System and method for selectively storing web objects in a cache memory based on policy decisions

US 8,627,467 B2
Filed: 10/19/2011
Issued: 01/07/2014
Est. Priority Date: 01/14/2011
Status: Active Grant

First Claim

Patent Images

1. A method of selectively storing one or more web objects in a memory, the method comprising:

receiving a server response at a network traffic management device interposed between and separate from a client device and a server over a network, wherein the server response is associated with a client request sent from the client device, wherein the server response includes at least one web object;

analyzing the server response using a security module of the network traffic management device;

determining if the at least a portion of the server response contains suspicious content in relation to one or more defined policy parameters handled by the security module; and

sending an instruction from the security module to a cache module of the network traffic management device upon the security module determining that the at least a portion of the server response contains suspicious information, wherein the cache module does not store the at least one web object upon receiving the instruction when the network traffic management device replies to the client device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for selectively storing one or more web objects in a memory is disclosed. A server response is received at a network traffic management device, wherein the server response is associated with a client request sent from a client device and includes at least one web object. The server response is analyzed using a security module of the network traffic management device which determines if the at least a portion of the server response contains suspicious content in relation to one or more defined policy parameters handled by the security module. An instruction is sent from the security module to a cache module of the network traffic management device upon determining that the at least a portion of the server response contains suspicious information, wherein the cache module does not store the at least one web object upon receiving the instruction.

Citations

18 Claims

1. A method of selectively storing one or more web objects in a memory, the method comprising:
- receiving a server response at a network traffic management device interposed between and separate from a client device and a server over a network, wherein the server response is associated with a client request sent from the client device, wherein the server response includes at least one web object;
  
  analyzing the server response using a security module of the network traffic management device;
  
  determining if the at least a portion of the server response contains suspicious content in relation to one or more defined policy parameters handled by the security module; and
  
  sending an instruction from the security module to a cache module of the network traffic management device upon the security module determining that the at least a portion of the server response contains suspicious information, wherein the cache module does not store the at least one web object upon receiving the instruction when the network traffic management device replies to the client device.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising determining if the network traffic management device is operating in a blocking mode based on the at least a portion of the server response in relation to the one or more defined policy parameters.
  - 3. The method of claim 2, further comprising sending a blocked response page to the client device upon determining the security module is operating in the blocking mode, wherein at least a portion of the block response page is not stored in the memory by the cache module.
  - 4. The method of claim 2, further comprising:
    - sending the server response to the client device upon determining that the network traffic management device is not operating in the blocking mode, wherein at least a portion of the server response is not stored in the memory by the cache module.
  - 5. The method of claim 1, further comprising:
    - inquiring in the memory if at least a portion of the client request was identified by the security module as being suspicious with respect to the one or more defined security policy parameters;
      
      sending the server response to the client device upon determining from the memory that the at least a portion of the client request was identified as being suspicious, wherein the at least a portion of the server response is not stored in the memory by the cache module.
  - 6. The method of claim 1, wherein the at least a portion of the server response that is determined to be suspicious further comprises:
    - analyzing the at least one web object in the server response to determine if the at least one web object is protected with respect to the one or more defined security policy parameters.

7. A non-transitory machine readable medium having stored thereon instructions for selectively storing one or more web objects in a memory, comprising machine executable code which, when executed by at least one machine of a network traffic management device, causes the machine to:
- receive a server response from a server at a network traffic management device interposed between and separate from the server and a client device, wherein the server response is associated with a client request sent from the client device, wherein the server response includes at least one web object;
  
  analyze the server response;
  
  determine if at least a portion of the server response is suspicious in relation to one or more defined policy parameters; and
  
