Hostname validation and policy evasion prevention
First Claim
Patent Images
1. A system, comprising:
- a processor configured to;
receive, from a client device, a request to establish a session with a first server, wherein the first server is associated with a first hostname, and wherein the request includes information identifying a second hostname purported to correspond to the first server;
perform a Domain Name System (DNS) lookup using the second hostname, and determine that the second hostname was spoofed by the client device based on a response to the DNS lookup, wherein the response indicates that the first server is not associated with the second hostname; and
in response to the determining that the request received from the client device includes the spoofed second hostname, determine that the client device has injected or overridden at least one of an HTTP Host header and a Server Name Indicator in the request in an attempt to circumvent a policy enforceable against communications between the client device and the first server, and determine an action to take with respect to the client device; and
a memory coupled to the processor and configured to provide the processor with instructions.
1 Assignment
0 Petitions
Accused Products
Abstract
A request to access a network resource is received from a client device. The request includes a purported hostname of the network resource. A Domain Name System (DNS) lookup of the purported hostname is performed. A result of the lookup is used in making a determination that the request received from the client device is invalid. In response to the determination being made that the request received from the client device is invalid, an action to take with respect to the client device is determined.
48 Citations
24 Claims
-
1. A system, comprising:
-
a processor configured to; receive, from a client device, a request to establish a session with a first server, wherein the first server is associated with a first hostname, and wherein the request includes information identifying a second hostname purported to correspond to the first server; perform a Domain Name System (DNS) lookup using the second hostname, and determine that the second hostname was spoofed by the client device based on a response to the DNS lookup, wherein the response indicates that the first server is not associated with the second hostname; and in response to the determining that the request received from the client device includes the spoofed second hostname, determine that the client device has injected or overridden at least one of an HTTP Host header and a Server Name Indicator in the request in an attempt to circumvent a policy enforceable against communications between the client device and the first server, and determine an action to take with respect to the client device; and a memory coupled to the processor and configured to provide the processor with instructions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method, comprising:
-
receiving, from a client device, a request to establish a session with a first server, wherein the first server is associated with a first hostname, and wherein the request includes information identifying a second hostname purported to correspond to the first server; performing a Domain Name System (DNS) lookup using the second hostname, and determining that the second hostname was spoofed by the client device based on a response to the DNS lookup, wherein the response indicates that the first server is not associated with the second hostname; and in response to the determining that the request received from the client device includes the spoofed second hostname, determining that the client device has injected or overridden at least one of an HTTP Host header and a Server Name Indicator in the request in an attempt to circumvent a policy enforceable against communications between the client device and the first server, and determining an action to take with respect to the client device. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A computer program product embodied in a tangible non-transitory computer readable storage medium and comprising computer instructions for:
-
receiving, from a client device, a request to establish a session with a first server, wherein the first server is associated with a first hostname, and wherein the request includes information identifying a second hostname purported to correspond to the first server; performing a Domain Name System (DNS) lookup using the second hostname, and determining that the second hostname was spoofed by the client device based on a response to the DNS lookup, wherein the response indicates that the first server is not associated with the second hostname; and in response to the determining that the request received from the client device includes the spoofed second hostname, determining that the client device has injected or overridden at least one of an HTTP Host header and a Server Name Indicator in the request in an attempt to circumvent a policy enforceable against communications between the client device and the first server, and determining an action to take with respect to the client device.
-
Specification