公开(公告)号：US20210294749A1

公开(公告)日：2021-09-23

申请号：US17069679

申请日：2020-10-13

Applicant: CLOUDFLARE, INC.

Inventor： Samantha Aki Shugaeva ,  Ivan Babrou ,  Yuchen Wu

IPC: G06F12/0891 ,  G06F12/02 ,  H04L29/08 ,  H04L12/841 ,  G06F9/30

Abstract: A computing device includes a volatile memory that includes a first cache, a non-volatile storage that includes a second cache, and a cache service. The cache service, responsive to a cache miss, retrieves that asset and writes that asset to the first cache and not the second cache. The cache service reads the asset from the first cache responsive to requests for the asset until the asset is evicted from the first cache or until the asset is promoted to the second cache. The cache service promotes the asset to the second cache upon determining that a set of one or more criteria are satisfied including a predefined number of cache hits for the asset when it is in the first cache. The cache service reads the asset from the second cache responsive to requests for the asset until the asset is evicted from the second cache.

公开(公告)号：US20210281584A1

公开(公告)日：2021-09-09

申请号：US16810187

申请日：2020-03-05

Applicant: CLOUDFLARE, INC.

Inventor： Jonathan Philip Levine ,  Rustam Xing Lalkaka ,  Evan Johnson

IPC: H04L29/06 ,  H04L29/08

Abstract: An edge server receives a request from a client network application for a web page hosted at an origin server. The edge server transmits the requested web page in a response. The edge server accesses an edge server request log to retrieve a log entry associated with the request for the web page, where the log entry associated with the request for the web page includes information regarding the request and the response. The edge server retrieves one or more characteristics of an asset of the web page, where each characteristics has an expected value. The edge server determines whether the origin server is compromised when a value for a characteristic is not within a threshold range of the expected value for the characteristic of the asset and performs a mitigation action in response.

公开(公告)号：US11038959B2

公开(公告)日：2021-06-15

申请号：US16696879

申请日：2019-11-26

Applicant: CLOUDFLARE, INC.

Inventor： Kenton Taylor Varda ,  Kyle Kloepper

IPC: H04L29/06 ,  H04L29/08

Abstract: A first compute server of a distributed cloud computing network receives a request from a first client device for an object to be handled by an object worker that includes a single instantiation of a piece of code that solely controls reading and writing access to the first object. A determination is made that the object worker is instantiated for the object and is currently running in the first compute server, and the piece of code processes the first request. The first compute server receives a message to be processed by the first object worker from a second compute server. The message includes a second request for the object from a second client device connected to the second compute server. The piece of code processes the message and transmits a reply to the second compute server.

公开(公告)号：US11025670B2

公开(公告)日：2021-06-01

申请号：US16553105

申请日：2019-08-27

Applicant: CLOUDFLARE, INC.

Inventor： Justin Matthew Paine

IPC: G06F7/04 ,  G06F17/30 ,  H04N7/16 ,  H04L29/06 ,  H04L29/08

Abstract: A method and apparatus that provide a malicious domain emulator in a distributed cloud computing network are described. A malicious node emulator is executed as a third-party code in a compute server of the cloud computing platform to enable emulation of behavior of a malicious node. The malicious node emulator receives requests from one or multiple network devices addressed to the malicious domain and automatically emulates the behavior of the malicious domain to respond to these requests. The malicious node emulator logs information related to the requests and the network devices transmitting the requests.

公开(公告)号：US20210112029A1

公开(公告)日：2021-04-15

申请号：US17131439

申请日：2020-12-22

Applicant: CLOUDFLARE, INC.

Inventor： Marek Przemyslaw MAJKOWSKI ,  Alexander FORSTER ,  Maciej BILAS

IPC: H04L29/12 ,  H04L12/741 ,  H04L12/721 ,  H04L12/749

Abstract: A first edge server of multiple edge servers of a distributed edge computing network receives a request from a client device regarding a resource hosted at an origin server according to an anycast implementation. The first edge server modifies the request to include identifying information for the first edge server prior to sending the request to the origin server. The origin server responds with a response packet that includes the identifying information of the first edge server. Instead of routing the response packet to the client device directly, one of the multiple edge servers receives the response packet due to the edge servers each having the same anycast address. If the edge server that receives the response packet is not the first edge server, that edge server transmits the response packet to the first edge server, who processes the response packet and transmits the response packet to the client device.