  send an instruction to a cache module upon determining that the at least a portion of the server response is suspicious in relation to the one or more defined policy parameters, wherein the cache module does not store the at least one web object in a memory upon receiving the instruction when the network traffic management device replies to the client device.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The machine readable medium of claim 7, further comprising causing the machine to determine if the machine is operating in a blocking mode based on the at least a portion of the server response in relation to the one or more defined policy parameters.
  - 9. The machine readable medium of claim 8, further comprising causing the machine to send a blocked response page to the client device upon determining that the machine is operating in the blocking mode, wherein at least a portion of the block response page is not stored in the memory by the cache module.
  - 10. The machine readable medium of claim 8, further comprising causing the machine to send the server response to the client device upon determining that the machine is not operating in the blocking mode, wherein the at least a portion of the server response is not stored in the memory by the cache module.
  - 11. The machine readable medium of claim 7, wherein the machine is further configured to:
    - inquire in the memory if at least a portion of the client request was identified as being suspicious with respect to the one or more defined security policy parameters;
      
      send the server response to the client device upon determining from the memory that the at least a portion of the client request was identified as being suspicious, wherein the at least one web object in the server response is not stored in the memory by the cache module.
  - 12. The machine readable medium of claim 7, wherein the at least a portion of the server response that is determined by the machine to be suspicious, the machine further configured to:
    - analyze the at least one of the web object in the server response to determine if the at least one web object is protected with respect to the one or more defined security policy parameters.

13. A network traffic management device comprising:
- a network interface capable of receiving and transmitting client requests and server responses between at least one client device and at least one server over one or more networks, the network traffic management device being interposed between and separate from the at least one client device and the at least one server;
  
  a memory configured to store one or more programming instructions associated with selectively storing one or more web objects; and
  
  one or more processors configured to execute the stored programming instructions, which when executed by the one or more processors, cause the one or more processors to;
  
  analyze a received server response associated with a client request sent from a client device, wherein the server response includes at least one web object;
  
  determine if the at least a portion of the server response is suspicious in relation to one or more defined policy parameters; and
  
  send an instruction to a cache module upon determining that the at least a portion of the server response is suspicious in relation to the one or more defined policy parameters, wherein the at least a portion of the server response is not stored in the memory as a result of the instruction when the network traffic management device replies to the client device.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The network traffic management device of claim 13, wherein the one or more processors is configured to send a blocked response page to the client device upon determining the network traffic management device is operating in the blocking mode, wherein at least a portion of the block response page is not stored in the memory by the cache module.
  - 15. The network traffic management device of claim 14 wherein the one or more processors is configured to send the server response to the client device upon determining that the network traffic management device is not operating in the blocking mode, wherein the at least a portion of the server response is not stored in the memory by the cache module.
  - 16. The network traffic management device of claim 13, wherein the one or more processors is configured to determine if the network traffic management device is operating in a blocking mode based on the at least one web object and the one or more defined policy parameters.
  - 17. The network traffic management device of claim 14, wherein the one or more processors is configured to:
    - inquire in the memory if at least a portion of the client request was identified as being suspicious with respect to the one or more defined security policy parameters;
      
      send the server response to the client device upon determining from the memory that the at least a portion of the client request was identified as being suspicious, wherein the at least one web object in the server response is not stored in the memory by the cache module.
  - 18. The network traffic management device of claim 13, wherein the one or more processors is configured to analyze the at least one of the web object in the server response to determine if the at least one web object is protected with respect to the one or more defined security policy parameters.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
F5 Networks, Inc. (F5 Incorporated)
Original Assignee
F5 Networks, Inc. (F5 Incorporated)
Inventors
Levy, Yuval, Talmor, Ron, Serfaty, Beni
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
GUIRGUIS, MICHAEL M

Application Number

US13/277,041
Publication Number

US 20120185937A1
Time in Patent Office

811 Days
Field of Search

726 22- 25, 726/11
US Class Current

726/22
CPC Class Codes

G06F 21/554   involving event detection a...

H04L 63/0245   Filtering by information in...

H04L 67/02   based on web technology, e....

H04L 67/5682   Policies or rules for updat...

System and method for selectively storing web objects in a cache memory based on policy decisions

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for selectively storing web objects in a cache memory based on policy decisions

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links