Systems and methods for proxying cookies for SSL VPN clientless sessions

US 9,059,966 B2
Filed: 06/17/2014
Issued: 06/16/2015
Est. Priority Date: 01/26/2008
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

(a) identifying, by the device intermediary to a client and a server, a type of application from a communication via a session between the client and the server(b) identifying, by the device based on the type of application, an access profile for the session, the access profile comprising a policy for proxying cookies to be sent to the client;

(c) determining, by the device responsive to the policy of the access profile identified for the session based on the type of application, to proxy for the client one or more cookies of a response received by the device from the server; and

(d) retaining, by the device responsive to the determination, the one or more cookies at the device while forwarding to the client the response with the one or more cookies removed from the response.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present application enables the enterprise to configure various policies to address various subsets of the traffic based on various information relating the client, the server, or the details and nature of the interactions between the client and the server. An intermediary deployed between clients and servers may establish an SSL VPN session between a client and a server. The intermediary may receiving a response from a server to a request of a client via the clientless SSL VPN session. The response may comprise one or more cookies. The intermediary may identify an access profile for the clientless SSL VPN session. The access profile may identify one or more policies for proxying cookies. The intermediary may determine, responsive to the one or more policies of the access profile, whether to proxy or bypass proxying for the client the one or more cookies.

393 Citations

20 Claims

1. A method comprising:
- (a) identifying, by the device intermediary to a client and a server, a type of application from a communication via a session between the client and the server(b) identifying, by the device based on the type of application, an access profile for the session, the access profile comprising a policy for proxying cookies to be sent to the client;
  
  (c) determining, by the device responsive to the policy of the access profile identified for the session based on the type of application, to proxy for the client one or more cookies of a response received by the device from the server; and
  
  (d) retaining, by the device responsive to the determination, the one or more cookies at the device while forwarding to the client the response with the one or more cookies removed from the response.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein (a) further comprises establishing, by the device, the session comprising a secure socket layer virtual private network (SSL VPN) session between the server and the client.
  - 3. The method of claim 2, wherein the SSL VPN session is a clientless SSL VPN session.
  - 4. The method of claim 1, wherein (a) further comprising identifying, by the device, the type of application from applying a second policy to the communication between the client and the server.
  - 5. The method of claim 1, wherein (b) further comprises identifying, by the device, the type of application from the communication comprising one of the following:
    - the request from the client or the response from the server.
  - 6. The method of claim 1, wherein (c) further comprises determining to proxy the one or more cookies instead of bypassing proxying the one or more cookies, bypass proxying comprising forwarding the response with the one or more cookies from the server to the client without modifying the one or more cookies.
  - 7. The method of claim 1, wherein (c) further comprising identifying a cookie proxy action specified by the policy and handling, by the device, the one or more cookies in accordance with the cookie proxy action.
  - 8. The method of claim 1, further comprising receiving, by the device, a second response for a second type of application via the session, the second response comprising a second cookie.
  - 9. The method of claim 8, further comprising determining, by the device responsive to a second policy of the access profile, to bypass proxying cookies for the second type of application.
  - 10. The method of claim 9, further comprising forwarding, by the device responsive to the determination to bypass proxying, the second response with the second cookie to the client.

11. A system comprising:
- a device intermediary to a client and a server, the device configured to identify a type of application from a communication via a session between the client and the server and based on the type of application, identify an access profile for the session, wherein the access profile comprises a policy for proxying cookies to be sent to the client;
  
  a policy engine of the device configured to proxy for the client one or more cookies of a response received by the device from the server responsive to the policy of the access profile identified for the session based on the type of application, andwherein the device is configured to, responsive to the determination, retain the one or more cookies at the device while forwarding to the client the response with the one or more cookies removed from the response.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11, wherein the device is further configured to establish the session comprising a secure socket layer virtual private network (SSL VPN) session between the server and the client.
  - 13. The system of claim 12, wherein the SSL VPN session is a clientless SSL VPN session.
  - 14. The system of claim 11, wherein the device is further configured to identify the type of application from applying a second policy to the communication between the client and the server.
  - 15. The system of claim 11, wherein the device is further configured to identify the type of application from the communication comprising one of the following:
    - the request from the client or the response from the server.
  - 16. The system of claim 11, wherein the policy engine is further configured to determine to proxy the one or more cookies instead of bypassing proxying the one or more cookies, bypass proxying comprising forwarding the response with the one or more cookies from the server to the client without modifying the one or more cookies.
  - 17. The system of claim 11, wherein the policy engine is further configured to identify a cookie proxy action specified by the policy and handle the one or more cookies in accordance with the cookie proxy action.
  - 18. The system of claim 11, wherein the device is further configured to receive a second response for a second type of application via the session, the second response comprising a second cookie.
  - 19. The system of claim 18, wherein the policy engine is further configured to determine, responsive to a second policy of the access profile, to bypass proxying cookies for the second type of application.
  - 20. The system of claim 19, wherein the device is further configured to forward the second response with the second cookie to the client responsive to the determination to bypass proxying.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Agarwal, Puneet, Adhya, Saibal Kumar, Thirunarayanan, Srinivasan, Harris, James
Primary Examiner(s)
Zecher, Dede
Assistant Examiner(s)
Almamun, Abdullah

Application Number

US14/306,354
Publication Number

US 20140298410A1
Time in Patent Office

364 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

H04L 63/0227   Filtering policies mail mes...

H04L 63/0272   Virtual private networks

H04L 63/0281   Proxies

H04L 63/166   at the transport layer

H04L 63/20   for managing network securi...

H04L 67/02   based on web technology, e....

H04L 67/56   Provisioning of proxy servi...

H04L 67/568   Storing data temporarily at...

Systems and methods for proxying cookies for SSL VPN clientless sessions

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

393 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for proxying cookies for SSL VPN clientless sessions

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

393 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links