Systems and methods for integration between application firewall and caching

US 8,578,099 B2
Filed: 06/15/2012
Issued: 11/05/2013
Est. Priority Date: 06/22/2009
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

a) storing, by a device intermediary to a plurality of clients and servers, to a cache a first Hypertext Transfer Protocol (HTTP) response received from a server to a first request of a user;

b) determining, by an application firewall of the device, whether a session cookie is to be inserted into HTTP responses for the user;

c) storing, by the cache responsive to the application firewall, a reserved space in the first HTTP response stored in the cache;

d) generating, by the device responsive to receipt of a second request of the user, a second HTTP response based on the first HTTP response stored in the cache; and

e) inserting, by the device into the reserved space of the second HTTP response generated from the first HTTP response stored in the cache, one of a session cookie or a header comprising cache control information generated by the application firewall.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention is directed towards integrating cache managing and application firewall processing in a networked system. An integrated cache/firewall system comprises an application firewall operating in conjunction with a cache managing system in operation on an intermediary device. The application firewall processes a received HTTP response to a request by a networked entity serviced by the intermediary device. The application firewall generates metadata from the HTTP response and stores the metadata in cache with the HTTP response. When a subsequent request hits in the cache, the metadata is identified to a user session associated with the subsequent request. The application firewall can modify a cache-control header of the received HTTP response, and can alter the cookie-setting header of the cached HTTP response.

3 Citations

View as Search Results

20 Claims

1. A method comprising:
- a) storing, by a device intermediary to a plurality of clients and servers, to a cache a first Hypertext Transfer Protocol (HTTP) response received from a server to a first request of a user;
  
  b) determining, by an application firewall of the device, whether a session cookie is to be inserted into HTTP responses for the user;
  
  c) storing, by the cache responsive to the application firewall, a reserved space in the first HTTP response stored in the cache;
  
  d) generating, by the device responsive to receipt of a second request of the user, a second HTTP response based on the first HTTP response stored in the cache; and
  
  e) inserting, by the device into the reserved space of the second HTTP response generated from the first HTTP response stored in the cache, one of a session cookie or a header comprising cache control information generated by the application firewall.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein step (a) further comprises generating, by the device, meta data from the first HTTP response and storing the meta data into the cache.
  - 3. The method of claim 1, wherein step (b) further comprises determining, by the application firewall, not to insert the session cookie based on meta data generated from the first HTTP response.
  - 4. The method of claim 1, wherein step (b) further comprises determining, by the application firewall, to insert the session cookie based on meta data generated from the first HTTP response.
  - 5. The method of claim 4, wherein step (c) further comprises inserting, by the application firewall, the session cookie into the reserved space.
  - 6. The method of claim 1, wherein step (c) further comprises writing, by the application firewall to the cache, to the reserved space a header to be ignored by one of the client or a second intermediary device that receives the second HTTP response.
  - 7. The method of claim 1, wherein step (d) further comprises generating, by the device, the second HTTP response from a modified copy of the first HTTP response stored in the cache.
  - 8. The method of claim 1, wherein step (e) further comprises inserting, by the device, cache control information in the second HTTP response that identifies an original expiration date of the first HTTP response received from the server.
  - 9. The method of claim 1, wherein step (e) further comprises inserting, by the device, cache control information comprising a first portion that identifies that the application firewall has modified the header and a second portion having a copy of original cache control information from the server.
  - 10. The method of claim 1, further comprising including, by the device, in the second HTTP response a reference to meta data generated for the first HTTP response and stored in the cache.

11. A system comprising:
- a device intermediary to a plurality of clients and servers;
  
  a cache of the device storing a first Hypertext Transfer Protocol (HTTP) response received from a server to a first request of a user;
  
  an application firewall of the device determining whether a session cookie is to be inserted into HTTP responses for the user;
  
  wherein the cache responsive to the application firewall, a reserved space in the first HTTP response stored in the cache;
  
  wherein the device responsive to receipt of a second request of the user, a second HTTP response based on the first HTTP response stored in the cache and inserting into the reserved space of the second HTTP response generated from the first HTTP response stored in the cache one of a session cookie or a header comprising cache control information generated by the application firewall.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11, wherein the device generates meta data from the first HTTP response and stores the meta data into the cache.
  - 13. The system of claim 11, wherein the application firewall determines not to insert the session cookie based on meta data generated from the first HTTP response.
  - 14. The system of claim 11, wherein the application firewall determines to insert the session cookie based on meta data generated from the first HTTP response.
  - 15. The system of claim 14, wherein the application firewall inserts the session cookie into the reserved space.
  - 16. The system of claim 11, wherein the application firewall writes to the reserved space a header to be ignored by one of the client or a second intermediary device that receives the second HTTP response.
  - 17. The system of claim 11, wherein the device generates the second HTTP response from a modified copy of the first HTTP response stored in the cache.
  - 18. The system of claim 11, wherein the device inserts cache control information in the second HTTP response that identifies an original expiration date of the first HTTP response received from the server.
  - 19. The system of claim 11, wherein the device inserts cache control information comprising a first portion that identifies that the application firewall has modified the header and a second portion having a copy of original cache control information from the server.
  - 20. The system of claim 11, wherein the device includes in the second HTTP response a reference to meta data generated for the first HTTP response and stored in the cache.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Reddy, Anoop Kandi, Anderson, Craig Steven, Khemani, Prakash
Primary Examiner(s)
CHOE, YONG J

Application Number

US13/524,692
Publication Number

US 20130019301A1
Time in Patent Office

508 Days
Field of Search

711/118, 711/103, 711/E12.017, 709/227, 726/14
US Class Current

711/118
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2105   Dual mode as a secondary as...

G06F 2221/2149   Restricted operating enviro...

H04L 63/0227   Filtering policies mail mes...

H04L 63/168   above the transport layer

H04L 67/02   based on web technology, e....

H04L 67/561   Adding application-function...

H04L 67/568   Storing data temporarily at...

Systems and methods for integration between application firewall and caching

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

3 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for integration between application firewall and caching

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

3 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links