Methods and systems for context-based application firewalls
First Claim
1. A method comprising:
- initiating a user session with a client device in a multitenant environment that stores data for multiple client entities each identified by a tenant identifier (ID) having one or more users associated with the tenant ID, wherein users of each of multiple client entities can only access data identified by a tenant ID associated with the respective client entity, and wherein the multitenant environment is provided by an entity separate from the client entities, and provides on-demand service to the client entities where resource identifiers are treated differently for different tenants, and wherein the multitenant environment can be modified on a per-tenant basis, the user session to access a remote resource on a server device coupled with the client device over a network, wherein the connection between the client device and the remote resource is through an application firewall, wherein the application firewall provides application level or higher analysis of network traffic;
performing an application firewall context setup with the firewall in response to the user session, wherein the application firewall context comprises firewall context information to be used during the user session to perform network and application security operations with the application firewall, wherein the context is shared between the application firewall and one or more web-based applications to be used by both the application firewall and the one or more web-based applications to make security evaluations and wherein the application firewall and the one or more web-based applications reside on different network layers and wherein the context information is sent between peer systems within the multitenant environment;
creating a response to provide information from the remote resource to the client device, wherein the response further comprises metadata to be used to update the firewall context information;
updating the firewall context information using the application firewall based on the metadata; and
transmitting the response to the client device.
1 Assignment
0 Petitions
Accused Products
Abstract
Context-based application firewall functionality. A user session is initiated with a client device. The user session allows access a remote resource on a server device coupled with the client device over a network. The connection between the client device and the remote resource is through an application firewall. An application firewall context setup is performed with the application firewall in response to the user session. The application firewall context comprises firewall context information to be used during the user session to perform network and application security operations with the application firewall. A response is created to provide information from the remote resource to the client device. The response includes metadata to be used to update the firewall context information. The firewall context information is updated with the application firewall based on the metadata. The response is transmitted to the client device.
-
Citations
29 Claims
-
1. A method comprising:
-
initiating a user session with a client device in a multitenant environment that stores data for multiple client entities each identified by a tenant identifier (ID) having one or more users associated with the tenant ID, wherein users of each of multiple client entities can only access data identified by a tenant ID associated with the respective client entity, and wherein the multitenant environment is provided by an entity separate from the client entities, and provides on-demand service to the client entities where resource identifiers are treated differently for different tenants, and wherein the multitenant environment can be modified on a per-tenant basis, the user session to access a remote resource on a server device coupled with the client device over a network, wherein the connection between the client device and the remote resource is through an application firewall, wherein the application firewall provides application level or higher analysis of network traffic; performing an application firewall context setup with the firewall in response to the user session, wherein the application firewall context comprises firewall context information to be used during the user session to perform network and application security operations with the application firewall, wherein the context is shared between the application firewall and one or more web-based applications to be used by both the application firewall and the one or more web-based applications to make security evaluations and wherein the application firewall and the one or more web-based applications reside on different network layers and wherein the context information is sent between peer systems within the multitenant environment; creating a response to provide information from the remote resource to the client device, wherein the response further comprises metadata to be used to update the firewall context information; updating the firewall context information using the application firewall based on the metadata; and transmitting the response to the client device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. An article comprising a non-transitory computer-readable medium having stored thereon instructions that, when executed by one or more processors, cause the one or more processors to:
-
initiate a user session with a client device in a multitenant environment that stores data for multiple client entities each identified by a tenant identifier (ID) having one or more users associated with the tenant ID, wherein users of each of multiple client entities can only access data identified by a tenant ID associated with the respective client entity, and wherein the multitenant environment is provided by an entity separate from the client entities, and provides on-demand service to the client entities where resource identifiers are treated differently for different tenants, and wherein the multitenant environment can be modified on a per-tenant basis, the user session to access a remote resource on a server device coupled with the client device over a network, wherein the connection between the client device and the remote resource is through an application firewall, wherein the application firewall provides application level or higher analysis of network traffic; perform an application firewall context setup with the firewall in response to the user session, wherein the application firewall context comprises firewall context information to be used during the user session to perform network and application security operations with the application firewall, wherein the context is shared between the application firewall and one or more web-based applications to be used by both the application firewall and the one or more web-based applications to make security evaluations and wherein the application firewall and the one or more web-based applications reside on different network layers and wherein the context information is sent between peer systems within the multitenant environment; create a response to provide information from the remote resource to the client device, wherein the response further comprises metadata to be used to update the firewall context information; update the firewall context information using the application firewall based on the metadata; and transmit the response to the client device. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A system comprising:
-
one or more user systems; one or more firewalls; and one or more server systems communicatively coupled with the one or more user systems and the one or more firewalls, the server system to provide a multitenant environment where resource identifiers are treated differently for different tenants, and wherein the multitenant environment can be modified on a per-tenant basis, wherein the multitenant environment includes data for multiple client entities, each identified by a tenant identifier (ID) having one or more users associated with the tenant ID, users of each of multiple client identities can only access data identified by a tenant ID associated with the respective client entity, and the multitenant environment is at least a hosted database provided by an entity separate from the client entities, and provides on-demand database service to the client entities, the server system and the one or more firewalls further to initiate a user session with a selected user system of the one or more user systems, the user session to access a resource on the server system, wherein the connection between the user system and the server system is through a selected firewall from the one or more firewalls, to perform a firewall context setup with the selected firewall in response to the user session, wherein the context is shared between the selected firewall and one or more web-based applications to be used by both the selected firewall and the one or more web-based applications to make security evaluations and wherein the selected firewall and the one or more web-based applications reside on different network layers and wherein the selected firewall provides application level or higher analysis of network traffic and wherein the context information is sent between peer systems within the multitenant environment, wherein the firewall context comprises firewall context information to be used during the user session to perform network and application security operations with the selected firewall, to create a response with the server system, the response to provide information from the server system to the selected user system, wherein the response further comprises metadata to be used to update the firewall context information, to transmit the response with the metadata from the server system to the selected firewall, to update the firewall context information with the selected firewall based on the metadata, to process a reply from the selected user system with the selected firewall based on the firewall context information, to transmit the reply from the selected firewall to the server system, and to process the reply with the server system based on the application context information. - View Dependent Claims (24, 25, 26, 27, 28, 29)
-
Specification