Web server intrusion detection method and apparatus
First Claim
Patent Images
1. A method of minimizing web server inappropriate HTTP (hypertext transfer) requests, comprising the steps of:
- comparing an incoming request with a predetermined list; and
refusing a response to requests for files, documents and other signatures included in said predetermined list.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed is an apparatus for enhancing the security of a web server from intrusive attacks in the form of HTTP (hypertext transfer) requests. This is accomplished by comparing an incoming request with a predefined list of attack signatures which may comprise at least files, file categories and IP addresses of known hackers. Action is then taken to reject any requests wherein a positive comparison is determined. Further, the web server is notified of relevant data provided in connection with any rejected request for potential future action in accordance with the severity of potential damage and frequency of rejected requests from a given requestor.
111 Citations
14 Claims
-
1. A method of minimizing web server inappropriate HTTP (hypertext transfer) requests, comprising the steps of:
-
comparing an incoming request with a predetermined list; and
refusing a response to requests for files, documents and other signatures included in said predetermined list.
-
-
2. A web server, comprising:
-
input means for receiving hypertext transfer requests;
a list of documents and files to be protected from export;
detection means for comparing the subject matter of hypertext transfer requests with said list; and
output means for supplying, in response to received hypertext transfer requests, only documents and files that are not part of said list.
-
-
3. A method of preventing the export from a central serving computer, serving a set of network interconnected client devices, of a predetermined set of data files, comprising the steps of:
-
compiling a list of data files to be protected from intrusive served network requests;
comparing received data file requests with said list; and
refusing to supply requested data files comprising a part of said list.
-
-
4. A method of rejecting unauthorized HTTP (hypertext transfer) requests, comprising the steps of:
-
preparing a list of files and file categories to be protected from general access;
intercepting HTTP requests directed to a web server;
comparing an incoming request with said list; and
rejecting requests for files within the scope of said list.
-
-
5. A method of determining HTTP (hypertext transfer) requests to be rejected, comprising the steps of:
-
comparing an incoming HTTP request with a predetermined attack signature list; and
rejecting requests for files within the scope of said list.
-
-
6. A web server, comprising:
-
qualifying means for initially determining inappropriateness of incoming HTTP (hypertext transfer) requests; and
means for fulfilling only those requests determined to be appropriate requests. - View Dependent Claims (7)
-
-
8. A method of minimizing web server inappropriate HTTP (hypertext transfer) requests, comprising the steps of:
-
comparing an incoming request with a predetermined list; and
refusing a response to requests related to signatures included in said predetermined list.
-
-
9. A web server, comprising:
-
input means for receiving hypertext transfer requests;
a list of attack signatures;
comparison means for comparing data included in said hypertext transfer requests with said list; and
output means for rejecting all received hypertext transfer requests comprising a part of said list.
-
-
10. A method of determining HTTP (hypertext transfer) requests to be rejected, comprising the steps of:
-
comparing an incoming HTTP request with an attack signature list; and
rejecting requests within the scope of said list.
-
-
11. A computer program product for determining whether or not a web server computer should honor a given file request, the computer program product having a medium with a computer program embodied thereon, the computer program comprising:
-
computer program code for intercepting incoming HTTP requests upon receipt by the web server computer;
computer program code for comparing incoming HTTP requests with a signature list; and
computer program code for rejecting any requests within the scope of said list. - View Dependent Claims (13, 14)
-
-
12. A computer program product for calculating whether or not a given file request to a web server computer is inappropriate, the computer program product having a medium with a computer program embodied thereon, the computer program comprising:
-
computer program code for comparing an incoming request with a predetermined list; and
computer program code for refusing a response to requests for files, documents and other signatures included in said predetermined list.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsConverse, Kim, Edmark, Ronald O?apos;Neal
-
Application NumberUS09/810,028Publication NumberTime in Patent OfficeDaysField of SearchUS Class Current709/229CPC Class CodesH04L 63/1416 Event detection, e.g. attac...H04L 67/02 based on web technology, e....H04L 69/329 in the application layer [O...
