Systems and methods for proxying cookies for SSL VPN clientless sessions

US 8,769,660 B2
Filed: 01/26/2009
Issued: 07/01/2014
Est. Priority Date: 01/26/2008
Status: Active Grant

First Claim

Patent Images

1. A method for configuration driven proxying of cookies by an intermediary between one or more servers and one or more clients, the intermediary establishing SSL VPN sessions between the one or more servers and the one or more clients, the method comprising:

(a) receiving, by an intermediary, a response from a server to a request of a client via a clientless SSL VPN session established by the intermediary between the server and the client, the response comprising one or more cookies;

(b) identifying, by the intermediary, via the request or the response based on identification of a type of resource, an access profile for the clientless SSL VPN session, the access profile identifying one or more policies for proxying cookies; and

(c) determining, by the intermediary responsive to the one or more policies of the access profile, whether to proxy the one or more cookies, comprising handling the one or more cookies on behalf of the client, or to bypass proxying for the client by forwarding the response with the one or more cookies from the server to the client without modifying the one or more cookies.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present application enables the enterprise to configure various policies to address various subsets of the traffic based on various information relating the client, the server, or the details and nature of the interactions between the client and the server. An intermediary deployed between clients and servers may establish an SSL VPN session between a client and a server. The intermediary may receiving a response from a server to a request of a client via the clientless SSL VPN session. The response may comprise one or more cookies. The intermediary may identify an access profile for the clientless SSL VPN session. The access profile may identify one or more policies for proxying cookies. The intermediary may determine, responsive to the one or more policies of the access profile, whether to proxy or bypass proxying for the client the one or more cookies.

399 Citations

20 Claims

1. A method for configuration driven proxying of cookies by an intermediary between one or more servers and one or more clients, the intermediary establishing SSL VPN sessions between the one or more servers and the one or more clients, the method comprising:
- (a) receiving, by an intermediary, a response from a server to a request of a client via a clientless SSL VPN session established by the intermediary between the server and the client, the response comprising one or more cookies;
  
  (b) identifying, by the intermediary, via the request or the response based on identification of a type of resource, an access profile for the clientless SSL VPN session, the access profile identifying one or more policies for proxying cookies; and
  
  (c) determining, by the intermediary responsive to the one or more policies of the access profile, whether to proxy the one or more cookies, comprising handling the one or more cookies on behalf of the client, or to bypass proxying for the client by forwarding the response with the one or more cookies from the server to the client without modifying the one or more cookies.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein step (a) further comprising receiving, by the intermediary, the response a client consumed cookie of the one or more cookies, wherein step (b) further comprises the access profile identifying a policy comprising a cookie proxy action for the client consumed cookie, and wherein step (c) further comprises bypassing proxying, by the intermediary, the client consumed cookie responsive to the policy.
  - 3. The method of claim 2, further comprises retaining, by the intermediary, the client consumed cookie in the response forwarded to the client.
  - 4. The method of claim 1, wherein step (a) further comprising receiving, by the intermediary, via the response a server cookie of the one or more cookies and wherein step (c) further comprises proxying by the intermediary the server cookie.
  - 5. The method of claim 4, further comprising removing, by the intermediary, the server cookie from the response and forwarding the response to the client.
  - 6. The method of claim 1, wherein step (c) comprises proxying, by the intermediary, the one or more cookies of the response responsive to determining via the one or more policies that client does not support the one or more cookies.
  - 7. The method of claim 1, wherein step (b) comprises the access profile identifying a policy defining a cookie proxy action for a server consumed cookie of a specified domain name and wherein step (c) comprising modifying, by the intermediary, the response as specified by the action of the policy.
  - 8. The method of claim 1, comprising identifying the access profile based on the identification of the type of resource, the resource comprising an application.
  - 9. The method of claim 1, further comprising the access profile identifying a policy comprising a cookie proxy action to bypass proxying a cookie of the one or more cookies based on identification of a user or a group of the user.
  - 10. The method of claim 1, further comprising the access profile identifying a policy to bypass proxying a cookie of the one or more cookies based on identification of a virtual server of the intermediary.
  - 11. The method of claim 1, wherein step (c) further comprises proxying, by the intermediary, the one or more cookies of the response unless the one or more policies of the access profile identify a cookie of the one or more cookies to be bypassed.

12. An intermediary device for configuration driven proxying of cookies between one or more servers and one or more clients, the intermediary device establishing SSL VPN sessions between the one or more servers and the one or more clients, the intermediary device comprising:
- a packet engine executing on a device of the intermediary device, for receiving a response from a server to a request of a client via a clientless SSL VPN session established by the intermediary device between the server and the client, the response comprising one or more cookies,a policy engine for identifying, via the request or the response based on identification of a type of resource, an access profile for the clientless SSL VPN session, the access profile identifying one or more policies for proxying cookies; and
  
  wherein the intermediary device determines responsive to the one or more policies of the access profile whether to proxy the one or more cookies, comprising handling the one or more cookies on behalf of the client, or to bypass proxying for the client by forwarding the response with the one or more cookies from the server to the client without modifying the one or more cookies.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The intermediary device of claim 12, wherein the packet engine receives via the response a client consumed cookie of the one or more cookies, the access profile identifies a policy comprising a cookie proxy action for the client consumed cookie, and wherein the intermediary device determines to bypass proxying the client consumed cookie responsive to the policy.
  - 14. The intermediary device of claim 13, wherein the intermediary device retains the client consumed cookie in the response forwarded to the client.
  - 15. The intermediary device of claim 12, wherein the packet engine receives via the response a server cookie of the one or more cookies and wherein the intermediary device proxies the server cookie responsive to the one or more policies.
  - 16. The intermediary device of claim 15, wherein the intermediary device removes the server cookie from the response and forwards the response to the client.
  - 17. The intermediary device of claim 12, wherein the intermediary device proxies the one or more cookies of the response responsive to determining via the one or more policies that client does not support the one or more cookies.
  - 18. The intermediary device of claim 12, wherein the policy engine identifies via the access profile a policy of the one or more policies defining a cookie proxy action for a server consumed cookie of a specified domain name and wherein the intermediary device modifies the response as specified by the action of the policy.
  - 19. The intermediary device of claim 12, wherein the policy engine identifies the access profile based on the identification of the type of resource, the resource comprising an application.
  - 20. The intermediary device of claim 12, wherein the policy engine identifies via the access profile a policy comprising a cookie proxy action to bypass proxying a cookie of the one or more cookies based on identification of a user or a group of the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Agarwal, Puneet, Harris, James, Adhya, Saibal Kumar, Thirunarayanan, Srinivasan
Primary Examiner(s)
Zecher, Cordelia
Assistant Examiner(s)
Almamun, Abdullah

Application Number

US12/360,019
Publication Number

US 20090199285A1
Time in Patent Office

1,982 Days
Field of Search

726/12, 726/13, 713/201, 709/219, 709/228, 709/250
US Class Current

726/12
CPC Class Codes

H04L 63/0227   Filtering policies mail mes...

H04L 63/0272   Virtual private networks

H04L 63/0281   Proxies

H04L 63/166   at the transport layer

H04L 63/20   for managing network securi...

H04L 67/02   based on web technology, e....

H04L 67/56   Provisioning of proxy servi...

H04L 67/568   Storing data temporarily at...

Systems and methods for proxying cookies for SSL VPN clientless sessions

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

399 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for proxying cookies for SSL VPN clientless sessions

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

399 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links