Methods and apparatuses for providing internet-based proxy services

US 8,572,737 B2
Filed: 09/30/2011
Issued: 10/29/2013
Est. Priority Date: 04/01/2010
Status: Active Grant

First Claim

Patent Images

1. A method in a proxy server for providing Internet-based proxy services, the method comprising:

receiving, from a plurality of client devices, a plurality of requests for actions to be performed on identified network resources belonging to a plurality of origin servers, wherein at least some of the plurality of origin servers belong to different domains and are owned by different entities, wherein the proxy server and the plurality of origin servers are owned by different entities, and wherein the plurality of requests are received at the proxy server as a result of Domain Name System (DNS) requests for the different domains returning an IP address of the proxy server;

for each of the plurality of requests, analyzing that request to determine one or more of whether that request itself poses a threat and whether a visitor belonging to the request poses a threat;

blocking each request that itself poses a threat and blocking each request that is received from a visitor that poses a threat; and

transmitting at least some of the plurality of requests that are not either a threat themselves or from a visitor that is a threat to the appropriate origin servers.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A proxy server receives, from multiple visitors of multiple client devices, a plurality of requests for actions to be performed on identified network resources belonging to a plurality of origin servers. At least some of the origin servers belong to different domains and are owned by different entities. The proxy server and the origin servers are also owned by different entities. The proxy server analyzes each request it receives to determine whether that request poses a threat and whether the visitor belonging to the request poses a threat. The proxy server blocks those requests from visitors that pose a threat or in which the request itself poses a threat. The proxy server transmits the requests that are not a threat and is from a visitor that is not a threat to the appropriate origin server.

102 Citations

View as Search Results

12 Claims

1. A method in a proxy server for providing Internet-based proxy services, the method comprising:
- receiving, from a plurality of client devices, a plurality of requests for actions to be performed on identified network resources belonging to a plurality of origin servers, wherein at least some of the plurality of origin servers belong to different domains and are owned by different entities, wherein the proxy server and the plurality of origin servers are owned by different entities, and wherein the plurality of requests are received at the proxy server as a result of Domain Name System (DNS) requests for the different domains returning an IP address of the proxy server;
  
  for each of the plurality of requests, analyzing that request to determine one or more of whether that request itself poses a threat and whether a visitor belonging to the request poses a threat;
  
  blocking each request that itself poses a threat and blocking each request that is received from a visitor that poses a threat; and
  
  transmitting at least some of the plurality of requests that are not either a threat themselves or from a visitor that is a threat to the appropriate origin servers.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, further comprising:
    - responsive to transmitting the at least some of the plurality of requests to the appropriate origin servers, receiving a plurality of responses from those origin servers; and
      
      transmitting at least some of the responses to the appropriate requesting client devices.
  - 3. The method of claim 1, further comprising:
    - for each of the requests that do not pose a threat and are from a visitor that does not pose a threat, performing the following;
      
      determining whether that request originates from a search engine or a web crawler;
      
      for those of the requests that originate from a search engine or a web crawler, performing the following;
      
      responsive to determining that the requested network resource is available in cache, returning the cached requested network resource to the requesting client device without querying the corresponding origin server;
      
      for those of the request that are not originated from a search engine or a web crawler, performing the following;
      
      responsive to determining that the requested network resource is a static file that does not include dynamic content and is available in cache, returning the cached requested network resource to the requesting client device without querying the corresponding origin server.
  - 4. The method of claim 1, wherein analyzing each request to determine whether that request itself poses a threat includes performing one or more of the following:
    - determining whether that request includes a malformed cookie,determining whether that request includes a malformed header,determining whether that request includes a malformed URL (Uniform Resource Locator),determining whether that request includes a URL that contains a known threat signature, andresponsive to determining that the request is a POST request, analyzing content that is to be POSTed to determine whether that content is a threat; and
      
      wherein a request poses a threat when it includes one or more of a malformed cookie, a malformed header, a malformed URL, a URL that contains a known threat signature, and content to be POSTed that is a threat.

5. A proxy server to provide Internet-based proxy services, the proxy server comprising:
- a memory to store instructions;
  
  a processor coupled with the memory to process the stored instructions to;
  
  receive, from a plurality of client devices, a plurality of requests for actions to be performed on identified network resources belonging to a plurality of origin servers, wherein at least some of the plurality of origin servers belong to different domains and are owned by different entities, wherein the proxy server and the plurality of origin servers are owned by different entities, and wherein the plurality of requests are received at the proxy server as a result of Domain Name System (DNS) requests for the different domains returning an IP address of the proxy server;
  
  for each of the plurality of requests, analyze that request to determine one or more of whether that request itself poses a threat and whether a visitor belonging to the request poses a threat;
  
  block each request that itself poses a threat and blocking each request that is received from a visitor that poses a threat; and
  
  transmit at least some of the plurality of requests that are not either a threat themselves or from a visitor that is a threat to the appropriate origin servers.
- View Dependent Claims (6, 7, 8)
- - 6. The proxy server of claim 5, wherein the processor is further to process the stored instructions to:
    - responsive to transmission of the at least some of the plurality of requests to the appropriate origin servers, receive a plurality of responses from those origin servers; and
      
      transmit at least some of the responses to the appropriate requesting client devices.
  - 7. The proxy server of claim 5, wherein the processor is further to process the stored instructions to:
    - for each of the requests that do not pose a threat and are from a visitor that does not pose a threat, perform the following;
      
      determine whether that request originates from a search engine or a web crawler;
      
      for those of the requests that originate from a search engine or a web crawler, perform the following;
      
      responsive to a determination that the requested network resource is available in cache, return the cached requested network resource to the requesting client device without querying the corresponding origin server;
      
      for those of the request that are not originated from a search engine or a web crawler, performing the following;
      
      responsive to a determination that the requested network resource is a static file that does not include dynamic content and is available in cache, return the cached requested network resource to the requesting client device without querying the corresponding origin server.
  - 8. The proxy server of claim 5, wherein analyzing each request to determine whether that request itself poses a threat includes the processor to perform one or more of the following:
    - determine whether that request includes a malformed cookie,determine whether that request includes a malformed header,determine whether that request includes a malformed URL (Uniform Resource Locator),determine whether that request includes a URL that contains a known threat signature, andresponsive to a determination that the request is a POST request, analyze content that is to be POSTed to determine whether that content is a threat; and
      
      wherein a request poses a threat when it includes one or more of;
      
      a malformed cookie, a malformed header, a malformed URL, a URL that contains a known threat signature, and content to be POSTed that is a threat.

