Preventing HTTP server attacks

US 7,389,354 B1
Filed: 12/11/2000
Issued: 06/17/2008
Est. Priority Date: 12/11/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method for preventing denial of service attacks against Hypertext Transfer Protocol (HTTP) servers, the method comprising:

receiving a HTTP request from a subscriber having an established connection over a first communication network coupled to at least one other communication network, the request including a Universal Resource Locator (URL);

receiving a profile for the subscriber;

filtering the request to determine whether the subscriber is authorized to make the request based upon the profile, the filtering including;

updating a client HTTP request count when the request for the URL is a HTTP GET request or a HTTP POST request; and

applying HTTP server denial of service attack preventative measures when a client HTTP request frequency based on the client HTTP request count exceeds a maximum HTTP request frequency;

andforwarding the request to the at least one other communication network when the subscriber is authorized to make the request.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for preventing denial of service attacks against Hypertext Transfer Protocol (HTTP) servers includes receiving a HTTP request from a subscriber using a first communication network coupled to at least one other communication network, receiving a profile for the subscriber, filtering the request to determine whether the subscriber is authorized to make the request based upon the profile and forwarding the request to the other communication network when the subscriber is authorized to make the request. An apparatus capable of preventing denial of service attacks against HTTP servers includes a profile request generator capable of generating a profile request based upon a HTTP request received from a subscriber using a first communication network, a filter capable of determining whether the request is authorized based upon the requested profile and an authorizer capable of allowing the request to be forwarded on at least one other communication network coupled to the first communication network.

167 Citations

32 Claims

1. A method for preventing denial of service attacks against Hypertext Transfer Protocol (HTTP) servers, the method comprising:
- receiving a HTTP request from a subscriber having an established connection over a first communication network coupled to at least one other communication network, the request including a Universal Resource Locator (URL);
  
  receiving a profile for the subscriber;
  
  filtering the request to determine whether the subscriber is authorized to make the request based upon the profile, the filtering including;
  
  updating a client HTTP request count when the request for the URL is a HTTP GET request or a HTTP POST request; and
  
  applying HTTP server denial of service attack preventative measures when a client HTTP request frequency based on the client HTTP request count exceeds a maximum HTTP request frequency;
  
  andforwarding the request to the at least one other communication network when the subscriber is authorized to make the request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the applying further comprises setting an alarm when the client HTTP request frequency exceeds the maximum HTTP request frequency.
  - 3. The method of claim 2, further comprising sending the alarm to an Internet Service Provider (ISP) associated with the subscriber.
  - 4. The method of claim 1, wherein the applying further comprises dropping the data packet containing the request when the client HTTP request frequency exceeds the maximum HTTP request frequency.
  - 5. The method of claim 1, wherein the applying further comprises shutting down the account used to access the first communication network when the client HTTP request frequency exceeds the maximum HTTP request frequency.
  - 6. The method of claim 5, wherein the applying further comprises disabling HTTP requests for a hold-down period when the client HTTP request frequency exceeds the maximum HTTP request frequency.
  - 7. The method of claim 6, further comprising increasing the hold-down period each time sad the client HTTP request frequency exceeds the maximum HTTP request frequency.
  - 8. The method of claim 7, wherein the hold-down period increases exponentially each time the client HTTP request frequency exceeds the maximum HTTP request frequency.

9. A program storage device readable by a machine, embodying a program of instructions executable by the machine to perform a method to prevent denial of service attacks against Hypertext Transfer Protocol (HTTP) servers, the method comprising:
- receiving a HTTP request from a subscriber having an established connection over a first communication network coupled to at least one other communication network, the request including a Universal Resource Locator (URL);
  
  receiving a profile for the subscriber;
  
  filtering the request to determine whether the subscriber is authorized to make the request based upon the profile, the filtering including;
  
  updating a client HTTP request count when the request for the URL is a HTTP GET request or a HTTP POST request; and
  
  applying HTTP server denial of service attack preventative measures when a client HTTP request frequency based on the client HTTP request count exceeds a maximum HTTP request frequency;
  
  andforwarding the request to the at least one other communication network when the subscriber is authorized to make the request.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The program storage device of claim 9, wherein the applying further comprises setting an alarm when the client HTTP request frequency exceeds the maximum HTTP request frequency.
  - 11. The program storage device of claim 10, further comprising sending the alarm to an Internet Service Provider (ISP) associated with the subscriber.
  - 12. The program storage device of claim 9, wherein the applying further comprises dropping the data packet containing the request when the client HTTP request frequency exceeds the maximum HTTP request frequency.
  - 13. The program storage device of claim 9, wherein the applying further comprises shutting down the account used to access the first communication network when the client HTTP request frequency exceeds the maximum HTTP request frequency.
  - 14. The program storage device of claim 13, wherein the applying further comprises disabling HTTP requests for a hold-down period when the client HTTP request frequency exceeds the maximum HTTP request frequency.
  - 15. The program storage device of claim 14, further comprising increasing the hold-down period each time the client HTTP request frequency exceeds the maximum HTTP request frequency.
  - 16. The program storage device of claim 15, wherein the hold-down period increases exponentially each time the client HTTP request frequency exceeds the maximum HTTP request frequency.

