Systems and Methods for For Proxying Cookies for SSL VPN Clientless Sessions

US 20090199285A1
Filed: 01/26/2009
Published: 08/06/2009
Est. Priority Date: 01/26/2008
Status: Active Grant

First Claim

Patent Images

1. A method for configuration driven proxying by an intermediary of cookies between one or more servers and one or more clients, the intermediary establishing SSL VPN sessions between the one or more servers and the one or more clients, the method comprising:

(a) receiving, by an intermediary, a response from a server to a request of a client via a clientless SSL VPN session established by the intermediary between the server and the client, the response comprising one or more cookies;

(b) identifying, by the intermediary, an access profile for the clientless SSL VPN session, the access profile identifying one or more policies for proxying cookies; and

(c) determining, by the intermediary responsive to the one or more policies of the access profile, whether to proxy or bypass proxying for the client the one or more cookies.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present application enables the enterprise to configure various policies to address various subsets of the traffic based on various information relating the client, the server, or the details and nature of the interactions between the client and the server. An intermediary deployed between clients and servers may establish an SSL VPN session between a client and a server. The intermediary may receiving a response from a server to a request of a client via the clientless SSL VPN session. The response may comprise one or more cookies. The intermediary may identify an access profile for the clientless SSL VPN session. The access profile may identify one or more policies for proxying cookies. The intermediary may determine, responsive to the one or more policies of the access profile, whether to proxy or bypass proxying for the client the one or more cookies.

115 Citations

View as Search Results

20 Claims

1. A method for configuration driven proxying by an intermediary of cookies between one or more servers and one or more clients, the intermediary establishing SSL VPN sessions between the one or more servers and the one or more clients, the method comprising:
- (a) receiving, by an intermediary, a response from a server to a request of a client via a clientless SSL VPN session established by the intermediary between the server and the client, the response comprising one or more cookies;
  
  (b) identifying, by the intermediary, an access profile for the clientless SSL VPN session, the access profile identifying one or more policies for proxying cookies; and
  
  (c) determining, by the intermediary responsive to the one or more policies of the access profile, whether to proxy or bypass proxying for the client the one or more cookies.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein step (a) further comprising receiving, by the intermediary, the response a client consumed cookie of the one or more cookies, wherein step (b) further comprises the access profile identifying a policy comprising a cookie proxy action for the client consumed cookie, and wherein step (c) further comprises bypassing proxying, by the intermediary, the client consumed cookie responsive to the policy.
  - 3. The method of claim 2, further comprises retaining, by the intermediary, the client consumed cookie in the response forwarded to the client.
  - 4. The method of claim 1, wherein step (a) further comprising receiving, by the intermediary, via the response a server cookie of the one or more cookies and wherein step (c) further comprises proxying by the intermediary the server cookie.
  - 5. The method of claim 4, further comprising removing, by the intermediary, the server cookie from the response and forwarding the response to the client.
  - 6. The method of claim 1, wherein step (c) comprises proxying, by the intermediary, the one or more cookies of the response responsive to determining via the one or more policies that client does not support the one or more cookies.
  - 7. The method of claim 1, wherein step (b) comprises the access profile identifying a policy defining a cookie proxy action for a server consumed cookie of a specified domain name and wherein step (c) comprising modifying, by the intermediary, the response as specified by the action of the policy.
  - 8. The method of claim 1, further comprising identifying, by the intermediary, via the request or the response the access profiled based on identification of a type of application.
  - 9. The method of claim 1, further comprising the access profile identifying a policy comprising a cookie proxy action to bypass proxying a cookie of the one or more cookies based on identification of a user or a group of the user.
  - 10. The method of claim 1, further comprising the access profile identifying a policy to bypass proxying a cookie of the one or more cookies based on identification of a virtual server of the intermediary.
  - 11. The method of claim 1, wherein step (c) further comprises proxying, by the intermediary, the one or more cookies of the response unless the one or more policies of the access profile identify a cookie of the one or more cookies to be bypassed.

12. An intermediary for configuration driven proxying of cookies between one or more servers and one or more clients, the intermediary establishing SSL VPN sessions between the one or more servers and the one or more clients, the intermediary comprising:
- a packet engine for receiving a response from a server to a request of a client via a clientless SSL VPN session established by the intermediary between the server and the client, the response comprising one or more cookies,a policy engine for identifying an access profile for the clientless SSL VPN session, the access profile identifying one or more policies for proxying cookies; and
  
  wherein the intermediary determines responsive to the one or more policies of the access profile whether to proxy or bypass proxying for the client the one or more cookies.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The intermediary of claim 12, wherein the packet engine receives via the response a client consumed cookie of the one or more cookies, the access profile identifies a policy comprising a cookie proxy action for the client consumed cookie, and wherein the intermediary determines to bypass proxying the client consumed cookie responsive to the policy.
  - 14. The intermediary of claim 13, wherein the intermediary retains the client consumed cookie in the response forwarded to the client.
  - 15. The intermediary of claim 12, wherein the packet engine receives via the response a server cookie of the one or more cookies and wherein the intermediary proxies the server cookie responsive to the one or more policies.
  - 16. The intermediary of claim 15, wherein the intermediary removes the server cookie from the response and forwards the response to the client.
  - 17. The intermediary of claim 12, wherein the intermediary proxies the one or more cookies of the response responsive to determining via the one or more policies that client does not support the one or more cookies.
  - 18. The intermediary of claim 12, wherein the policy engine identifies via the access profile a policy of the one or more policies defining a cookie proxy action for a server consumed cookie of a specified domain name and wherein the intermediary modifies the response as specified by the action of the policy.
  - 19. The intermediary of claim 12, wherein the policy engine identifies via the request or the response the access profiled based on identification of a type of application.
  - 20. The intermediary of claim 12, wherein the policy engine identifies via the access profile a policy comprising a cookie proxy action to bypass proxying a cookie of the one or more cookies based on identification of a user or a group of the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Thirunarayanan, Srinivasan, Agarwal, Puneet, Harris, James, Adhya, Saibal Kumar

Granted Patent

US 8,769,660 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/9
CPC Class Codes

H04L 63/0227   Filtering policies mail mes...

H04L 63/0272   Virtual private networks

H04L 63/0281   Proxies

H04L 63/166   at the transport layer

H04L 63/20   for managing network securi...

H04L 67/02   based on web technology, e....

H04L 67/56   Provisioning of proxy servi...

H04L 67/568   Storing data temporarily at...

Systems and Methods for For Proxying Cookies for SSL VPN Clientless Sessions

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

115 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Systems and Methods for For Proxying Cookies for SSL VPN Clientless Sessions

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

115 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others