Validating visitor internet-based security threats
First Claim
1. A method in a proxy server for validating visitor Internet-based security threats, comprisingreceiving, from a client device, a request to perform an action on an identified resource that is hosted at an origin server for a domain as a result of a DNS (Domain Name System) request for the domain resolving to the proxy server, wherein the origin server is one of a plurality of origin servers that belong to different domains that resolve to the proxy server and are owned by different entities, and wherein the proxy server and the plurality of origin servers are owned by different entities;
- determining, based on an IP (Internet Protocol) address assigned to the client device and associated with the request, that a visitor belonging to the client device is a potential threat; and
causing a validating domain server to determine whether the visitor is a threat based on a cookie associated with the visitor for a validating domain, the causing including transmitting a response to the client device that includes a redirection to the validating domain that resolves to the validating domain server.
0 Assignments
0 Petitions
Accused Products
Abstract
A validating server receives from a client device a first request that does not include a cookie for a validating domain that resolves to the validating sever. The first request is received at the validating server as a result of a proxy server redirecting the client device to the validating domain upon a determination that a visitor belonging to the client device is a potential threat based on an IP (Internet Protocol) address assigned to the client device used for a second request to perform an action on an identified resource hosted on an origin server for an origin domain. The validating server sets a cookie for the client device, determines a set of characteristics associated with the first client device, and transmits the cookie and a block page to the client device that has been customized based on the set of characteristics, the block page indicating that the second request has been blocked.
182 Citations
6 Claims
-
1. A method in a proxy server for validating visitor Internet-based security threats, comprising
receiving, from a client device, a request to perform an action on an identified resource that is hosted at an origin server for a domain as a result of a DNS (Domain Name System) request for the domain resolving to the proxy server, wherein the origin server is one of a plurality of origin servers that belong to different domains that resolve to the proxy server and are owned by different entities, and wherein the proxy server and the plurality of origin servers are owned by different entities; -
determining, based on an IP (Internet Protocol) address assigned to the client device and associated with the request, that a visitor belonging to the client device is a potential threat; and causing a validating domain server to determine whether the visitor is a threat based on a cookie associated with the visitor for a validating domain, the causing including transmitting a response to the client device that includes a redirection to the validating domain that resolves to the validating domain server. - View Dependent Claims (2, 3)
-
-
4. A non-transitory machine-readable storage medium that provides instructions that, when executed by a processor of a proxy server, cause said processor to perform operations comprising:
-
receiving, from a client device, a request to perform an action on an identified resource that is hosted at an origin server for a domain as a result of a DNS (Domain Name System) request for the domain resolving to the proxy server, wherein the origin server is one of a plurality of origin servers that belong to different domains that resolve to the proxy server and are owned by different entities, and wherein the proxy server and the plurality of origin servers are owned by different entities; determining, based on an IP (Internet Protocol) address assigned to the client device and associated with the request, that a visitor belonging to the client device is a potential threat; and causing a validating domain server to determine whether the visitor is a threat based on a cookie associated with the visitor for a validating domain, the causing including transmitting a response to the client device that includes a redirection to the validating domain that resolves to the validating domain server. - View Dependent Claims (5, 6)
-
Specification
-
- Resources
-
Current AssigneeCloudFlare Incorporated
-
Original AssigneeCloudFlare Incorporated
-
InventorsPrince, Matthew Browning, Holloway, Lee Hahn, Pye, Ian Gerald
-
Primary Examiner(s)Schwartz, Darren B
-
Application NumberUS14/503,299Publication NumberTime in Patent Office840 DaysField of SearchUS Class Current1/1CPC Class CodesG06F 15/16 Combinations of two or more...G06F 16/95 Retrieval from the webG06F 16/958 Organisation or management ...G06F 21/00 Security arrangements for p...G06F 21/552 involving long-term monitor...G06F 40/14 Tree-structured documents p...G06F 40/143 Markup, e.g. Standard Gener...G06Q 10/107 Computer-aided management o...G06Q 30/0241 AdvertisementsG06Q 30/0251 Targeted advertisementsG06Q 30/0277 Online advertisementH04L 47/745 Reaction in networkH04L 51/42 Mailbox-related aspects, e....H04L 61/4511 using domain name system [DNS]H04L 61/5007 Internet protocol [IP] addr...H04L 61/59 using proxies for addressingH04L 63/0236 Filtering by address, proto...H04L 63/0245 Filtering by information in...H04L 63/0254 Stateful filteringH04L 63/0281 ProxiesView All
