DISTRIBUTED WEB APPLICATION FIREWALL

US 20090328187A1
Filed: 03/02/2007
Published: 12/31/2009
Est. Priority Date: 03/03/2006
Status: Active Grant

First Claim

Patent Images

1. A method for protecting a Web application running on a first local Web server from hacker attacks, said Web server being connectable to at least one client, the method comprising:

providing a plurality of preset rules on said server, which correspond to specific characteristics of HTTP requests;

receiving an HTTP request on said server from the client, said HTTP request comprising a plurality of characteristics;

analyzing said characteristics of said received HTTP request in accordance with said rules provided on said server;

rejecting said HTTP request, if said rules identify said HTTP request as harmful request;

accepting said HTTP request, if said rules identify said HTTP request as trustable request;

classifying said HTTP request as doubtful request, if said rules identify said request neither as harmful request nor as trustable request;

evaluating the characteristics of said doubtful request;

generating a learned rule on basis of the evaluation.

View all claims

18 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for protecting a Web application running on a first local Web Server bases from hacker attacks, said Web Server being connectable to at least one client, the method comprising the following steps: —providing a plurality of preset rules on said Server, which correspond to specific characteristics of HTTP requests; —receiving an HTTP request on said server from the client, said HTTP request comprising a plurality of characteristics; —analyzing said characteristics of said received HTTP request in accordance with said rules provided on said server; —rejecting said HTTP request, if said rules identify said HTTP request as harmful request; —accepting said HTTP request, if said rules identify said HTTP request as trustable request; —classifying said HTTP request as doubtful request, if said rules identify said request neither as harmful request nor as trustable request; —evaluating the characteristics of said doubtful local request; —generating a learned rule on basis of the edge base evaluation.

75 Citations

View as Search Results

19 Claims

1. A method for protecting a Web application running on a first local Web server from hacker attacks, said Web server being connectable to at least one client, the method comprising:
- providing a plurality of preset rules on said server, which correspond to specific characteristics of HTTP requests;
  
  receiving an HTTP request on said server from the client, said HTTP request comprising a plurality of characteristics;
  
  analyzing said characteristics of said received HTTP request in accordance with said rules provided on said server;
  
  rejecting said HTTP request, if said rules identify said HTTP request as harmful request;
  
  accepting said HTTP request, if said rules identify said HTTP request as trustable request;
  
  classifying said HTTP request as doubtful request, if said rules identify said request neither as harmful request nor as trustable request;
  
  evaluating the characteristics of said doubtful request;
  
  generating a learned rule on basis of the evaluation.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 17)
- - 2. The method according to claim 1, wherein said learned rule is copied to a global server unit connected to at least one further local Web server, wherein the learned rule is uploaded from said global server unit to at least one further local Web server.
  - 3. The method according to claim 2, wherein said learned rule is only uploaded, if a Web application corresponding to the Web application of said first local Web server is running on said at least one further local Web server.
  - 4. The method according claim 1, characterized in that said evaluation is a statistical evaluation.
  - 5. The method according to claim 1, wherein said preset rules can be tuned by a user.
  - 6. The method according to claim 1, wherein a set of rules is selected from the provided plurality of preset rules on said first local Web server.
  - 7. The method according to claim 1, wherein said learned rule is generated on basis of the behavior of said Web application against a set of doubtful requests.
  - 8. The method according to claim 2, wherein a request for further rules is sent from said first local Web server to said global server unit, if said HTTP request is classified as doubtful request.
  - 17. A method for protecting a Web application running on a first local Web server from hacker attacks according to claim 1, substantially as described herein with reference to the accompanying drawings.

9. A system for protecting a Web application running on a first local Web server from hackers attacks, said Web server being connectable to at least one client, the system comprising:
- a plurality of preset rules on said server, which correspond to specific characteristics of HTTP requests;
  
  a means for receiving an HTTP request on said server from a client, said HTTP request comprising a plurality of characteristics;
  
  a means for analyzing said characteristic of said received HTTP request in accordance with said rules provided on said server;
  
  a means for rejecting said HTTP request, if said rules identify said HTTP request as harmful request;
  
  a means for accepting said HTTP request, if said rules identify said HTTP request as trustable request;
  
  a means for classifying said HTTP request as doubtful request, if said rules identify said request neither as harmful nor as trustable request;
  
  a means for evaluating the characteristics of said doubtful request;
  
  a means for generating a learned rule on basis of the evaluation.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 18)
- - 10. The system according to claim 9, including a global server unit to which said learned rule is copied, wherein said global server comprises an uploading means, in order to upload said learned rule to at least one further local Web server.
  - 11. The system according to claim 10, in that wherein said global server unit comprises a clustering means determining if the Web application running on said further local Web server corresponds to the Web application running on said first local Web server.
  - 12. The system according to on of claim 9, wherein said evaluation means is a statistical evaluation means.
  - 13. The system according to claim 9, wherein said first local Web server comprises a tuning and/or activating means for preset rules.
  - 14. The system according to on of claim 9, wherein said first local Web server comprises a means for analyzing the behavior of said Web application running on said first local Web server.
  - 15. The system according to claim 9, wherein said first local Web server comprises a request means for sending a request for further rules to said global server unit, if said HTTP request is classified as doubtful request.
  - 18. A system for protecting a Web application running on a first local Web server from hackers attacks according to claim 9, substantially as described herein with reference to the accompanying drawings.

16. A computer program comprising computer program code stored on a computer readable medium, the computer program code for performing a method for protecting a Web application running on a first local Web server from hacker attacks, said Web server being connectable to at least one client, the method comprising:
- providing a plurality of preset rules on said server, which correspond to specific characteristics of HTTP requests;
  
  receiving an HTTP request on said server from the client, said HTTP request comprising a plurality of characteristics;
  
  analyzing said characteristics of said received HTTP request in accordance with said rules provided on said server;
  
  rejecting said HTTP request, if said rules identify said HTTP request as harmful request;
  
  accepting said HTTP request, if said rules identify said HTTP request as trustable request;
  
  classifying said HTTP request as doubtful request, if said rules identify said request neither as harmful request nor as trustable request;
  
  evaluating the characteristics of said doubtful request;
  
  generating a learned rule on basis of the evaluation.
- View Dependent Claims (19)
- - 19. A computer program according to claim 16, substantially as described herein with reference to the accompanying drawings.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Pulse Secure, LLC (Ivanti Software, Inc.)
Original Assignee
Art of Defense Gmbhbruderwohrdstrasse
Inventors
Meisel, Alexander

Granted Patent

US 8,566,919 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/13
CPC Class Codes

H04L 63/0218   Distributed architectures, ...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0254   Stateful filtering

H04L 63/0263   Rule management

DISTRIBUTED WEB APPLICATION FIREWALL

First Claim

18 Assignments

0 Petitions

Accused Products

Abstract

75 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

DISTRIBUTED WEB APPLICATION FIREWALL

First Claim

18 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

75 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links