×

Mitigating a denial-of-service attack in a cloud-based proxy service

  • US 9,661,020 B2
  • Filed: 10/07/2014
  • Issued: 05/23/2017
  • Est. Priority Date: 08/07/2012
  • Status: Active Grant
First Claim
Patent Images

1. A method in a proxy server in a cloud-based proxy service, wherein the proxy server is situated between client computing devices that request network resources and origin servers that serve network resources, the method comprising:

  • receiving a first message that indicates that a domain, whose traffic passes through the proxy server, is suspected to be under a denial-of-service (DoS) attack;

    in response to receiving the first message, enabling a rule for the domain that specifies that future requests for resources at that domain are subject to at least initially passing a set of one or more challenges; and

    while the rule is enabled;

    receiving a first request for a first resource of the domain from a first visitor,responsive to determining that the first request does not include a cookie that indicates that the first visitor has passed the set of challenges, automatically presenting the set of challenges based on the enabled rule that if not passed are an indication that the first visitor is part of the DoS attack, wherein automatically presenting the set of challenges includes automatically embedding a client-side script into a page and transmitting the page to the first visitor, wherein the page is not the requested first resource, and wherein the client-side script, when executed by a client network application that supports client-side script execution, solves a math or other computationally expensive problem and causes a second message to be transmitted the proxy server with a solution to the math or other computationally expensive problem to allow the proxy server to determine a likelihood of whether the first request originated from a web browser,receiving a second request for a second resource of the domain from a second visitor, andresponsive to determining that the second request includes a cookie that indicates that the second visitor has passed the set of challenges;

    retrieving the requested second resource, andtransmitting the requested second resource to the second visitor.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×