公开(公告)号：US20220166786A1

公开(公告)日：2022-05-26

申请号：US17667372

申请日：2022-02-08

Applicant: CLOUDFLARE, INC.

Inventor： Jonathan Philip Levine ,  Rustam Xing Lalkaka ,  Evan Johnson

IPC: H04L9/40 ,  H04L67/02

Abstract: An edge server receives a request from a client network application for a web page hosted at an origin server. The edge server transmits the requested web page in a response. The edge server accesses an edge server request log to retrieve a log entry associated with the request for the web page, where the log entry associated with the request for the web page includes information regarding the request and the response. The edge server retrieves one or more characteristics of an asset of the web page, where each characteristics has an expected value. The edge server determines whether the origin server is compromised when a value for a characteristic is not within a threshold range of the expected value for the characteristic of the asset and performs a mitigation action in response.

公开(公告)号：US11245710B2

公开(公告)日：2022-02-08

申请号：US16810187

申请日：2020-03-05

Applicant: CLOUDFLARE, INC.

Inventor： Jonathan Philip Levine ,  Rustam Xing Lalkaka ,  Evan Johnson

IPC: H04L29/06 ,  H04L29/08

Abstract: An edge server receives a request from a client network application for a web page hosted at an origin server. The edge server transmits the requested web page in a response. The edge server accesses an edge server request log to retrieve a log entry associated with the request for the web page, where the log entry associated with the request for the web page includes information regarding the request and the response. The edge server retrieves one or more characteristics of an asset of the web page, where each characteristics has an expected value. The edge server determines whether the origin server is compromised when a value for a characteristic is not within a threshold range of the expected value for the characteristic of the asset and performs a mitigation action in response.

公开(公告)号：US20200314212A1

公开(公告)日：2020-10-01

申请号：US16836613

申请日：2020-03-31

Applicant: CLOUDFLARE, INC.

Inventor： Christopher Philip Branch ,  Naga Sunil Tripirineni ,  Rustam Xing Lalkaka ,  Nick Wondra ,  Mohd Irtefa ,  Matthew Browning Prince ,  Andrew Taylor Plunk ,  Oliver Yu ,  Vlad Krasnov

IPC: H04L29/08 ,  H04L29/06 ,  H04L12/46

Abstract: A request is received from a client device over a Virtual Private Network (VPN) tunnel. The request is received at a first one of a plurality of edge servers of a distributed cloud computing network. A destination of the request is determined and an optimized route for transmitting the request toward an origin server is determined. The optimized route is based at least in part on probe data between edge servers of the distributed cloud computing network. The request is transmitted to a next hop as defined by the optimized route.

公开(公告)号：US20230088115A1

公开(公告)日：2023-03-23

申请号：US17734944

申请日：2022-05-02

Applicant: CLOUDFLARE, INC.

Inventor： Alex Krivit ,  Rustam Xing Lalkaka ,  Samantha Aki Shugaeva ,  Edward H. Wang ,  Yuchen Wu

IPC: H04L67/5681

Abstract: An intermediary server receives a request from a client that identifies an asset that is handled by an origin server. The intermediary server generates an informational response that includes one or more link header fields that reference one or more pieces of content respectively that are predicted by the intermediary server to be linked within a final response for the asset. The intermediary server transmits the generated informational response to the client prior to a final response for the request. The intermediary server transmits the request to the origin server and receives a final response to the request. The intermediary server transmits the final response to the request to the client.

公开(公告)号：US11533197B2

公开(公告)日：2022-12-20

申请号：US17481177

申请日：2021-09-21

Applicant: CLOUDFLARE, INC.

Inventor： Nicholas Alexander Wondra ,  Achiel Paul van der Mandele ,  Alexander Forster ,  Eric Reeves ,  Joaquin Madruga ,  Rustam Xing Lalkaka ,  Marek Przemyslaw Majkowski

IPC: G06F15/16 ,  H04L12/46 ,  H04L101/618

Abstract: A GRE tunnel is configured between multiple computing devices of a distributed cloud computing network and a single origin router of the origin network. The GRE tunnel has a first GRE endpoint that has an IP address that is shared among the computing devices of the distribute cloud computing network and a second GRE endpoint that has a publicly routable IP address of the origin router. A first computing device receives an IP packet from a client that is destined to an origin server. The first computing device processes the received IP packet and encapsulates the IP packet inside an outer packet to generate a GRE encapsulated packet whose source address is the first GRE endpoint and the destination address is the second GRE endpoint. The GRE encapsulated packet is transmitted over the GRE tunnel to the single origin router.

公开(公告)号：US20220286424A1

公开(公告)日：2022-09-08

申请号：US17409535

申请日：2021-08-23

Applicant: CLOUDFLARE, INC.

