Firewall with two-phase filtering
First Claim
1. A computer-implemented method for at least a firewall comprising:
- filtering a request in a first phase to verify only that the request is pursuant to a supported protocol;
that a command of the request is allowable;
that a length of the request does not exceed an allowable maximum for the command of the request;
that characters of the request are of an allowable type; and
, upon verification by filtering the request in the first phase, filtering the request in a second phase particular to the supported protocol to which the request is pursuant to verify at least one of;
a source, a destination, and content of the request relative to the supported protocol to which the request is pursuant;
upon verification by filtering the request in the second phase, passing the request;
otherwise, denying the requests; and
otherwise, denying the request.
3 Assignments
0 Petitions
Accused Products
Abstract
Two-phase filtering for a firewall is disclosed. In the first, general phase, a request is filtered to verify one or more of: that the request is pursuant to a supported protocol, that a command of the request is allowed, that the length of the request does not exceed the allowed maximum for the command, and that characters of the request are of an allowable type. Upon first-phase verification, a second phase is invoked that is particular to the protocol of the request. In the second, specialized phase, the request is filtered to verify one or more of the source, the destination, and the content of the request. Upon second-phase verification, the request is allowed to pass. If either first-or second-phase verification fails, then the request is denied.
43 Citations
4 Claims
-
1. A computer-implemented method for at least a firewall comprising:
-
filtering a request in a first phase to verify only that the request is pursuant to a supported protocol;
that a command of the request is allowable;
that a length of the request does not exceed an allowable maximum for the command of the request;
that characters of the request are of an allowable type; and
,upon verification by filtering the request in the first phase, filtering the request in a second phase particular to the supported protocol to which the request is pursuant to verify at least one of;
a source, a destination, and content of the request relative to the supported protocol to which the request is pursuant;
upon verification by filtering the request in the second phase, passing the request;
otherwise, denying the requests; and
otherwise, denying the request.
-
-
2. A machine-readable method having instructions stored thereon for execution by a processor to perform a method for at least a firewall comprising:
-
filtering a request in a first phase to verify only that the request is pursuant to a supported protocol;
that a command of the request is allowable;
that a length of the request does not exceed an allowable maximum for the command of the request;
that characters of the request are of an allowable type;
upon verification by filtering the request in the first phase, filtering the request in a second phase particular to the supported protocol to which the request is pursuant to verify at least one of;
a source, a destination, and content of the request relative to the supported protocol to which the request is pursuant;
upon verification by filtering the request in the second phase, passing the request;
otherwise, denying the request; and
,otherwise, denying the request.
-
-
3. A computerized system comprising:
-
a first phase filtering mechanism designed to verify only that a request is pursuant to a supported protocol;
that a command of the request is allowable;
that a length of the request does not exceed an allowable maximum for the command of the request;
that characters of the request are of an allowable type; and
at least one second phase filtering mechanism, each mechanism particular to a different supported protocol and designed to verify at least one of;
a source, a destination, and content of the request relative to the supported protocol to which the mechanism is particular,wherein the first phase filtering mechanism upon verification is to pass the request to a second phase filtering mechanism particular to the supported protocol to which the request is pursuant.
-
-
4. A computerized system comprising:
-
first means for verifying that a request is pursuant to a supported protocol;
that a command of the request is allowable;
that a length of the request does not exceed an allowable maximum for the command of the request;
that characters of the request are of an allowable type; and
,at least one second means, each second means particular to a different supported protocol and for verifying at least one of;
a source, a destination, and content of the request relative to the supported protocol to which the means is particular,wherein the first means upon verification passes the request to a second means particular to the supported protocol to which the request is pursuant; and
,otherwise, denying the request.
-
Specification