Source throttling using CPU stamping
First Claim
1. A computer-readable storage media having computer-executable components for managing web requests being received by a server from a client, said web requests each including header data including message identification (message ID) data identifying unique message data included in the web request and client identification (client ID) data identifying a particular client sending the web request, said components comprising:
- a sending component for sending a reply message to the client for each received web request having different message ID data, said reply message including transformation data and instructions to compute stamp data as a function of the transformation data;
a generating component for generating verification data as a function of the stamp data included in an additional web request received from the client;
a comparing component for comparing the generated verification data to the stamp data included in the additional web request received from the client; and
a processing component for processing the additional web request if the stamp data of the additional web request corresponds to the generated verification data wherein the generating component generates as part of the generated verification data a first verification data value as a function of the message ID data and a second verification data value as a function of the client ID data.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and system for managing one or more web requests provided to a web application from a client computer. An application is responsive to a web request to generate verification data. The application sends a reply to the client to calculate a stamp as a function of the generated verification data. The application is responsive to an additional request from the client including the calculated stamp to determine if it corresponds to the generated verification data. If the calculated stamp corresponds to the generated verification data, the additional web request is submitted to the web application for processing. A Web server subject to a DOS attack will be able to distinguish between genuine users(who generate stamps) and malicious users(who will not generate stamps) and over a period of time be able to restore service to the former and deny to the latter.
71 Citations
17 Claims
-
1. A computer-readable storage media having computer-executable components for managing web requests being received by a server from a client, said web requests each including header data including message identification (message ID) data identifying unique message data included in the web request and client identification (client ID) data identifying a particular client sending the web request, said components comprising:
-
a sending component for sending a reply message to the client for each received web request having different message ID data, said reply message including transformation data and instructions to compute stamp data as a function of the transformation data; a generating component for generating verification data as a function of the stamp data included in an additional web request received from the client; a comparing component for comparing the generated verification data to the stamp data included in the additional web request received from the client; and a processing component for processing the additional web request if the stamp data of the additional web request corresponds to the generated verification data wherein the generating component generates as part of the generated verification data a first verification data value as a function of the message ID data and a second verification data value as a function of the client ID data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for throttling a client sending a plurality of content requests to a server, said content request including message data specifying content for retrieval, said method comprising:
-
receiving, at the server, one of a plurality of content request from the client; transmitting to a client a response message with instructions to compute a stamp as a function of transformation data for each client; receiving, at the server, an additional content request having a computed stamp from the client; and generating verification data as a function of header data included in the received additional content request and assigning processing priority to received additional messages from the client which have a computed stamp corresponding to the generated verification data wherein the header data included in each content request includes client identification (client ID) data identifying a particular client sending the request and message identification (message ID) data identifying unique input message included in the content request, and wherein generating verification data includes generating a first verification data value as a function of the message ID included in the content request and generating a second verification data value as a function of the message ID data, and wherein the transmitting includes transmitting to the client a response message with instructions to compute a stamp for each client identified by the client ID included in the plurality of content request or for each message identified by message ID included in the plurality of content request. - View Dependent Claims (12, 13)
-
-
14. A method for throttling a client sending a distribution request with a plurality of addresses to a server, said distribution request including a message for delivery, said method comprising:
-
receiving, at the server, the distribution request from the client; determining if the distribution request includes a stamp for each address; generating verification data as a function of header data included in the received distribution request when the determining indicates that the distribution request includes a stamp; and assigning processing priority to the distribution request received from the client which has a stamp corresponding to the generated verification data wherein the header data included in the distribution request includes client identification (ID) data identifying a particular client sending the distribution request and message identification (ID) data identifying a unique message included in the distribution request, and wherein generating verification data includes generating a first verification data value as a function of the message ID included in the content request and generating a second verification data value as a function of the message ID data. - View Dependent Claims (15, 16, 17)
-
Specification