17. An apparatus for preventing denial of service attacks against Hypertext Transfer Protocol (HTTP) servers, the apparatus comprising:
- means for receiving a HTTP request from a subscriber having an established connection over a first communication network coupled to at least one other communication network, the request including a Universal Resource Locator (URL);
  
  means for receiving a profile for the subscriber;
  
  means for filtering to determine whether the subscriber is authorized to make the request based upon the profile, the means for filtering including;
  
  means for updating a client HTTP request count when the request for the URL is a HTTP GET request or a HTTP POST request; and
  
  means for applying HTTP server denial of service attack preventative measures when a client HTTP request frequency based on the client HTTP request count exceeds a maximum HTTP request frequency;
  
  andmeans for forwarding the request to the at least one other communication network when the subscriber is authorized to make the request.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The apparatus of claim 17, wherein the means for applying further comprises means for setting an alarm when the client HTTP request frequency exceeds the maximum HTTP request frequency.
  - 19. The apparatus of claim 18, further comprising means for sending the alarm to an Internet Service Provider (ISP) associated with the subscriber.
  - 20. The apparatus of claim 17, wherein the means for applying further comprises means for dropping the data packet containing the request when the client HTTP request frequency exceeds the maximum HTTP request frequency.
  - 21. The apparatus of claim 17, wherein the means for applying further comprises means for shutting down the account used to access the first communication network when the client HTTP request frequency exceeds the maximum HTTP request frequency.
  - 22. The apparatus of claim 21, wherein the means for applying further comprises means for disabling HTTP requests for a hold-down period when the client HTTP request frequency exceeds the maximum HTTP request frequency.
  - 23. The apparatus of claim 22, further comprising means for increasing the hold-down period each time the client HTTP request frequency exceeds the maximum HTTP request frequency.
  - 24. The apparatus of claim 23, wherein the hold-down period increases exponentially each time the client HTTP request frequency exceeds the maximum HTTP request frequency.

25. An apparatus capable of preventing denial of service attacks against Hypertext Transfer Protocol (HTTP) servers, the apparatus comprising:
- a first receiving interface capable of accepting a HTTP request received from a subscriber having an established connection originating from a first communication network, the request including a Universal Resource Locator (URL);
  
  a profile request generator capable of generating a profile request based upon the HTTP request;
  
  a first forwarding interface capable of sending the profile request to an Authentication, Authorization, and Accounting (AAA) server;
  
  a second receiving interface capable of accepting a requested profile;
  
  a filter capable of determining whether the HTTP request is authorized based upon the requested profile, the filter including;
  
  an updater to update a client HTTP request count when the HTTP request for the URL is a HTTP GET request or a HTTP POST request; and
  
  a responder to apply HTTP server denial of service attack preventative measures when a client HTTP request frequency based on the client HTTP request count exceeds a maximum HTTP request frequency;
  
  an authorizer capable of allowing the HTTP request to be forwarded on at least one other communication network coupled to the first communication network; and
  
  a second forwarding interface capable of forwarding the HTTP request on the at least one other communication network.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32)
- - 26. The apparatus of claim 25, wherein the responder further sets an alarm when the client HTTP request frequency exceeds the maximum HTTP request frequency.
  - 27. The apparatus of claim 26, wherein the responder sends the alarm to an Internet Service Provider (ISP) associated with the subscriber.
  - 28. The apparatus of claim 25, wherein the responder drops the data packet containing the HTTP request when the client HTTP request frequency exceeds the maximum HTTP request frequency.
  - 29. The apparatus of claim 25, wherein sa the responder shuts down the account used to access the first communication network when the client HTTP request frequency exceeds the maximum HTTP request frequency.
  - 30. The apparatus of claim 29, wherein the responder disables HTTP requests for a hold-down period when the client HTTP request frequency exceeds the maximum HTTP request frequency.
  - 31. The apparatus of claim 30, wherein the responder increases the hold-down period each time the client HTTP request frequency exceeds the maximum HTTP request frequency.
  - 32. The apparatus of claim 31, wherein the responder increases the hold-down period exponentially each time the client HTTP request frequency exceeds the maximum HTTP request frequency.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Sitaraman, Aravind, Lou, Shuxian, Zhang, Shujin, Sheth, Purnam Anil
Primary Examiner(s)
PATEL, ASHOKKUMAR B

Application Number

US09/734,952
Time in Patent Office

2,745 Days
Field of Search

709/223, 709/233, 709/234, 709/235, 709/14, 709/225, 709/226, 709/227, 713/201, 713/151, 713154-155, 713/161, 713/164, 713/167, 713/168, 713/189, 713/194, 706/62, 726/13, 726 22- 31, 726/34, 726/35, 370/229, 370/230, 370/230.1, 370232-235
US Class Current

709/229
CPC Class Codes

H04L 63/1458 Denial of Service

Preventing HTTP server attacks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

167 Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

Preventing HTTP server attacks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

167 Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links