Inventor： Marek Przemyslaw Majkowski ,  Braden Michael Ehrat ,  Sergi Isasi ,  Dane Orion Knecht ,  Dina Kozlov ,  Rustam Xing Lalkaka ,  Eric Reeves ,  Oliver Zi-gang Yu

IPC: H04L29/12

Abstract: A map of IP addresses of a distributed cloud computing network to one or more groupings is stored. The IP addresses are anycast IP addresses for which compute servers of the distributed cloud computing network share. These IP addresses are to be used as source IP addresses when transmitting traffic to destinations external to the cloud computing network. The map is made available to external destinations. Traffic is received at the distributed cloud computing network that is destined to an external destination. An IP address is selected based on the characteristic(s) applicable for the traffic and the map. The distributed cloud computing network transmits the traffic to the external destination using the selected IP address.

公开(公告)号：US11438302B1

公开(公告)日：2022-09-06

申请号：US17409535

申请日：2021-08-23

Applicant: CLOUDFLARE, INC.

Inventor： Marek Przemyslaw Majkowski ,  Braden Michael Ehrat ,  Sergi Isasi ,  Dane Orion Knecht ,  Dina Kozlov ,  Rustam Xing Lalkaka ,  Eric Reeves ,  Oliver Zi-Gang Yu

IPC: H04L29/08 ,  H04L29/06 ,  H04L61/5007

Abstract: A map of IP addresses of a distributed cloud computing network to one or more groupings is stored. The IP addresses are anycast IP addresses for which compute servers of the distributed cloud computing network share. These IP addresses are to be used as source IP addresses when transmitting traffic to destinations external to the cloud computing network. The map is made available to external destinations. Traffic is received at the distributed cloud computing network that is destined to an external destination. An IP address is selected based on the characteristic(s) applicable for the traffic and the map. The distributed cloud computing network transmits the traffic to the external destination using the selected IP address.

公开(公告)号：US11425216B2

公开(公告)日：2022-08-23

申请号：US16836613

申请日：2020-03-31

Applicant: CLOUDFLARE, INC.

Inventor： Christopher Philip Branch ,  Naga Sunil Tripirineni ,  Rustam Xing Lalkaka ,  Nick Wondra ,  Mohd Irtefa ,  Matthew Browning Prince ,  Andrew Taylor Plunk ,  Oliver Yu ,  Vlad Krasnov

IPC: H04L12/721 ,  H04L29/06 ,  H04L29/12 ,  H04L67/63 ,  H04L9/40 ,  H04L67/10 ,  H04L12/46 ,  G06F3/0481

Abstract: A request is received from a client device over a Virtual Private Network (VPN) tunnel. The request is received at a first one of a plurality of edge servers of a distributed cloud computing network. A destination of the request is determined and an optimized route for transmitting the request toward an origin server is determined. The optimized route is based at least in part on probe data between edge servers of the distributed cloud computing network. The request is transmitted to a next hop as defined by the optimized route.

公开(公告)号：US11323537B1

公开(公告)日：2022-05-03

申请号：US17476262

申请日：2021-09-15

Applicant: CLOUDFLARE, INC.

Inventor： Alex Krivit ,  Rustam Xing Lalkaka ,  Samantha Aki Shugaeva ,  Edward H. Wang ,  Yuchen Wu

IPC: H04L29/08 ,  H04L67/5681

Abstract: An intermediary server determines, for an asset handled by an origin server, piece(s) of content for inclusion in link header field(s) in an informational response that signifies that the piece(s) of content are predicted to be linked within a final response for the asset. The intermediary server generates an informational response that includes the link header field(s) and responds to a request from a client with the informational response. The intermediary server transmits the request to the origin server. The intermediary server receives the final response to the request from the origin server, and transmits the final response to the client.

公开(公告)号：US12294471B2

公开(公告)日：2025-05-06

申请号：US18434031

申请日：2024-02-06

Applicant: CLOUDFLARE, INC.

Inventor： Nicholas Alexander Wondra ,  Achiel Paul van der Mandele ,  Alexander Forster ,  Eric Reeves ,  Joaquin Madruga ,  Rustam Xing Lalkaka ,  Marek Przemyslaw Majkowski

IPC: H04L12/46 ,  H04L101/618

Abstract: A first computing device of a distributed cloud computing network receives an IP packet that is destined to an origin server of an origin network. The first computing device processes the received IP packet and encapsulates the IP packet inside an outer packet to generate an encapsulated packet, where the outer packet has a source IP address that is advertised as an anycast IP address at the distributed cloud computing network, and a destination IP address of an origin router of the origin network. The encapsulated packet is transmitted to the origin router.