Apparatus for filtering server responses
First Claim
1. A data processing apparatus, comprising:
- at least one processor;
a first network interface coupled to the processor and configured to be coupled to a protected network;
a second network interface coupled to the processor and configured to be coupled to an external network;
a core hypertext transfer protocol (HTTP) proxy coupled to the processor and coupled to a content cache, wherein the HTTP proxy is configured to receive an HTTP request from a client computer in the protected network, send the request to a network resource in the external network on behalf of the client computer, and receive an HTTP response from the network resource on behalf of the client computer;
a plurality of spyware scanning engines (SSEs), wherein each of the SSEs is coupled to stored content signatures, and wherein each of the SSEs is configured to detect a particular kind of malicious software in the HTTP response;
logic comprising one or more sequences of instructions which when executed cause the at least one processor to perform;
scanning the HTTP response and determining two or more types of content in the HTTP response;
based on the types of content in the HTTP response, selecting two or more of the SSEs for use in further evaluation of the HTTP response;
providing a reference to the HTTP response to the selected two or more SSEs.
1 Assignment
0 Petitions
Accused Products
Abstract
A data processing apparatus can perform HTTP traffic monitoring and filtering of HTTP requests from clients and responses from servers. Example apparatus comprises a processor; a first network interface to a protected network; a second network interface to an external network; a core hypertext transfer protocol (HTTP) proxy coupled to the processor and coupled to a content cache, wherein the HTTP proxy is configured to receive an HTTP request from a client computer in the protected network, send the request to a network resource in the external network on behalf of the client, and receive an HTTP response from the network resource on behalf of the client computer; and a plurality of spyware scanning engines (SSEs), wherein each of the SSEs is coupled to stored content signatures, and wherein each of the SSEs is configured to detect a particular kind of malicious software in an HTTP response.
281 Citations
33 Claims
-
1. A data processing apparatus, comprising:
-
at least one processor; a first network interface coupled to the processor and configured to be coupled to a protected network; a second network interface coupled to the processor and configured to be coupled to an external network; a core hypertext transfer protocol (HTTP) proxy coupled to the processor and coupled to a content cache, wherein the HTTP proxy is configured to receive an HTTP request from a client computer in the protected network, send the request to a network resource in the external network on behalf of the client computer, and receive an HTTP response from the network resource on behalf of the client computer; a plurality of spyware scanning engines (SSEs), wherein each of the SSEs is coupled to stored content signatures, and wherein each of the SSEs is configured to detect a particular kind of malicious software in the HTTP response; logic comprising one or more sequences of instructions which when executed cause the at least one processor to perform; scanning the HTTP response and determining two or more types of content in the HTTP response; based on the types of content in the HTTP response, selecting two or more of the SSEs for use in further evaluation of the HTTP response; providing a reference to the HTTP response to the selected two or more SSEs. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A data processing apparatus, comprising:
-
at least one processor; a first network interface coupled to the processor and configured to be coupled to a protected network; a second network interface coupled to the processor and configured to be coupled to an external network; a core hypertext transfer protocol (HTTP) proxy coupled to the processor and coupled to a content cache, wherein the HTTP proxy comprises means for receiving an HTTP request from a client computer in the protected network, means for sending the request to a network resource in the external network on behalf of the client computer, and means for receiving an HTTP response from the network resource on behalf of the client computer; a plurality of spyware scanning engines (SSEs), wherein each of the SSEs is coupled to stored content signatures, and wherein each of the SSEs is configured to detect a particular kind of malicious software in an HTTP response; means for scanning the HTTP response and determining two or more types of content in the HTTP response; means for selecting, based on the types of content in the HTTP response, two or more of the SSEs for use in further evaluation of the HTTP response; means for providing a reference to the HTTP response to the selected two or more SSEs. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A computer-readable volatile or non-volatile storage medium having encoded thereon one more sequences of instructions which, when executed by at least one processor, cause the processor to perform:
-
executing a core hypertext transfer protocol (HTTP) proxy and a content cache, wherein the HTTP proxy is configured to receive an HTTP request from a client computer in a protected network, send the request to a network resource in an external network on behalf of the client computer, and receive an HTTP response from the network resource on behalf of the client computer; executing a plurality of spyware scanning engines (SSEs), wherein each of the SSEs is coupled to stored content signatures, and wherein each of the SSEs is configured to detect a particular kind of malicious software in an HTTP response; scanning the HTTP response and determining two or more types of content in the HTTP response; based on the types of content in the HTTP response, selecting two or more of the SSEs for use in further evaluation of the HTTP response; providing a reference to the HTTP response to the selected two or more SSEs. - View Dependent Claims (30, 31, 32, 33)
-
Specification