Preventing HTTP server attacks
First Claim
1. A method for preventing denial of service attacks against Hypertext Transfer Protocol (HTTP) servers, the method comprising:
- receiving a HTTP request from a subscriber having an established connection over a first communication network coupled to at least one other communication network, the request including a Universal Resource Locator (URL);
receiving a profile for the subscriber;
filtering the request to determine whether the subscriber is authorized to make the request based upon the profile, the filtering including;
updating a client HTTP request count when the request for the URL is a HTTP GET request or a HTTP POST request; and
applying HTTP server denial of service attack preventative measures when a client HTTP request frequency based on the client HTTP request count exceeds a maximum HTTP request frequency;
andforwarding the request to the at least one other communication network when the subscriber is authorized to make the request.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for preventing denial of service attacks against Hypertext Transfer Protocol (HTTP) servers includes receiving a HTTP request from a subscriber using a first communication network coupled to at least one other communication network, receiving a profile for the subscriber, filtering the request to determine whether the subscriber is authorized to make the request based upon the profile and forwarding the request to the other communication network when the subscriber is authorized to make the request. An apparatus capable of preventing denial of service attacks against HTTP servers includes a profile request generator capable of generating a profile request based upon a HTTP request received from a subscriber using a first communication network, a filter capable of determining whether the request is authorized based upon the requested profile and an authorizer capable of allowing the request to be forwarded on at least one other communication network coupled to the first communication network.
167 Citations
32 Claims
-
1. A method for preventing denial of service attacks against Hypertext Transfer Protocol (HTTP) servers, the method comprising:
-
receiving a HTTP request from a subscriber having an established connection over a first communication network coupled to at least one other communication network, the request including a Universal Resource Locator (URL); receiving a profile for the subscriber; filtering the request to determine whether the subscriber is authorized to make the request based upon the profile, the filtering including; updating a client HTTP request count when the request for the URL is a HTTP GET request or a HTTP POST request; and applying HTTP server denial of service attack preventative measures when a client HTTP request frequency based on the client HTTP request count exceeds a maximum HTTP request frequency; and forwarding the request to the at least one other communication network when the subscriber is authorized to make the request. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A program storage device readable by a machine, embodying a program of instructions executable by the machine to perform a method to prevent denial of service attacks against Hypertext Transfer Protocol (HTTP) servers, the method comprising:
-
receiving a HTTP request from a subscriber having an established connection over a first communication network coupled to at least one other communication network, the request including a Universal Resource Locator (URL); receiving a profile for the subscriber; filtering the request to determine whether the subscriber is authorized to make the request based upon the profile, the filtering including; updating a client HTTP request count when the request for the URL is a HTTP GET request or a HTTP POST request; and applying HTTP server denial of service attack preventative measures when a client HTTP request frequency based on the client HTTP request count exceeds a maximum HTTP request frequency; and forwarding the request to the at least one other communication network when the subscriber is authorized to make the request. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. An apparatus for preventing denial of service attacks against Hypertext Transfer Protocol (HTTP) servers, the apparatus comprising:
-
means for receiving a HTTP request from a subscriber having an established connection over a first communication network coupled to at least one other communication network, the request including a Universal Resource Locator (URL); means for receiving a profile for the subscriber; means for filtering to determine whether the subscriber is authorized to make the request based upon the profile, the means for filtering including; means for updating a client HTTP request count when the request for the URL is a HTTP GET request or a HTTP POST request; and means for applying HTTP server denial of service attack preventative measures when a client HTTP request frequency based on the client HTTP request count exceeds a maximum HTTP request frequency; and means for forwarding the request to the at least one other communication network when the subscriber is authorized to make the request. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
-
25. An apparatus capable of preventing denial of service attacks against Hypertext Transfer Protocol (HTTP) servers, the apparatus comprising:
-
a first receiving interface capable of accepting a HTTP request received from a subscriber having an established connection originating from a first communication network, the request including a Universal Resource Locator (URL); a profile request generator capable of generating a profile request based upon the HTTP request; a first forwarding interface capable of sending the profile request to an Authentication, Authorization, and Accounting (AAA) server; a second receiving interface capable of accepting a requested profile; a filter capable of determining whether the HTTP request is authorized based upon the requested profile, the filter including; an updater to update a client HTTP request count when the HTTP request for the URL is a HTTP GET request or a HTTP POST request; and a responder to apply HTTP server denial of service attack preventative measures when a client HTTP request frequency based on the client HTTP request count exceeds a maximum HTTP request frequency; an authorizer capable of allowing the HTTP request to be forwarded on at least one other communication network coupled to the first communication network; and a second forwarding interface capable of forwarding the HTTP request on the at least one other communication network. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32)
-
Specification