Walled garden providing access to one or more websites that incorporate content from other websites
First Claim
1. A walled garden system for providing access from user devices to one or more external websites specified on a cleared sites list, the cleared sites list having one or more hostname descriptors corresponding to the web sites to be made accessible, the walled garden system comprising:
- a firewall having rules associated with a cleared internet protocol (IP) list including one or more cleared IP addresses corresponding to websites on the cleared sites list,the firewall operable to permit direct transfer of only cleared hypertext transfer protocol (HTTP) requests from a user device, wherein each of the cleared HTTP requests is to a cleared destination IP address that matches one of the cleared IP addresses; and
a controller operable to examine non-cleared HTTP requests from the user device, wherein each of the non-cleared HTTP requests is to a non-cleared destination IP address that does not match one of the cleared IP addresses,the controller further operable to act as a transparent proxy between the user device and a non-cleared destination IP address of a non-cleared HTTP request when any of a destination host header and a referrer header of the non-cleared HTTP request matches a hostname descriptor of the cleared sites list, andthe controller further operable to block the non-cleared HTTP request when neither of the destination host header nor the referrer header of the non-cleared HTTP request matches a hostname descriptor of the cleared sites list.
3 Assignments
0 Petitions
Accused Products
Abstract
A cleared sites list includes one or more hostname descriptors. A firewall includes rules associated with a cleared IP list including cleared IP addresses, and permits transfer of a cleared HTTP request from a user device to a cleared destination IP address that matches one of the cleared IP addresses. A controller examines a non-cleared HTTP request from the user device to a non-cleared destination IP address that does not match one of the cleared IP addresses, and acts as a transparent proxy between the user device and the non-cleared destination IP address when a destination host header of the non-cleared HTTP request matches a hostname descriptor of the cleared sites list. The controller further acts as a transparent proxy between the user device and the non-cleared destination IP address when a referrer header of the non-cleared HTTP request matches a hostname descriptor of the cleared sites list.
29 Citations
20 Claims
-
1. A walled garden system for providing access from user devices to one or more external websites specified on a cleared sites list, the cleared sites list having one or more hostname descriptors corresponding to the web sites to be made accessible, the walled garden system comprising:
-
a firewall having rules associated with a cleared internet protocol (IP) list including one or more cleared IP addresses corresponding to websites on the cleared sites list, the firewall operable to permit direct transfer of only cleared hypertext transfer protocol (HTTP) requests from a user device, wherein each of the cleared HTTP requests is to a cleared destination IP address that matches one of the cleared IP addresses; and a controller operable to examine non-cleared HTTP requests from the user device, wherein each of the non-cleared HTTP requests is to a non-cleared destination IP address that does not match one of the cleared IP addresses, the controller further operable to act as a transparent proxy between the user device and a non-cleared destination IP address of a non-cleared HTTP request when any of a destination host header and a referrer header of the non-cleared HTTP request matches a hostname descriptor of the cleared sites list, and the controller further operable to block the non-cleared HTTP request when neither of the destination host header nor the referrer header of the non-cleared HTTP request matches a hostname descriptor of the cleared sites list. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method in a walled garden system of providing access from user devices to one or more external websites specified on a cleared sites list, the cleared sites list having one or more hostname descriptors corresponding to the web sites to be made accessible, the method comprising:
-
storing a cleared internet protocol (IP) list including one or more cleared IP addresses corresponding to websites on the cleared sites list; permitting direct transfer of only cleared hypertext transfer protocol (HTTP) requests from a user device, wherein each of the cleared HTTP requests is to a cleared destination IP address that matches one of the cleared IP addresses; examining non-cleared HTTP requests from the user device, wherein each of the non-cleared HTTP requests is to a non-cleared destination IP address that does not match one of the cleared IP addresses; transparent proxying between the user device and a non-cleared destination IP address of a non-cleared HTTP request when any of a destination host header and a referrer header of the non-cleared HTTP request matches a hostname descriptor of the cleared sites list; and blocking the non-cleared HTTP request when neither of the destination host header nor the referrer header of the non-cleared HTTP request matches a hostname descriptor of the cleared sites list. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A walled garden server coupled between a guest network and an external network, the walled garden server comprising:
-
a cleared sites list specifying one or more descriptors of websites on the external network that are to be made accessible to a user device on the guest device; and a processor operable to; allow a hypertext transfer protocol (HTTP) request from the user device to the external network when any of a destination host header and a referrer header of the HTTP request matches a descriptor on the cleared sites list, and block the HTTP request when neither of the destination host header nor the referrer header of the HTTP request matches any descriptor on the cleared sites list. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification