Walled garden system for providing access to one or more websites that incorporate content from other websites and method thereof
First Claim
1. A walled garden system for providing access from user devices to one or more websites specified on a cleared sites list, the cleared sites list having one or more hostname descriptors, the walled garden system comprising:
- a firewall device having rules associated with a cleared internet protocol (IP) list including one or more cleared IP addresses corresponding to websites on the cleared sites list, wherein the cleared sites list contains a list of external websites accessible by a user and specified by either IP addresses or hostnames;
the firewall device for permitting direct transfer of only cleared hypertext transfer protocol (HTTP) requests from a user device, wherein each of the cleared HTTP requests is to a cleared destination IP address that matches one of the cleared IP addresses; and
a controller for examining non-cleared HTTP requests from the user device, wherein each of the non-cleared HTTP requests is to a non-cleared destination IP address that does not match one of the cleared IP addresses,the controller for acting as a transparent proxy between the user device and a non-cleared destination IP address of a non-cleared HTTP request when any of a destination host header and a referrer header of the non-cleared HTTP request matches a hostname descriptor of the cleared sites list, andthe controller for blocking the non-cleared HTTP request when neither of the destination host header nor the referrer header of the non-cleared HTTP request matches a hostname descriptor of the cleared sites list;
wherein the controller is further configured to;
add, with a first expiry setting, the destination IP address of the non-cleared HTTP request to the cleared IP addresses of the firewall device when the destination host header of the non-cleared HTTP request matches a hostname descriptor of the cleared sites list; and
add, with a second expiry setting, the destination IP address of the non-cleared HTTP request to the cleared IP addresses of the firewall device when only the referrer header of the non-cleared HTTP request matches a hostname descriptor of the cleared sites list.
4 Assignments
0 Petitions
Accused Products
Abstract
A cleared sites list includes one or more hostname descriptors. A firewall includes rules associated with a cleared IP list including cleared IP addresses, and permits transfer of a cleared HTTP request from a user device to a cleared destination IP address that matches one of the cleared IP addresses. A controller examines a non-cleared HTTP request from the user device to a non-cleared destination IP address that does not match one of the cleared IP addresses, and acts as a transparent proxy between the user device and the non-cleared destination IP address when a destination host header of the non-cleared HTTP request matches a hostname descriptor of the cleared sites list. The controller further acts as a transparent proxy between the user device and the non-cleared destination IP address when a referrer header of the non-cleared HTTP request matches a hostname descriptor of the cleared sites list.
28 Citations
16 Claims
-
1. A walled garden system for providing access from user devices to one or more websites specified on a cleared sites list, the cleared sites list having one or more hostname descriptors, the walled garden system comprising:
-
a firewall device having rules associated with a cleared internet protocol (IP) list including one or more cleared IP addresses corresponding to websites on the cleared sites list, wherein the cleared sites list contains a list of external websites accessible by a user and specified by either IP addresses or hostnames; the firewall device for permitting direct transfer of only cleared hypertext transfer protocol (HTTP) requests from a user device, wherein each of the cleared HTTP requests is to a cleared destination IP address that matches one of the cleared IP addresses; and a controller for examining non-cleared HTTP requests from the user device, wherein each of the non-cleared HTTP requests is to a non-cleared destination IP address that does not match one of the cleared IP addresses, the controller for acting as a transparent proxy between the user device and a non-cleared destination IP address of a non-cleared HTTP request when any of a destination host header and a referrer header of the non-cleared HTTP request matches a hostname descriptor of the cleared sites list, and the controller for blocking the non-cleared HTTP request when neither of the destination host header nor the referrer header of the non-cleared HTTP request matches a hostname descriptor of the cleared sites list; wherein the controller is further configured to; add, with a first expiry setting, the destination IP address of the non-cleared HTTP request to the cleared IP addresses of the firewall device when the destination host header of the non-cleared HTTP request matches a hostname descriptor of the cleared sites list; and add, with a second expiry setting, the destination IP address of the non-cleared HTTP request to the cleared IP addresses of the firewall device when only the referrer header of the non-cleared HTTP request matches a hostname descriptor of the cleared sites list. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method in a walled garden system of providing access from user devices to one or more websites specified on a cleared sites list, the cleared sites list having one or more hostname descriptors, the method comprising:
- storing a cleared internet protocol (IP) list including one or more cleared IP addresses corresponding to websites on the cleared sites list, wherein the cleared sites list contains a list of external websites accessible by a user and specified by either IP addresses or hostnames;
permitting direct transfer of only cleared hypertext transfer protocol (HTTP) requests from a user device, wherein each of the cleared HTTP requests is to a cleared destination IP address that matches one of the cleared IP addresses; examining non-cleared HTTP requests from the user device, wherein each of the non-cleared HTTP requests is to a non-cleared destination IP address that does not match one of the cleared IP addresses; transparent proxying between the user device and a non-cleared destination IP address of a non-cleared HTTP request when any of a destination host header and a referrer header of the non-cleared HTTP request matches a hostname descriptor of the cleared sites list; blocking the non-cleared HTTP request when neither of the destination host header nor the referrer header of the non-cleared HTTP request matches a hostname descriptor of the cleared sites list; adding, with a first expiry setting, the destination IP address of the non-cleared HTTP request to the cleared IP addresses when the destination host header of the non-cleared HTTP request matches a hostname descriptor of the cleared sites list; and adding, with a second expiry setting, the destination IP address of the non-cleared HTTP request to the cleared IP addresses when only the referrer header of the non-cleared HTTP request matches a hostname descriptor of the cleared sites list. - View Dependent Claims (10, 11, 12, 13, 14, 15)
- storing a cleared internet protocol (IP) list including one or more cleared IP addresses corresponding to websites on the cleared sites list, wherein the cleared sites list contains a list of external websites accessible by a user and specified by either IP addresses or hostnames;
-
16. A walled garden system for providing access from user devices to one or more websites specified on a cleared sites list, the cleared sites list having one or more hostname descriptors, the walled garden system comprising:
-
a cleared internet protocol (IP) list including one or more cleared IP addresses corresponding to websites on the cleared sites list, wherein the cleared sites list contains a list of external websites accessible by a user and specified by either IP addresses or hostnames; means for permitting direct transfer of only cleared hypertext transfer protocol (HTTP) requests from a user device, wherein each of the cleared HTTP requests is to a cleared destination IP address that matches one of the cleared IP addresses; means for examining non-cleared HTTP requests from the user device, wherein each of the non-cleared HTTP requests is to a non-cleared destination IP address that does not match one of the cleared IP addresses; means for transparent proxying between the user device and a non-cleared destination IP address of a non-cleared HTTP request when any of a destination host header and a referrer header of the non-cleared HTTP request matches a hostname descriptor of the cleared sites list; means for blocking the non-cleared HTTP request when neither of the destination host header nor the referrer header of the non-cleared HTTP request matches a hostname descriptor of the cleared sites list; means for adding, with a first expiry setting, the destination IP address of the non-cleared HTTP request to the cleared IP addresses when the destination host header of the non-cleared HTTP request matches a hostname descriptor of the cleared sites list; and means for adding, with a second expiry setting, the destination IP address of the non-cleared HTTP request to the cleared IP addresses when only the referrer header of the non-cleared HTTP request matches a hostname descriptor of the cleared sites list.
-
Specification