Method and apparatus for resource locator identifier rewrite
First Claim
1. A method in a network security device comprising:
- receiving from a resource host over a non-secure hypertext transfer protocol (HTTP) session a response to a request received from a client over a secure HTTP session, wherein the response includes a uniform resource locator (URL) that is supposed to be for a resource host, but the URL does not designate a secure resource access protocol and the resource host requires the secure resource access protocol;
locating the URL in the response;
modifying the URL to designate the secure resource access protocol; and
transmitting the response via the secure resource access protocol session to the client.
23 Assignments
0 Petitions
Accused Products
Abstract
A method for resource locator identifier rewrite in which a network security proxy insures that a resource locator identifier of a response indicates a resource access protocol that should govern a corresponding request. A security device receives from a resource host over a non-secure hypertext transfer protocol (HTTP) session a response to a request received from a client over a secure HTTP session. The response includes a uniform resource locator (URL) that is supposed to be for a resource host, but the URL does not designate a secure resource access protocol and the resource host requires the secure resource access protocol. The URL is located in the response and modified to designate the secure resource access protocol. After modification, the response is transmitted via the secure resource access protocol session to the client.
-
Citations
48 Claims
-
1. A method in a network security device comprising:
-
receiving from a resource host over a non-secure hypertext transfer protocol (HTTP) session a response to a request received from a client over a secure HTTP session, wherein the response includes a uniform resource locator (URL) that is supposed to be for a resource host, but the URL does not designate a secure resource access protocol and the resource host requires the secure resource access protocol;
locating the URL in the response;
modifying the URL to designate the secure resource access protocol; and
transmitting the response via the secure resource access protocol session to the client. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method in a network device comprising:
-
determining if a resource locator identifier (RLI) in a response indicates an appropriate request governing resource access protocol, wherein the appropriate request governing resource access protocol is the resource access protocol to govern a request for a resource indicated by the RLI; and
rewriting the RLI to indicate the appropriate request governing resource access protocol if the RLI does not indicate the appropriate request governing resource access protocol. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A method in a network device comprising:
-
modifying a response with a resource locator identifier (RLI) to indicate a first resource access protocol if the RLI indicates a second resource access protocol and the network device has been configured to insure that a request for a resource indicated by the RLI is in accordance with the first resource access protocol; and
transmitting the modified response to a client. - View Dependent Claims (17, 18, 19, 20)
-
-
21. A method in a network security device comprising:
-
receiving a response with a resource locator identifier (RLI) that indicates a first resource access protocol;
determining that the first resource access protocol should not govern a request for a resource indicated by the RLI;
rewriting the RLI to indicate a second resource access protocol that should govern the request;
encapsulating a set of one or more fragments of the response with transport layer information; and
transmitting the encapsulated set of fragments to a client. - View Dependent Claims (22, 23, 24, 25, 26)
-
-
27. A network security device comprising:
-
a set of one or more processors to perform security operations;
a set of one or more interfaces coupled with the set of processors;
a ring buffer to store message data;
a resource access protocol module coupled with the set of processors, the resource access protocol module to, load message data for individual resource access protocol sessions into different buffers of the ring buffer;
scan message data to locate resource locator identifiers (RLI), for each located RLI, determine if the located RLI indicates a resource access protocol that should govern a request for a resource indicated by the located RLI, and for each located RLI that does not indicate the resource access protocol, rewriting the located RLI to indicate the resource access protocol, parse boundaries of the message data;
transmit via one of the set of interfaces the response with transport layer information that indicates a port corresponding to the resource access protocol. - View Dependent Claims (28, 29, 30, 31)
-
-
32. A machine-readable medium that provides instructions, which when executed by a set of one or more processors, cause said set of processors to perform operations comprising:
-
receiving a resource response message;
scanning the resource response message for a set of one or more resource locator identifiers and determining if each of the set of resource locator identifiers indicates a resource access protocol that should govern a request for their indicated resource; and
rewriting those of the set of resource locator identifiers that are determined to not indicate the resource access protocol that should govern a request for their indicated resource to indicate an appropriate request governing resource access protocol. - View Dependent Claims (33, 34, 35, 36, 37)
-
-
38. A machine-readable medium that provides instructions, which when executed by a set of one or more processors, cause said set of processors to perform operations comprising:
-
determining if a resource locator identifier (RLI) in a response indicates an appropriate request governing resource access protocol, wherein the appropriate request governing resource access protocol is the resource access protocol to govern a request for a resource indicated by the RLI; and
rewriting the RLI to indicate the appropriate request governing resource access protocol if the RLI does not indicate the appropriate request governing resource access protocol. - View Dependent Claims (39, 40, 41, 42, 43)
-
-
44. A machine-readable medium that provides instructions, which when executed by a set of one or more processors, cause said set of processors to perform operations comprising:
-
modifying a response with a resource locator identifier (RLI) to indicate a first resource access protocol if the RLI indicates a second resource access protocol and the network device has been configured to insure that a request for a resource indicated by the RLI is in accordance with the first resource access protocol; and
transmitting the modified response to a client. - View Dependent Claims (45, 46, 47, 48)
-
Specification