Blocking download of content
First Claim
Patent Images
1. A method, comprising:
- receiving at a processor of a firewall appliance a response from a server to a first request for content originating from a client of a private network, wherein the firewall appliance is configured to intercept communications between the client and the server;
determining at the processor that the response is not known to be safe;
caching the response to the first request at the firewall appliance;
terminating a session between the client and the server associated with the first request;
providing the client a notification page having a unique identifier, wherein the notification page includes an option to accept the response and an option to decline the response and wherein the unique identifier is associated with the option to accept the response;
receiving at the processor of the firewall appliance a second request for the content from the client, wherein the second request includes the unique identifier; and
in the event that the unique identifier remains valid, forwarding the cached response to the client;
wherein the content is only provided to the client in response to the second request for the content from the client generated in response to a selection of the option to accept the response in the notification page provided to the client.
1 Assignment
0 Petitions
Accused Products
Abstract
At least initially blocking client download of certain content and injecting a user verification step for such downloads is disclosed. In some embodiments, client download of a response from a server to a client request is blocked, and instead a notification page with options to accept or decline the server response is provided to the client.
43 Citations
21 Claims
-
1. A method, comprising:
-
receiving at a processor of a firewall appliance a response from a server to a first request for content originating from a client of a private network, wherein the firewall appliance is configured to intercept communications between the client and the server; determining at the processor that the response is not known to be safe; caching the response to the first request at the firewall appliance; terminating a session between the client and the server associated with the first request; providing the client a notification page having a unique identifier, wherein the notification page includes an option to accept the response and an option to decline the response and wherein the unique identifier is associated with the option to accept the response; receiving at the processor of the firewall appliance a second request for the content from the client, wherein the second request includes the unique identifier; and in the event that the unique identifier remains valid, forwarding the cached response to the client; wherein the content is only provided to the client in response to the second request for the content from the client generated in response to a selection of the option to accept the response in the notification page provided to the client. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system, comprising:
-
a processor of a firewall appliance configured to; receive a response from a server to a first request for content originating from a client of a private network, wherein the firewall appliance is configured to intercept communications between the client and the server; determine that the response is not known to be safe; cache the response to the first request at the firewall appliance; terminate a session between the client and the server associated with the first request; provide the client a notification page having a unique identifier, wherein the notification page includes an option to accept the response and an option to decline the response and wherein the unique identifier is associated with the option to accept the response; receive a second request for the content from the client, wherein the second request includes the unique identifier; and in the event that the unique identifier remains valid, forward the cached response to the client; and a memory coupled to the processor and configured to provide the processor with instructions; wherein the content is only provided to the client in response to the second request for the content from the client generated in response to a selection of the option to accept the response in the notification page provided to the client. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer program product embodied in a non-transitory computer readable storage medium and comprising computer instructions for:
-
receiving at a firewall appliance a response from a server to a first request for content originating from a client of a private network, wherein the firewall appliance is configured to intercept communications between the client and the server; determining that the response is not known to be safe; caching the response to the first request at the firewall appliance; terminating a session between the client and the server associated with the first request; providing the client a notification page having a unique identifier, wherein the notification page includes an option to accept the response and an option to decline the response and wherein the unique identifier is associated with the option to accept the response; receiving at the firewall appliance a second request for the content from the client, wherein the second request includes the unique identifier; and in the event that the unique identifier remains valid, forwarding the cached response to the client; wherein the content is only provided to the client in response to the second request for the content from the client generated in response to a selection &
the option to accept the response in the notification page provided to the client. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification