Network access control using network address translation
First Claim
1. A method of controlling at a gateway computing device access of a client machine to a desired resource hosted on a destination server, the desired resource being of at least one material type selected from the group including audible materials, readable materials, and viewable materials, comprising:
- at the gateway computing device receiving handshaking packets from the client machine having as a destination address the destination server;
redirecting network communications at the gateway computing device, including;
redirecting the entirety of each of the handshaking packets by rewriting the destination address in the handshaking packets'"'"' IP headers to route the packets to an access controlling web server that is remote from the client, the gateway, and the destination server;
receiving a content request packet from the client machine at the gateway destined for the destination server intended to retrieve the desired resource from the destination server; and
at the gateway redirecting the content request packet in its entirety by rewriting the destination address in the packet IP header to route the packet to the access controlling web server;
receiving a response at the gateway from the access controlling web server; and
at the gateway, controlling access of the client machine to the desired resource based on the response from the access controlling web server, including refusing the client machine access to the desired resource if the response from the access controlling web server indicates that the client should not have access to the desired resource and granting the client machine access to the desired resource if the response from the access controlling web server indicates that the client should have access to the desired resource.
3 Assignments
0 Petitions
Accused Products
Abstract
An improved network content filtering system and method utilize the network address translation functionality of a shared network connection to redirect outgoing packets from a client intended for a destination web server to an access controlling web server instead. Before a session to the destination web server is established, the access controlling web server either approves or refuses the connection, providing a content filtering mechanism. If the connection is refused, the access controlling web server may substitute other content for a filtered URL. In order to identify the client, the shared connection may additionally embed an identifier token in the redirected traffic, so as to customize the filtering action or to facilitate billing functions.
-
Citations
32 Claims
-
1. A method of controlling at a gateway computing device access of a client machine to a desired resource hosted on a destination server, the desired resource being of at least one material type selected from the group including audible materials, readable materials, and viewable materials, comprising:
-
at the gateway computing device receiving handshaking packets from the client machine having as a destination address the destination server; redirecting network communications at the gateway computing device, including; redirecting the entirety of each of the handshaking packets by rewriting the destination address in the handshaking packets'"'"' IP headers to route the packets to an access controlling web server that is remote from the client, the gateway, and the destination server; receiving a content request packet from the client machine at the gateway destined for the destination server intended to retrieve the desired resource from the destination server; and at the gateway redirecting the content request packet in its entirety by rewriting the destination address in the packet IP header to route the packet to the access controlling web server; receiving a response at the gateway from the access controlling web server; and at the gateway, controlling access of the client machine to the desired resource based on the response from the access controlling web server, including refusing the client machine access to the desired resource if the response from the access controlling web server indicates that the client should not have access to the desired resource and granting the client machine access to the desired resource if the response from the access controlling web server indicates that the client should have access to the desired resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer-readable medium having computer-executable instructions for controlling access at a gateway computer of a client to a desired resource hosted on a destination server comprising:
-
receiving handshaking packets at the gateway computer from the client machine having as a destination address an address corresponding to the destination server; redirecting network communications at the gateway computer, including; redirecting the entirety of each of the handshaking packets by rewriting the destination address in the handshaking packets'"'"' IP headers to route the packets to an access controlling web server that is remote from the gateway computer; receiving a content request packet from the client machine destined for the destination server intended to retrieve the desired resource from the destination server; and redirecting the entirety of the content request packet by rewriting the destination address in the packet IP header to route the packet to the access controlling web server; receiving a response at the gateway computer from the access controlling web server; and at the gateway computer controlling access of the client machine to the desired resource based on the response from the access controlling web server by granting access if the response indicates that the client may access the desired resource and denying access if the response indicates that the client may not access the desired resource. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
Specification