Stateful application firewall
First Claim
Patent Images
1. A method comprising:
- receiving a request for content from an application server by a remote browser, the request corresponding to a session of the remote browser;
at an application firewall located between the application server and the remote browser determining that a Uniform Resource Locator (URL) included in the request is absent from, a list of URL'"'"'s previously sent from the application server in responding to previously received requests;
performing a security evaluation of the request in response to the determining that the URI, is absent from the list, the security evaluation being based on an attribute of the request, the security evaluation being performed by a computer using a processor of the computer; and
processing the request with a particular operation and a plurality of requests with the particular operation, the particular operation being based on the security evaluation of the request, the plurality of requests corresponding to the session of the remote browser and being received subsequent to the receiving of the request.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system to protect web applications from malicious attacks is described. A stateful means of distinguishing between valid (e.g., harmless) and invalid (e.g., harmful) accesses is provided. A request from a content browser for content from an application server is forwarded by a firewall to the application server if it includes a URL that was previously transmitted from the application server. The firewall performs a security evaluation of the request if the URL of the request was not previously transmitted from the application server.
-
Citations
12 Claims
-
1. A method comprising:
-
receiving a request for content from an application server by a remote browser, the request corresponding to a session of the remote browser; at an application firewall located between the application server and the remote browser determining that a Uniform Resource Locator (URL) included in the request is absent from, a list of URL'"'"'s previously sent from the application server in responding to previously received requests; performing a security evaluation of the request in response to the determining that the URI, is absent from the list, the security evaluation being based on an attribute of the request, the security evaluation being performed by a computer using a processor of the computer; and processing the request with a particular operation and a plurality of requests with the particular operation, the particular operation being based on the security evaluation of the request, the plurality of requests corresponding to the session of the remote browser and being received subsequent to the receiving of the request. - View Dependent Claims (2, 3, 12)
-
-
4. A non-transitory machine-readable medium embodying instructions which, when executed by one or more processors of a machine, cause the machine to perform operations comprising:
-
receiving a request for content from an application server by a remote browser, the request corresponding to a session of the remote browser; at an application firewall located between the application server and the remote browser, determining that a Uniform Resource Locator (URL) included in the request is absent from the list of URL'"'"'s previously sent from the application server in responding to previously received requests; performing a security evaluation of the request in response to the determining that the URL is absent from the list, the security evaluation being based on an attribute of the request; processing the request with a particular operation and a plurality of subsequent requests with the particular operation, the particular operation being based on the security evaluation, the plurality of subsequent requests corresponding to the session of the remote browser and being received subsequent to the receiving of the request. - View Dependent Claims (6, 7)
-
-
5. A method comprising:
-
maintaining a list of Uniform Resource Locators (URL'"'"'s), the URL'"'"'s being previously sent from an application server in responding to previously received requests; receiving a Hyper Text Transfer Protocol (HTTP) request from a remote browser to access the application server, the HTTP request corresponding to a session of the remote browser; at an application firewall located between the application server and the remote browser, determining that a URL included in the HTTP request is absent from the list of URL'"'"'s previously sent from the application server; performing a security evaluation of the HTTP request in response to the determining that the URL is absent from the list, the security evaluation being based on an attribute of the HTTP request, the security evaluation being performed by a computer using a processor of the computer; and processing the HTTP request with a particular operation and a subsequent plurality of requests with the particular operation, the particular operation being based on the security evaluation of the HTTP request, the subsequent plurality of requests corresponding to the session of the remote browser and being received subsequent to the receiving of the HTTP request.
-
-
8. A non-transitory machine-readable medium embodying instructions which, when executed by one or more processors of a machine, cause the machine to perform operations comprising:
-
maintaining a list of URL'"'"'s, the URL'"'"'s being previously sent from an application server in responding to previously received requests; receiving an HTTP request from a remote browser to access the application server, the HTTP request corresponding to a session of the remote browser; at an application firewall located between the application server and the remote browser, determining that a URL included in the HTTP request is absent from the list of URL'"'"'s previously sent from the application server; performing a security evaluation of the HTTP request in response to the determining that the URL is absent from the list, the security evaluation being based on an attribute of the HTTP request; and processing the HTTP request with a particular operation and a subsequent plurality of requests with the particular operation, the particular operation being based on the security evaluation of the HTTP request, the subsequent plurality of requests corresponding to the session of the remote browser and being received subsequent to the receiving of the HTTP request.
-
-
9. An application firewall system comprising:
a processor coupled to communicate with a content browser and coupled to communicate with an application server, wherein the processor is configured to; maintain a list of Uniform Resource Locators (URL'"'"'s), the URL'"'"'s being previously sent from the application server in responding to previously received requests; receive an HTTP request from a remote browser to access the application server, the HTTP request corresponding to a session of the remote browser; determine that a URL included in the HTTP request is absent from the list of URL'"'"'s; perform a security evaluation of the HTTP request in response to the determining that the URL is absent from the list, the security evaluation being based on an attribute of the HTTP request; and process the HTTP request with a particular operation and a plurality of requests with the particular operation, the particular operation being based on the security evaluation of the HTTP request, the plurality of requests corresponding to the session of the remote browser and being received subsequent to the receiving of the HTTP request. - View Dependent Claims (10)
-
11. A server comprising:
-
a network interface to interface the server to a network; and a processor configured to; maintain a list of Uniform Resource Locators (URL'"'"'s), the URL'"'"'s being previously sent from the application server in responses to previously received requests; receive a Hyper Text Transfer Protocol (HTTP) request from a remote browser to access the application server, the HTTP request corresponding to a session of the remote browser; at an application firewall located between the application server and the remote browser, determine that a URL included in the HTTP request is absent from the list of URL'"'"'s; perform a security evaluation of the HTTP request in response to the determining that the URL is absent from the list, the security evaluation being based on an attribute of the HTTP request; and process the HTTP request with a particular operation and a plurality of requests with the particular operation, the particular operation being based on the security evaluation of the HTTP request, the plurality of requests corresponding to the session of the remote browser and being received subsequent to the receiving of the HTTP request.
-
Specification