9. A non-transitory machine-readable storage medium that provides instructions that, when executed by a processor, cause said processor to perform operations comprising:
- receiving, from a plurality of client devices, a plurality of requests for actions to be performed on identified network resources belonging to a plurality of origin servers, wherein at least some of the plurality of origin servers belong to different domains and are owned by different entities, wherein the proxy server and the plurality of origin servers are owned by different entities, and wherein the plurality of requests are received at the proxy server as a result of Domain Name System (DNS) requests for the different domains returning an IP address of the proxy server;
  
  for each of the plurality of requests, analyzing that request to determine one or more of whether that request itself poses a threat and whether a visitor belonging to the request poses a threat;
  
  blocking each request that itself poses a threat and blocking each request that is received from a visitor that poses a threat; and
  
  transmitting at least some of the plurality of requests that are not either a threat themselves or from a visitor that is a threat to the appropriate origin servers.
- View Dependent Claims (10, 11, 12)
- - 10. The non-transitory machine-readable storage medium of claim 9, further comprising:
    - responsive to transmitting the at least some of the plurality of requests to the appropriate origin servers, receiving a plurality of responses from those origin servers; and
      
      transmitting at least some of the responses to the appropriate requesting client devices.
  - 11. The non-transitory machine-readable storage medium of claim 9, further comprising:
    - for each of the requests that do not pose a threat and are from a visitor that does not pose a threat, performing the following;
      
      determining whether that request originates from a search engine or a web crawler;
      
      for those of the requests that originate from a search engine or a web crawler, performing the following;
      
      responsive to determining that the requested network resource is available in cache, returning the cached requested network resource to the requesting client device without querying the corresponding origin server;
      
      for those of the request that are not originated from a search engine or a web crawler, performing the following;
      
      responsive to determining that the requested network resource is a static file that does not include dynamic content and is available in cache, returning the cached requested network resource to the requesting client device without querying the corresponding origin server.
  - 12. The non-transitory machine-readable storage medium of claim 9, wherein analyzing each request to determine whether that request itself poses a threat includes performing one or more of the following:
    - determining whether that request includes a malformed cookie,determining whether that request includes a malformed header,determining whether that request includes a malformed URL (Uniform Resource Locator),determining whether that request includes a URL that contains a known threat signature, andresponsive to determining that the request is a POST request, analyzing content that is to be POSTed to determine whether that content is a threat; and
      
      wherein a request poses a threat when it includes one or more of a malformed cookie, a malformed header, a malformed URL, a URL that contains a known threat signature, and content to be POSTed that is a threat.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CloudFlare Incorporated
Original Assignee
CloudFlare Incorporated
Inventors
Holloway, Lee Hahn, Prince, Matthew Browning, Pye, Ian Gerald, Tourne, Matthieu Philippe Franois, Zatlyn, Michelle Marie
Primary Examiner(s)
LEWIS, LISA C

Application Number

US13/251,001
Publication Number

US 20120023090A1
Time in Patent Office

760 Days
Field of Search

726 22- 24, 705 51- 54, 713189-194, 717168-178
US Class Current

726/23
CPC Class Codes

G06F 15/16   Combinations of two or more...

G06F 16/95   Retrieval from the web

G06F 16/958   Organisation or management ...

G06F 21/00   Security arrangements for p...

G06F 21/552   involving long-term monitor...

G06F 40/14   Tree-structured documents p...

G06F 40/143   Markup, e.g. Standard Gener...

G06Q 10/107   Computer-aided management o...

G06Q 30/0241   Advertisements

G06Q 30/0251   Targeted advertisements

G06Q 30/0277   Online advertisement

H04L 47/745   Reaction in network

H04L 51/42   Mailbox-related aspects, e....

H04L 61/4511   using domain name system [DNS]

H04L 61/5007   Internet protocol [IP] addr...

H04L 61/59   using proxies for addressing

H04L 63/0236   Filtering by address, proto...

H04L 63/0245   Filtering by information in...

H04L 63/0254   Stateful filtering

H04L 63/0281   Proxies

H04L 63/083 : using passwords cryptograph...

H04L 63/0861 : using biometrical features,...

H04L 63/102 : Entity profiles

H04L 63/126 : the source of the received ...

H04L 63/1416 : Event detection, e.g. attac...

H04L 63/1433 : Vulnerability analysis

H04L 63/1441 : Countermeasures against mal...

H04L 63/1458 : Denial of Service

H04L 63/1466 : Active attacks involving in...

H04L 67/02 : based on web technology, e....

H04L 67/146 : Markers for unambiguous ide...

H04L 67/56 : Provisioning of proxy servi...

H04L 67/561 : Adding application-function...

H04L 67/568 : Storing data temporarily at...

H04L 69/40 : for recovering from a failu...

View All

Methods and apparatuses for providing internet-based proxy services

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

102 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatuses for providing internet-based proxy services

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

102 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links