Method and system for optimally selecting a web firewall in a TCB/IP network

US 6,892,235 B1
Filed: 02/29/2000
Issued: 05/10/2005
Est. Priority Date: 03/05/1999
Status: Expired due to Term

First Claim

Patent Images

1. A method for dynamically selecting a firewall server for a web client, in particular a web browser, in a Transmission Control Protocol/Internet Protocol (TCP/IP) network comprising a plurality of firewall servers, said method comprising the steps of:

measuring performance and availability of each firewall server using measurement probes, including measuring the total response time needed for retrieving from a web server known information, in particular one or a plurality of known web pages, through each firewall server and wherein the step of measuring the total response time comprises the further steps, for each firewall server, of;

starting timing for a given one of said plurality of firewall servers;

establishing a connection with the web server through said given one of said plurality of firewall servers;

retrieving the one or a plurality of known web pages from the web server;

checking that the retrieved one or plurality of web pages contain one or a plurality of known keywords; and

stopping timing for said given one of said plurality of firewall servers; and

dynamically selecting a firewall server according to the performance and availability measurements.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention relies on dynamic autoproxy configuration and more particularly to a method and system for selecting a Proxy/Socks Server according to some response time and availability criteria. It rests on a dynamic autoproxy mechanism using availability and response time probes. It relies on probes retrieving well known HTML pages through each Proxy/Socks Server, measuring associated response time, detecting Proxy/Socks failures and degradation of response time. It also uses a CGI (Common Gateway Interface) program for dynamically creating autoproxy code (in a preferred embodiment Javascript code) on an autoproxy URL (Universal resource locator) system for selecting said Proxy/Socks Server.

Citations

14 Claims

1. A method for dynamically selecting a firewall server for a web client, in particular a web browser, in a Transmission Control Protocol/Internet Protocol (TCP/IP) network comprising a plurality of firewall servers, said method comprising the steps of:
- measuring performance and availability of each firewall server using measurement probes, including measuring the total response time needed for retrieving from a web server known information, in particular one or a plurality of known web pages, through each firewall server and wherein the step of measuring the total response time comprises the further steps, for each firewall server, of;
  
  starting timing for a given one of said plurality of firewall servers;
  
  establishing a connection with the web server through said given one of said plurality of firewall servers;
  
  retrieving the one or a plurality of known web pages from the web server;
  
  checking that the retrieved one or plurality of web pages contain one or a plurality of known keywords; and
  
  stopping timing for said given one of said plurality of firewall servers; and
  
  dynamically selecting a firewall server according to the performance and availability measurements.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method according to claim 1 wherein the step of measuring the performance of each firewall server using measurement probes comprises the further step of:
    - comparing each firewall server said measured total response time with previous measured total response times; and
      
      , determining for each firewall the degradation or the amelioration of the measured total response time.
  - 3. The method according to claim 1 wherein the step of measuring the availability of each firewall using measurement probes comprises the further step of:
    - detecting failures on each firewall server; and
      
      , excluding firewall servers in failure from the step of selecting a firewall server.
  - 4. The method of according to claim 1 wherein said firewall server is a proxy server or a socks server.
  - 5. The method according to claim 1 comprising the further steps of:
    - processing performance and availability measurements from a single universal resource locator (URL) system; and
      
      , dynamically creating a configuration file based on the performance and availability measurements, preferably in the Javascript language, on said universal resource locator (URL) system for selecting said firewall server.
  - 6. The method according to claim 5 wherein the step of dynamically creating a configuration file is processed by a common gateway interface (CGI) on said universal resource locator (URL) system.
  - 7. The method according to claim 1 wherein the step of selecting a firewall server comprises the further step of downloading the configuration file from a universal resource locator (URL) system to a web browser.
  - 8. The measured according to claim 7 wherein the steps of measuring performance and availability and of dynamically selecting a firewall server are periodically processed in the universal resource locator (URL) system and the configuration file created by the common gateway interface (CGI) is periodically downloaded to the web client.
  - 9. The method according to claim 1 comprising the further steps of:
    - pre-selecting a backup firewall server in a background process; and
      
      , switching to said backup firewall server in case of failure of the selected firewall server.
  - 10. The method according to claim 1 wherein the step of selecting a firewall server according to performance and availability measurements comprises the further step of selecting the firewall server according to the Internet Protocol (IP) address of the web browser.

11. A program product for dynamically selecting a firewall server for a web client, in particular a web browser, in a Transition Control Protocol/Internet Protocol (TCP/IP) network comprising a plurality of firewall servers, said program product to be executed by a machine to perform a method comprising the steps of:
- programmatically measuring performance and availability of each firewall server using measurement probes, including programmatically measuring the total response time needed for retrieving from a web server known information, in particular one or a plurality of known web pages, through each firewall server and wherein the step of programmatically measuring the total response time comprises the further steps, for each of said plurality of firewalls, of;
  
  starting timing for a given one of said plurality of firewall servers;
  
  programmatically establishing a connection with the web server through said given one of said plurality of firewall servers;
  
  programmatically retrieving the one or a plurality of known web pages from the web server;
  
  programmatically checking that the retrieved one or plurality of web pages contain one or a plurality of known keywords; and
  
  stopping timing for said given one; and
  
  dynamically, using programmatic means, selecting a firewall server according to the performance and availability measurements.
- View Dependent Claims (12, 13, 14)
- - 12. The program product according to claim 11 wherein the step of measuring the performance of each firewall server using measurement probes comprises the further step of:
    - programmatically comparing each firewall server said measured total response time with previous measured total response times; and
      
      , programmatically determining for each firewall the degradation or the amelioration of the measured response time.
  - 13. The program product according to claim 11 wherein the step of measuring the availability of each firewall server using measurement probes comprises the further step of:
    - programmatically detecting failures on each firewall server; and
      
      , programmatically excluding firewall servers in failure from the step of selecting a firewall server.
  - 14. The program product according to claim 11 wherein said firewall server is a proxy server or a socks server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Trend Micro Inc.
Original Assignee
International Business Machines Corporation
Inventors
Daude, Olivier, Forth, Andrew, Hericourt, Olivier
Primary Examiner(s)
Jean, Frantz B.

Application Number

US09/515,780
Time in Patent Office

1,897 Days
Field of Search

709/224, 709/225, 709/226, 709/227, 709/105, 709/104, 709/204, 714/718, 714/815
US Class Current

709/224
CPC Class Codes

H04L 12/2856   Access arrangements, e.g. I...

H04L 41/083   for increasing network speed

H04L 41/0879   Manual configuration throug...

H04L 41/0886   Fully automatic configuration

H04L 43/00   Arrangements for monitoring...

H04L 43/0817   by checking functioning

H04L 43/0852   Delays

H04L 43/12   Network monitoring probes

H04L 63/0218   Distributed architectures, ...

H04L 63/0281   Proxies

H04L 67/1001   for accessing one among a p...

H04L 67/1008   based on parameters of serv...

H04L 67/1021   based on client or server l...

H04L 67/1023   based on a hash applied to ...

H04L 67/1029   using data related to the s...

H04L 67/1036   Load balancing of requests ...

Method and system for optimally selecting a web firewall in a TCB/IP network

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for optimally selecting a web firewall in a TCB/IP network

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links