Stateful application firewall

US 20060059550A1
Filed: 09/08/2005
Published: 03/16/2006
Est. Priority Date: 09/13/2004
Status: Active Grant

First Claim

Patent Images

1. A method of securing a network system comprising:

receiving a request for content from an application server by a remote browser;

at an application firewall located between the application server and the remote browser comparing the request to a list of Uniform Resource Locators (URL'"'"'s) previously sent from the application server;

processing the request if a URL of the request is included in the list; and

performing a security evaluation of the request if the URL of the request is not included in the list.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system to protect web applications from malicious attacks is described. A stateful means of distinguishing between valid (e.g., harmless) and invalid (e.g., harmful) accesses is provided. A request from a content browser for content from an application server is forwarded by a firewall to the application server if it includes a URL that was previously transmitted from the application server. The firewall performs a security evaluation of the request if the URL of the request was not previously transmitted from the application server.

44 Citations

View as Search Results

20 Claims

1. A method of securing a network system comprising:
- receiving a request for content from an application server by a remote browser;
  
  at an application firewall located between the application server and the remote browser comparing the request to a list of Uniform Resource Locators (URL'"'"'s) previously sent from the application server;
  
  processing the request if a URL of the request is included in the list; and
  
  performing a security evaluation of the request if the URL of the request is not included in the list.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1 wherein performing the security evaluation comprises evaluating attributes of the request.
  - 3. The method of claim 2 wherein based upon the security evaluation the request is either blocked from the application server, forwarded to the application server, paused for a predetermined time, or redirected to a different location.
  - 4. A machine-readable medium embodying instructions which, when executed by a machine, cause the machine to perform the method of claim 1.

5. A method of securing an application server comprising:
- maintaining a list of Uniform Resource Locators (URL'"'"'s) sent from the application server;
  
  receiving a Hyper Text Transfer Protocol (HTTP) request from a remote browser to access the application server;
  
  at an application firewall located between the application server and the remote browser comparing the HTTP request to the list of URL'"'"'s; and
  
  forwarding the HTTP request to the application server if the HTTP request contains a URL matching a URL of the list.
- View Dependent Claims (6, 7, 8, 9)
- - 6. The method of claim 5 which further comprises performing a security evaluation of the HTTP request if the URL of the HTTP does not match a URL of the list.
  - 7. The method of claim 6 wherein performing the security evaluation comprises evaluating attributes of the request.
  - 8. The method of claim 7 wherein based upon the security evaluation the request is either blocked from the application server, forwarded to the application server, paused for a predetermined time, or redirected to a different location.
  - 9. A machine-readable medium embodying instructions which, when executed by a machine, cause the machine to perform the method of claim 5.

10. An application firewall comprising:
- a processor coupled to communicate with a content browser and coupled to communicate with an application server, wherein the processor maintains a list of Uniform Resource Locators (URL'"'"'s) sent from the application server, compares an HTTP request communicated from the content browser to the list of URL'"'"'s, and forwards the HTTP request to the application server if the HTTP request contains a URL matching a URL of the list.
- View Dependent Claims (11, 12)
- - 11. The application firewall of claim 10 wherein the processor is shared with the application server.
  - 12. The application firewall of claim 10 wherein the processor further performs a security evaluation of the HTTP request if the URL of the HTTP does not match a URL of the list, wherein the security evaluation comprises evaluating attributes of the request.

13. A method of securing a network system comprising:
- receiving a request for content from an application server;
  
  processing the request if a URL of the request was previously transmitted from the application server; and
  
  performing a security evaluation of the request if the URL of the request was not previously transmitted from the application server.
- View Dependent Claims (14, 15, 16)
- - 14. The method of claim 13 wherein performing the security evaluation comprises evaluating attributes of the request, and either blocks the request from the application server, forwards the request to the application server, pauses the request for a predetermined time, or redirects the request to a different location.
  - 15. The method of claim 14 wherein the attributes of the request comprise at least one of a URL, parameters, source-IP, mime-type, cookie, headers, HTTP-method and a body.
  - 16. A machine-readable medium embodying instructions which, when executed by a machine, cause the machine to perform the method of claim 13.

17. A server comprising:
- a network interface to interface the server to a network; and
  
  a processor to;
  
  maintain a list of Uniform Resource Locators (URL'"'"'s) sent from the application server;
  
  receive a Hyper Text Transfer Protocol (HTTP) request from a remote browser to access the application server;
  
  at an application firewall located between the application server and the remote browser, compare the HTTP request to the list of URL'"'"'s; and
  
  forward the HTTP request to the application server if the HTTP request contains a URL matching a URL of the list.
- View Dependent Claims (18, 19)
- - 18. The server of claim 17 wherein a security evaluation of the HTTP request is performed if the URL of the HTTP does not match a URL of the list.
  - 19. The server of claim 18 wherein performing the security evaluation comprises evaluating attributes of the request.

20. An application firewall comprising:
- means for receiving a request for content from an application server;
  
  means for comparing the request to a list of Uniform Resource Locators (URL'"'"'s) previously sent from the application server;
  
  means for processing the request if a URL of the request is included in the list; and
  
  means for performing a security evaluation of the request if the URL of the request is not included in the list.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Kausik, Balas Natarajan

Granted Patent

US 8,161,538 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/11
CPC Class Codes

G06Q 20/027   involving a payment switch ...

H04L 2463/102   applying security measure f...

H04L 63/0245   Filtering by information in...

H04L 63/145   the attack involving the pr...

Stateful application firewall

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

44 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Stateful application firewall

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links