Content request rate limiting in a content delivery system

US 10,084,800 B2
Filed: 12/11/2015
Issued: 09/25/2018
Est. Priority Date: 08/31/2012
Status: Active Grant

First Claim

Patent Images

1. One or more non-transitory computer readable media having stored thereon program instructions executable by a content delivery node, that when executed by the content delivery node, direct the content delivery node to:

cache content from an origin server in order to act as a proxy for the origin server;

monitor requests for content transferred by at least an end user device to detect when the requests comprise an attack on the content delivery node;

responsive to detecting the attack on the content delivery node, establish a rate limit in the content delivery node on at least the requests for the content associated with the end user device;

transfer an indication of the attack comprising the rate limit for delivery to another content delivery node that directs the other content delivery node to apply the rate limit to further requests for the content before the further requests are received by the other content delivery node.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods, and software for operating a content delivery node to monitor requests for content transferred by at least an end user device to detect when the requests comprise an attack on the content delivery node. Responsive to detecting the attack on the content delivery node, the content delivery node establishes a rate limit in the content delivery node on at least the requests for the content associated with the end user device, and transfers an indication of the attack comprising the rate limit for delivery to another content delivery node that directs the other content delivery node to apply the rate limit to further requests for the content before the further requests are received by the other content delivery node.

14 Citations

20 Claims

1. One or more non-transitory computer readable media having stored thereon program instructions executable by a content delivery node, that when executed by the content delivery node, direct the content delivery node to:
- cache content from an origin server in order to act as a proxy for the origin server;
  
  monitor requests for content transferred by at least an end user device to detect when the requests comprise an attack on the content delivery node;
  
  responsive to detecting the attack on the content delivery node, establish a rate limit in the content delivery node on at least the requests for the content associated with the end user device;
  
  transfer an indication of the attack comprising the rate limit for delivery to another content delivery node that directs the other content delivery node to apply the rate limit to further requests for the content before the further requests are received by the other content delivery node.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The one or more non-transitory computer readable media of claim 1, having further instructions stored thereon, that when executed by the content delivery node, direct the content delivery node to:
    - receive a further indication of the attack comprising a modified rate limit from at least the other content delivery node; and
      
      modify the rate limit in the content delivery node based at least on the modified rate limit in the further indication of the attack.
  - 3. The one or more non-transitory computer readable media of claim 2, having further instructions stored thereon, that when executed by the content delivery node, direct the content delivery node to:
    - compare a network address associated with the end user device against a network address included in the further indication of the attack to modify the rate limit in the content delivery node.
  - 4. The one or more non-transitory computer readable media of claim 1, wherein the attack comprises a denial of service (DoS) attack.
  - 5. The one or more non-transitory computer readable media of claim 1, having further instructions stored thereon, that when executed by the content delivery node, direct the content delivery node to:
    - establish a request response rate slower than a rate of receipt of the requests for the content to establish the rate limit.
  - 6. The one or more non-transitory computer readable media of claim 1, having further instructions stored thereon, that when executed by the content delivery node, direct the content delivery node to:
    - establish a request response rate slower than a rate of receipt of the requests received from the end user device to establish the rate limit.
  - 7. The one or more non-transitory computer readable media of claim 1, having further instructions stored thereon, that when executed by the content delivery node, direct the content delivery node to:
    - withhold response to the requests received from the end user device to establish the rate limit.

8. A method of operating a content delivery node, the method comprising:
- caching content from an origin server in order to act as a proxy for the origin server;
  
  in at least one processing device, monitoring requests for content transferred by at least an end user device to determine when the requests comprise an attack on the content delivery node;
  
  responsive to the attack on the content delivery node, in the at least one processing device, establishing a rate limit in the content delivery node on at least the requests for the content associated with the end user device and transferring an indication of the attack comprising the rate limit for delivery to at least another content delivery node that directs the other content delivery node to apply the rate limit for further requests for the content before the further requests are received by the other content delivery node.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, wherein the rate limit further directs the other content delivery node to transfer the indication of the attack for delivery to at least one further content delivery node.
  - 10. The method of claim 8, wherein the attack comprises a denial of service (DoS) attack.
  - 11. The method of claim 8, wherein establishing the rate limit comprises establishing a content request response rate slower than a rate of receipt of the requests for the content.
  - 12. The method of claim 8, wherein establishing the rate limit comprises establishing a content request response rate slower than a rate of receipt of the requests only received from the end user device.
  - 13. The method of claim 8, wherein establishing the rate limit comprises withholding response to the requests received from the end user device.
  - 14. The method of claim 8, further comprising:
    - receiving a further indication of the attack transferred by the other content delivery node which includes a second network address associated with the end user device that is different than a first network address of the end user device included in the indication of the attack, and modifying the rate limit in the content delivery node based at least on the second network address of the end user device.

15. A content delivery system with one or more cache nodes that cache content for delivery to end users, the content delivery system comprising:
- a first cache node that caches the content for delivery to the end users configured to monitor requests received from at least an end user device for the content to determine when the requests comprise an attack on the first cache node;
  
  responsive to the attack on the first cache node, the first cache node configured to establish a rate limit on at least the requests received for the content by the first cache node and transfer an indication of the attack comprising the rate limit for delivery to at least a second cache node that caches the content;
  
  responsive to receiving the indication of the attack, the second cache node configured to apply in the second cache node the rate limit for further content requests received for the content at the second cache node before the further content requests are received by the second cache node.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The content delivery system of claim 15, comprising:
    - the second cache node configured to transfer the indication of the attack for delivery to at least one further cache node that caches the content.
  - 17. The content delivery system of claim 15, comprising:
    - the first cache node configured to establish a content request response rate slower than a rate of receipt of the requests for the content to establish the rate limit.
  - 18. The content delivery system of claim 15, comprising:
    - the first cache node configured to establish a content request response rate slower than a rate of receipt of the requests only received from the end user device to establish the rate limit.
  - 19. The content delivery system of claim 15, comprising:
    - the first cache node configured to withhold response to the requests received from the end user device to establish the rate limit.
  - 20. The content delivery system of claim 15, comprising:
    - the first cache node configured to receive a further indication of the attack transferred by the second cache node which includes a second network address of the end user device that is different than a first network address of the end user device included in the indication of the attack, and modify the rate limit in the first cache node based at least on the second network address of the end user device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fastly Incorporated
Original Assignee
Fastly Incorporated
Inventors
Bergman, Artur, McMullen, Tyler
Primary Examiner(s)
Rahim, Monjour

Application Number

US14/966,667
Publication Number

US 20160099958A1
Time in Patent Office

1,019 Days
Field of Search

726 23
US Class Current
CPC Class Codes

H04L 63/1416 Event detection, e.g. attac...

H04L 63/1458 Denial of Service

Content request rate limiting in a content delivery system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

14 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Content request rate limiting in a content delivery system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links