公开(公告)号：US10904005B2

公开(公告)日：2021-01-26

申请号：US16687418

申请日：2019-11-18

Applicant: Cloudflare, Inc.

Inventor： Nicholas Thomas Sullivan

IPC: H04L9/32 ,  G06F21/45 ,  H04L29/06 ,  H04L9/08 ,  G06F21/62 ,  G06F21/31 ,  G06F21/60 ,  G06F21/40

Abstract: A server receives a piece of data for encryption. The server encrypts the piece of data such that no single key can decrypt the encrypted piece of data and any combination of a first multiple of unique keys taken a second multiple at a time are capable of decrypting the encrypted piece of data. Each of the first multiple of unique keys is tied to account credentials of a different user. The second multiple is less than or equal to the first multiple. The encrypted piece of data is returned.

公开(公告)号：US10855798B2

公开(公告)日：2020-12-01

申请号：US16430192

申请日：2019-06-03

Applicant: CLOUDFLARE, INC.

Inventor： Lee Hahn Holloway ,  Matthew Browning Prince

IPC: H04L29/08 ,  H04L29/12 ,  H04L29/06

Abstract: A proxy server receives from a client device a request for a network resource that is hosted at an origin server for a domain. The proxy server transmits the request to the origin server. Responsive to determining that the origin server is offline, the proxy server determines whether the requested resource is available in cache. If it is in cache, the proxy server retrieves the requested resource from the cache and transmits the requested resource to the client device. The proxy server also transmits an offline browsing cookie to the client device for the domain such that when a subsequent request is received from the client device for a resource of the domain that includes the offline browsing cookie, a cached version of the requested resource will be served instead of querying the origin server.

公开(公告)号：US20200336409A1

公开(公告)日：2020-10-22

申请号：US16387431

申请日：2019-04-17

Applicant: CLOUDFLARE, INC.

Inventor： Christopher Philip Branch

IPC: H04L12/721 ,  H04L29/06 ,  H04L12/751 ,  H04L12/741

Abstract: A method and a VPN server for VPN route optimization are described. The VPN server establishes a first VPN connection with a first client device and a second VPN connection with a second client device. The VPN server determines that the first and second client devices are part of a same local network; and responsive to determining that the first and the second client devices are part of the same local network, transmits, to the first client device through the first VPN connection, a second public network address of the second client device, and to the second client device through the second VPN connection, a first public network address of the first client device. The transmission of the first and second public network addresses causes the first client device to determine an optimal route from the first client device to the second client device for the traffic in the VPN.

公开(公告)号：US10805323B1

公开(公告)日：2020-10-13

申请号：US16806878

申请日：2020-03-02

Applicant: CLOUDFLARE, INC.

Inventor： Kenton Taylor Varda

IPC: H04L29/06 ,  H04L29/08 ,  G06F21/12 ,  G06F21/50 ,  G06F21/52 ,  G06F21/53

Abstract: A worker process monitors a behavior of a third-party code piece executing in a first isolated execution environment of a plurality of isolated execution environments of a first process in a first compute server. When the behavior of the executing third-party code piece is indicative of a potential speculative execution attack, the third-party code piece is flagged. When a subsequent request is received that triggers execution of the flagged third-party code piece, the worker process generates a private process in the first compute server, separate from the first process, and instantiates a single isolated execution environment within the second process for executing the third-party code piece. The work process loads the third-party code piece in the single isolated execution environment and the second process executes the third-party code piece.

公开(公告)号：US20200314208A1

公开(公告)日：2020-10-01

申请号：US16367207

申请日：2019-03-27

Applicant: CLOUDFLARE, INC.

Inventor： Patrick MEENAN ,  Dane Orion KNECHT

IPC: H04L29/08

Abstract: A process for prioritizing content responses executed by a first server in a distributed cloud platform. The first server including processor, and a non-transitory machine-readable storage medium that provides instructions that, when executed by the processor, causes the first server to perform operations including to receive, at a proxy server, a request for a plurality of content items from a client device, where the proxy server is in a distributed cloud computing platform, to receive at least one of the plurality of content items from an origin server or a cache, to determine a priority scheme for ordering the plurality of content items, where the priority scheme differs from a priority scheme of the client device and differs from a priority scheme of a domain of the plurality of content items, and to send a response including the plurality of content items to the client device in an order according to the priority determined scheme.