private network communication techniques.
150 Citations
18 Claims
-
1. A method for routing requests to a resource in a computer network, the method comprising:
-
receiving, using hardware processor, a redirection rule list at a client device from a redirection rule server in the computer network, wherein the redirection rule list includes a redirection rule specifying that resource requests having an identified spoofed address are to be forwarded to a first resource server; sorting the redirection rule list by the client device; obtaining an existing Proxy Auto Configuration (PAC) file and logic associated with an evaluation logic template; merging the sorted redirection rule list, the existing PAC file, and the logic associated with the evaluation logic template to create a new PAC file, initializing a local circuit proxy at the client device; registering the new PAC file to enable redirection of Virtual Private Network (VPN) resource access requests; receiving a request to access a first resource at the first resource server in the computer network; evaluating the request to access the first resource at the first resource server in the computer network via execution of the logic associated with the evaluation logic template included in the new PAC file to determine whether the request includes the identified spoofed address; and
processing the evaluated request,wherein the processing of the evaluated request when the evaluated request includes the identified spoofed address includes; providing the identified spoofed address to the local circuit proxy at the client device for accessing the first resource at the first resource server in the computer network via a VPN connection based on the new PAC file that enables the redirection of the VPN resource access requests, wherein the identified spoofed address is mapped to a second address in the computer network that corresponds to the first resource at the first resource server in the computer network; and forwarding the evaluated request to a server associated with the second address in the computer network according to the redirection rule mapping of the identified spoofed address to the second address, wherein the evaluated request is forwarded by the local circuit proxy at the client device over the computer network to the server associated with the second address in the computer network, and the first resource is accessed from the server in the computer network according to the redirection rule via the VPN connection based on the forwarded evaluated request; and
wherein the processing of the evaluated request when the evaluated request does not include the identified spoofed address includes;matching a resource identifier referenced in the evaluated request against an address rule list, and redirecting the evaluated request via the local circuit proxy of the client device based on the matched resource identifier in the address rule list. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A non-transitory computer readable storage medium having embodied thereon a program that when executed by a processor performs operations comprising:
-
receiving a redirection rule list at a client device from a redirection rule server in a computer network, wherein the redirection rule list includes a redirection rule specifying that resource requests having an identified spoofed address are to be forwarded to a first resource server; sorting the redirection rule list by the client device; obtaining an existing Proxy Auto Configuration (PAC) file and logic associated with an evaluation logic template; merging the sorted redirection rule list, the existing PAC file, and the logic associated with the evaluation logic template to create a new PAC file, initializing a local circuit proxy at the client device; registering the new PAC file to enable redirection of Virtual Private Network (VPN) resource access requests; receiving a request to access a first resource at the first resource server in the computer network; evaluating the request to access the first resource at the first resource server in the computer network via execution of the logic associated with the evaluation logic template included in the new PAC file to determine whether the request includes the identified spoofed address; and
processing the evaluated request,wherein the processing of the evaluated request when the evaluated request includes the identified spoofed address includes; providing the identified spoofed address to the local circuit proxy at the client device for accessing the first resource at the first resource server in the computer network via a VPN connection based on the new PAC file that enables the redirection of the VPN resource access requests, wherein the identified spoofed address is mapped to a second address in the computer network that corresponds to the first resource at the first resource server in the computer network; and forwarding the evaluated request to a server associated with the second address in the computer network according to the redirection rule mapping of the identified spoofed address to the second address, wherein the evaluated request is forwarded by the local circuit proxy at the client device over the computer network to the server associated with the second address in the computer network, and the first resource is accessed from the server in the computer network according to the redirection rule via the VPN connection based on the forwarded evaluated request; and
wherein the processing of the evaluated request when the evaluated request does not include the identified spoofed address includes;matching a resource identifier referenced in the evaluated request against an address rule list, and redirecting the evaluated request via the local circuit proxy of the client device based on the matched resource identifier in the address rule list. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. An apparatus for routing requests to a resource in a computer network, the apparatus comprising:
-
a memory; a computer network interface of a client device that receives a redirection rule list from a redirection rule server in the computer network, wherein the redirection rule list includes a redirection rule specifying that resource requests having an identified spoofed address are to be forwarded to a first resource server; a user interface that receives a request to access a first resource at the first resource server in the computer network; a processor of the client device, wherein the processor of the client device; sorts the redirection rule list received by the computer network interface of the client device, obtains an existing Proxy Auto Configuration (PAC) file and logic associated with an evaluation logic template, merges the sorted redirection rule list, the existing PAC file, and the logic associated with the evaluation logic template to create a new PAC file, initializes a local circuit proxy at the client device, registers the new PAC file to enable redirection of Virtual Private Network (VPN) resource access requests, performs evaluation of the request to access the first resource at the first resource server in the computer network received by the user interface via execution of the logic associated with the evaluation logic template included in the new PAC file, and determines whether the request includes the identified spoofed address, and processes the evaluated request, wherein when the evaluated request includes the identified spoofed address, the processor provides the identified spoofed address to the local circuit proxy at the client device for accessing the first resource at the first resource server in the computer network via a VPN connection, accesses the redirection rule list based on the new PAC file that enables the redirection of the VPN resource access requests, identifies that the redirection rule list maps the identified spoofed address to a second address that corresponds to the first resource at the first resource server in the computer network, and forwards the evaluated request to a server associated with the second address in the computer network according to the redirection rule mapping of the identified spoofed address to the second address, wherein the evaluated request is forwarded by the local circuit proxy at the client device over the computer network to the server associated with the second address in the computer network, and the first resource is accessed from the server in the computer network according to the redirection rule via the VPN connection based on the forwarded evaluated request, and wherein when the evaluated request does not include the spoofed address, the processor matches a resource identifier referenced in the evaluated request against an address rule list, and redirects the evaluated request via the local circuit proxy of the client device based on the matched resource identifier in the address rule list. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeSonicWALL US Holdings, Inc. (SonicWall Holdings Ltd.)
-
Original AssigneeSonicWALL, Inc. (SonicWall Holdings Ltd.)
-
InventorsHopen, Chris, Sauve, Bryan, Hoover, Paul, Perry, Bill
-
Primary Examiner(s)BEHESHTI SHIRAZI, SAYED ARESH
-
Application NumberUS15/180,329Publication NumberTime in Patent Office736 DaysField of SearchUS Class CurrentCPC Class CodesG06F 21/6218 to a system of files or obj...H04L 12/4641 Virtual LANs, VLANs, e.g. v...H04L 45/14 Routing performance; Theore...H04L 47/70 Admission control; Resource...H04L 61/5007 Internet protocol [IP] addr...H04L 63/0272 Virtual private networksH04L 63/029 Firewall traversal, e.g. tu...H04L 63/10 for controlling access to d...H04L 63/101 Access control lists [ACL]H04L 67/63 Routing a service request d...
