FIREWALL INFORMED BY WEB SERVER SECURITY POLICY IDENTIFYING AUTHORIZED RESOURCES AND HOSTS
First Claim
1. A method for controlling access to unauthorized digital content, the method comprising:
- forwarding a request originating at a client computer regarding access to digital content hosted at a content server;
receiving a response to the request from the content server, wherein the response includes undetected malware that triggers the client computer to request content from a malware server;
intercepting the triggered request from the client computer, wherein the triggered request is addressed to the malware server;
identifying that the malware server designated in the triggered request is an unauthorized data source in accordance with one or more security policies;
blocking the triggered request from being sent to the malware server; and
sending the client device an error message based on the identification that the triggered request is associated with the unauthorized data source in accordance with the one or more security policies.
7 Assignments
0 Petitions
Accused Products
Abstract
A user of a client device that is protected by a firewall may navigate to a website using a particular browser process (e.g., a window/tab of a browser) of the client device, sending a content request toward a web content server in the process. The firewall may intercept the content request, and may also receive information from the client device identifying which browser process initiated the content request. Before passing the content request to the appropriate web content server, the firewall may request and download a security policy from a security policy server. The security policy may notify the firewall which hosts are authorized/unauthorized for use with a particular domain, and which file types from each of these hosts are authorized/unauthorized for use with the particular domain. The firewall may then filter content related to the identified browser process based on the security policy.
18 Citations
20 Claims
-
1. A method for controlling access to unauthorized digital content, the method comprising:
-
forwarding a request originating at a client computer regarding access to digital content hosted at a content server; receiving a response to the request from the content server, wherein the response includes undetected malware that triggers the client computer to request content from a malware server; intercepting the triggered request from the client computer, wherein the triggered request is addressed to the malware server; identifying that the malware server designated in the triggered request is an unauthorized data source in accordance with one or more security policies; blocking the triggered request from being sent to the malware server; and sending the client device an error message based on the identification that the triggered request is associated with the unauthorized data source in accordance with the one or more security policies. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory computer readable storage medium having embodied thereon a program executable by a processor for implementing a method for controlling access to unauthorized digital content, the method comprising:
-
forwarding a request originating at a client computer regarding access to digital content hosted at a content server; receiving a response to the request from the content server, wherein the response includes undetected malware that triggers the client computer to request content from a malware server; intercepting the triggered request from the client computer, wherein the triggered request is addressed to the malware server; identifying that the malware server designated in the triggered request is an unauthorized data source in accordance with one or more security policies; blocking the triggered request from being sent to the malware server; and sending the client device an error message based on the identification that the triggered request is associated with the unauthorized data source in accordance with the one or more security policies. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. An apparatus for controlling access to unauthorized digital content, the apparatus comprising:
-
a communication interface that communicates over a communication network to; forward a request originating at a client computer regarding access to digital content hosted at a content server, receive a response to the request from the content server, wherein the response includes undetected malware that triggers the client computer to request content from a malware server, and intercept the triggered request from the client computer, wherein the triggered request is addressed to the malware server, a processor that executes instructions stored in memory, wherein execution of the instructions by the processor; identifies that the malware server designated in the triggered request is an unauthorized data source in accordance with one or more security policies, and blocks the triggered request from being sent to the malware server; wherein the communication interface sends the client device an error message based on the identification that the triggered request is associated with the unauthorized data source in accordance with the one or more security policies. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification