公开(公告)号：US20210281584A1

公开(公告)日：2021-09-09

申请号：US16810187

申请日：2020-03-05

Applicant: CLOUDFLARE, INC.

Inventor： Jonathan Philip Levine ,  Rustam Xing Lalkaka ,  Evan Johnson

IPC: H04L29/06 ,  H04L29/08

Abstract: An edge server receives a request from a client network application for a web page hosted at an origin server. The edge server transmits the requested web page in a response. The edge server accesses an edge server request log to retrieve a log entry associated with the request for the web page, where the log entry associated with the request for the web page includes information regarding the request and the response. The edge server retrieves one or more characteristics of an asset of the web page, where each characteristics has an expected value. The edge server determines whether the origin server is compromised when a value for a characteristic is not within a threshold range of the expected value for the characteristic of the asset and performs a mitigation action in response.

公开(公告)号：US20190007214A1

公开(公告)日：2019-01-03

申请号：US16103820

申请日：2018-08-14

Applicant: CLOUDFLARE, INC.

Inventor： Evan Johnson

IPC: H04L9/32 ,  H04L29/06 ,  H04L29/08

Abstract: A request from a computing device for accessing a resource is received by an edge server, where the request includes a cookie containing a first token value and a second token value. The edge server validates the first token value and a second token value using a third token value generated using hashing algorithm with a secret key and one or more other values. The edge server then compares the received token values with the third token value. When the request is validated, the edge server retrieves the request resource.

公开(公告)号：US20170163754A1

公开(公告)日：2017-06-08

申请号：US15369711

申请日：2016-12-05

Applicant: CLOUDFLARE, INC.

Inventor： Evan Johnson

IPC: H04L29/08 ,  H04L12/26 ,  H04L29/12

CPC classification number: H04L61/1511 ,  H04L63/1433 ,  H04L67/02 ,  H04L67/1036

Abstract: An origin server has been registered, or is in the process of being registered, for a proxied service that includes changing Domain Name System (DNS) configurations such that certain network traffic is proxied at a proxy server instead of that traffic being received directly at the origin server. The service checks the configuration and determines if there is any flaw in the configuration that may cause information about the origin server (e.g., the IP address of the origin server) to be leaked. Upon finding a flaw in the configuration, the service may notify the origin server and/or the operator of the origin server that the information may be leaked.

公开(公告)号：US11647031B2

公开(公告)日：2023-05-09

申请号：US17667372

申请日：2022-02-08

Applicant: CLOUDFLARE, INC.

Inventor： Jonathan Philip Levine ,  Rustam Xing Lalkaka ,  Evan Johnson

IPC: H04L9/40 ,  H04L67/02

CPC classification number: H04L63/1416 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/1483 ,  H04L67/02

Abstract: An edge server receives a request from a client network application for a web page hosted at an origin server. The edge server transmits the requested web page in a response. The edge server accesses an edge server request log to retrieve a log entry associated with the request for the web page, where the log entry associated with the request for the web page includes information regarding the request and the response. The edge server retrieves one or more characteristics of an asset of the web page, where each characteristics has an expected value. The edge server determines whether the origin server is compromised when a value for a characteristic is not within a threshold range of the expected value for the characteristic of the asset and performs a mitigation action in response.

公开(公告)号：US10178195B2

公开(公告)日：2019-01-08

申请号：US15369711

申请日：2016-12-05

Applicant: CLOUDFLARE, INC.

Inventor： Evan Johnson

IPC: G06F15/177 ,  H04L29/08 ,  H04L29/12 ,  H04L12/26

Abstract: An origin server has been registered, or is in the process of being registered, for a proxied service that includes changing Domain Name System (DNS) configurations such that certain network traffic is proxied at a proxy server instead of that traffic being received directly at the origin server. The service checks the configuration and determines if there is any flaw in the configuration that may cause information about the origin server (e.g., the IP address of the origin server) to be leaked. Upon finding a flaw in the configuration, the service may notify the origin server and/or the operator of the origin server that the information may be leaked.

公开(公告)号：US10542107B2

公开(公告)日：2020-01-21

申请号：US16241863

申请日：2019-01-07

Applicant: CLOUDFLARE, INC.

Inventor： Evan Johnson

IPC: G06F15/177 ,  H04L29/08 ,  H04L29/12 ,  H04L29/06 ,  H04L12/26

Abstract: Domain Name System (DNS) records of a single site are analyzed. A first one of the DNS records points to an IP address of a service. A second one of the DNS records is not pointed to an IP address of the service and is referencing the first DNS record. An electronic communication is transmitted to an operator for the single site that includes a notification that an IP address of the single site is exposed through the second DNS record.

公开(公告)号：US20180234246A1

公开(公告)日：2018-08-16

申请号：US15696151

申请日：2017-09-05

Applicant: CLOUDFLARE, INC.

Inventor： Evan Johnson

IPC: H04L9/32 ,  H04L9/08 ,  H04L9/06 ,  H04L29/06 ,  H04L29/08 ,  H04L29/12

CPC classification number: H04L9/3236 ,  G06F21/64 ,  H04L9/0643 ,  H04L9/0872 ,  H04L9/3213 ,  H04L9/3234 ,  H04L61/1511 ,  H04L61/2007 ,  H04L61/609 ,  H04L63/08 ,  H04L63/108 ,  H04L63/1466 ,  H04L67/02 ,  H04L67/18

Abstract: A request from a computing device for accessing a resource is received by an edge server, where the request includes a cookie containing a first token value and a second token value. The edge server validates the first token value and a second token value using a third token value generated using hashing algorithm with a secret key and one or more other values. The edge server then compares the received token values with the third token value. When the request is validated, the edge server retrieves the request resource.

公开(公告)号：US10050792B1

公开(公告)日：2018-08-14

申请号：US15696151

申请日：2017-09-05

Applicant: CLOUDFLARE, INC.

Inventor： Evan Johnson

IPC: H04L9/32 ,  H04L9/08 ,  H04L9/06 ,  H04L29/06 ,  H04L29/08 ,  H04L29/12

Abstract: A request from a computing device for accessing a resource is received by an edge server, where the request includes a cookie containing a first token value and a second token value. The edge server validates the first token value and a second token value using a third token value generated using hashing algorithm with a secret key and one or more other values. The edge server then compares the received token values with the third token value. When the request is validated, the edge server retrieves the request resource.

公开(公告)号：US20220166786A1

公开(公告)日：2022-05-26

申请号：US17667372

申请日：2022-02-08

Applicant: CLOUDFLARE, INC.

Inventor： Jonathan Philip Levine ,  Rustam Xing Lalkaka ,  Evan Johnson

IPC: H04L9/40 ,  H04L67/02

Abstract: An edge server receives a request from a client network application for a web page hosted at an origin server. The edge server transmits the requested web page in a response. The edge server accesses an edge server request log to retrieve a log entry associated with the request for the web page, where the log entry associated with the request for the web page includes information regarding the request and the response. The edge server retrieves one or more characteristics of an asset of the web page, where each characteristics has an expected value. The edge server determines whether the origin server is compromised when a value for a characteristic is not within a threshold range of the expected value for the characteristic of the asset and performs a mitigation action in response.

公开(公告)号：US11245710B2

公开(公告)日：2022-02-08

申请号：US16810187

申请日：2020-03-05

Applicant: CLOUDFLARE, INC.

Inventor： Jonathan Philip Levine ,  Rustam Xing Lalkaka ,  Evan Johnson

IPC: H04L29/06 ,  H04L29/08

Abstract: An edge server receives a request from a client network application for a web page hosted at an origin server. The edge server transmits the requested web page in a response. The edge server accesses an edge server request log to retrieve a log entry associated with the request for the web page, where the log entry associated with the request for the web page includes information regarding the request and the response. The edge server retrieves one or more characteristics of an asset of the web page, where each characteristics has an expected value. The edge server determines whether the origin server is compromised when a value for a characteristic is not within a threshold range of the expected value for the characteristic of the asset and performs a mitigation action in response.