Blocking download of content

US 9,461,878 B1
Filed: 02/01/2011
Issued: 10/04/2016
Est. Priority Date: 02/01/2011
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving at a processor of a firewall appliance a response from a server to a first request for content originating from a client of a private network, wherein the firewall appliance is configured to intercept communications between the client and the server;

determining at the processor that the response is not known to be safe;

caching the response to the first request at the firewall appliance;

terminating a session between the client and the server associated with the first request;

providing the client a notification page having a unique identifier, wherein the notification page includes an option to accept the response and an option to decline the response and wherein the unique identifier is associated with the option to accept the response;

receiving at the processor of the firewall appliance a second request for the content from the client, wherein the second request includes the unique identifier; and

in the event that the unique identifier remains valid, forwarding the cached response to the client;

wherein the content is only provided to the client in response to the second request for the content from the client generated in response to a selection of the option to accept the response in the notification page provided to the client.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

At least initially blocking client download of certain content and injecting a user verification step for such downloads is disclosed. In some embodiments, client download of a response from a server to a client request is blocked, and instead a notification page with options to accept or decline the server response is provided to the client.

43 Citations

View as Search Results

21 Claims

1. A method, comprising:
- receiving at a processor of a firewall appliance a response from a server to a first request for content originating from a client of a private network, wherein the firewall appliance is configured to intercept communications between the client and the server;
  
  determining at the processor that the response is not known to be safe;
  
  caching the response to the first request at the firewall appliance;
  
  terminating a session between the client and the server associated with the first request;
  
  providing the client a notification page having a unique identifier, wherein the notification page includes an option to accept the response and an option to decline the response and wherein the unique identifier is associated with the option to accept the response;
  
  receiving at the processor of the firewall appliance a second request for the content from the client, wherein the second request includes the unique identifier; and
  
  in the event that the unique identifier remains valid, forwarding the cached response to the client;
  
  wherein the content is only provided to the client in response to the second request for the content from the client generated in response to a selection of the option to accept the response in the notification page provided to the client.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method recited in claim 1, wherein the response comprises an executable file.
  - 3. The method recited in claim 1, wherein determining that the response is not known to be safe comprises determining that the server is not included in a whitelist of trusted sites.
  - 4. The method recited in claim 1, wherein the notification page has an associated timer that expires within a prescribed timeframe.
  - 5. The method recited in claim 1, wherein the unique identifier remains valid if a time-out period for the notification page has not expired.
  - 6. The method recited in claim 1, in the event the unique identifier no longer remains valid, providing to the client a second notification page in response to the second request with options to accept and decline the response, wherein the second notification page is associated with a different unique identifier.
  - 7. The method recited in claim 1, wherein the content is not forwarded to the client in the event that the option in the notification page to accept the server response is not selected by a user of the client or in the event that the option in the notification page to decline the server response is selected by the user of the client. between the client and the server for the same requested content.

8. A system, comprising:
- a processor of a firewall appliance configured to;
  
  receive a response from a server to a first request for content originating from a client of a private network, wherein the firewall appliance is configured to intercept communications between the client and the server;
  
  determine that the response is not known to be safe;
  
  cache the response to the first request at the firewall appliance;
  
  terminate a session between the client and the server associated with the first request;
  
  provide the client a notification page having a unique identifier, wherein the notification page includes an option to accept the response and an option to decline the response and wherein the unique identifier is associated with the option to accept the response;
  
  receive a second request for the content from the client, wherein the second request includes the unique identifier; and
  
  in the event that the unique identifier remains valid, forward the cached response to the client; and
  
  a memory coupled to the processor and configured to provide the processor with instructions;
  
  wherein the content is only provided to the client in response to the second request for the content from the client generated in response to a selection of the option to accept the response in the notification page provided to the client.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system recited in claim 8, wherein the unique identifier remains valid if a time-out period for the notification page has not expired.
  - 10. The system recited in claim 8, wherein the response comprises an executable file.
  - 11. The system recited in claim 8, wherein to determine that the response is not known to be safe comprises determining that the server is not included in a whitelist of trusted sites.
  - 12. The system recited in claim 8, wherein the notification page has an associated timer that expires within a prescribed timeframe.
  - 13. The system recited in claim 8, in the event the unique identifier no longer remains valid, the processor is further configured to provide to the client a second notification page in response to the second request with options to accept and decline the response, wherein the second notification page is associated with a different unique identifier.
  - 14. The system recited in claim 8, wherein the content is not forwarded to the client in the event that the option in the notification page to accept the server response is not selected by a user of the client or in the event that the option in the notification page to decline the server response is selected by the user of the client.

15. A computer program product embodied in a non-transitory computer readable storage medium and comprising computer instructions for:
- receiving at a firewall appliance a response from a server to a first request for content originating from a client of a private network, wherein the firewall appliance is configured to intercept communications between the client and the server;
  
  determining that the response is not known to be safe;
  
  caching the response to the first request at the firewall appliance;
  
  terminating a session between the client and the server associated with the first request;
  
  providing the client a notification page having a unique identifier, wherein the notification page includes an option to accept the response and an option to decline the response and wherein the unique identifier is associated with the option to accept the response;
  
  receiving at the firewall appliance a second request for the content from the client, wherein the second request includes the unique identifier; and
  
  in the event that the unique identifier remains valid, forwarding the cached response to the client;
  
  wherein the content is only provided to the client in response to the second request for the content from the client generated in response to a selection &
  
  the option to accept the response in the notification page provided to the client.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The computer program product recited in claim 15, wherein the unique identifier remains valid if a time-out period for the notification page has not expired.
  - 17. The computer program product recited in claim 15, wherein the response comprises an executable file.
  - 18. The computer program product recited in claim 15, wherein determining that the response is not known to be safe comprises determining that the server is not included in a whitelist of trusted sites.
  - 19. The computer program product recited in claim 15, wherein the notification page has an associated timer that expires within a prescribed timeframe.
  - 20. The computer program product recited in claim 15, in the event the unique identifier no longer remains valid, further comprising computer instructions for providing to the client a second notification page in response to the second request with options to accept and decline the response, wherein the second notification page is associated with a different unique identifier.
  - 21. The computer program product recited in claim 15, wherein the content is not forwarded to the client in the event that the option in the notification page to accept the server response is not selected by a user of the client or in the event that the option in the notification page to decline the server response is selected by the user of the client.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Palo Alto Networks Incorporated
Original Assignee
Palo Alto Networks Incorporated
Inventors
Xie, Huagang
Primary Examiner(s)
Pham, Luu
Assistant Examiner(s)
Baum, Ronald

Application Number

US13/019,218
Time in Patent Office

2,072 Days
Field of Search

726/12
US Class Current

1/1
CPC Class Codes

H04L 41/0627   by acting on the notificati...

H04L 63/0236   Filtering by address, proto...

H04L 63/1408   by monitoring network traff...

H04L 65/1069   Session establishment or de...

H04L 67/01   Protocols

H04L 67/02   based on web technology, e....

H04L 67/06   specially adapted for file ...

Blocking download of content

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

43 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Blocking download of content

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

43 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links