-
公开(公告)号:US10581904B2
公开(公告)日:2020-03-03
申请号:US15585090
申请日:2017-05-02
Applicant: CloudFlare, Inc.
Inventor: Lee Hahn Holloway , Srikanth N. Rao , Matthew Browning Prince , Matthieu Philippe François Tourne , Ian Gerald Pye , Ray Raymond Bejjani , Terry Paul Rodery, Jr.
Abstract: Message(s) are received from each one of multiple proxy servers, which are anycasted to the same IP address, that indicate source IP addresses of packets that are received that are directed to that same IP address. These proxy servers receive the packets as result of domain(s) resolving to that same IP address, and a particular one of the proxy servers receives the packets as a result of an anycast protocol implementation selecting that proxy server. Based on these message(s) from each of the proxy servers, a determination of the likelihood of a packet having a particular source IP address being legitimately received at each of the proxy servers is determined. A message is transmitted to each of the proxy servers that indicates which source IP addresses of packets are not likely to be legitimately received at that proxy server.
-
公开(公告)号:US20190394298A1
公开(公告)日:2019-12-26
申请号:US16430192
申请日:2019-06-03
Applicant: CLOUDFLARE, INC.
Inventor: Lee Hahn Holloway , Matthew Browning Prince
Abstract: A proxy server receives from a client device a request for a network resource that is hosted at an origin server for a domain. The request is received at the proxy server as a result of a DNS request for the domain resolving to the proxy server. The origin server is one of multiple origin servers that belong to different domains that resolve to the proxy server and are owned by different entities. The proxy server transmits the request to the origin server. Responsive to determining that the origin server is offline, the proxy server determines whether the requested resource is available in cache. If it is in cache, the proxy server retrieves the requested resource from the cache and transmits the requested resource to the client device.
-
公开(公告)号:US10447649B2
公开(公告)日:2019-10-15
申请号:US14143880
申请日:2013-12-30
Applicant: CloudFlare, Inc.
Inventor: Matthew Browning Prince , Lee Hahn Holloway , David Randolph Conrad , Matthieu Philippe François Tourne
IPC: G06F15/16 , G06F15/173 , H04L29/12 , H04L29/08 , H04L29/06
Abstract: A first packet of a first protocol version type that includes an incoming request for an action to be performed on an identified resource is received from a client at a proxy server as a result of a DNS request resolving to a network address of the proxy server. The proxy server transmits an outgoing request for the action to be performed on the identified resource to a network address of the destination origin server in a second packet that is of the second protocol version type. The proxy server receives a third packet that includes an incoming response from the destination origin server, the third packet being of the second protocol version type. The proxy server transmits a fourth packet to the client, the fourth packet being of the first protocol version type, wherein the fourth packet includes an outgoing response that is based on the incoming response.
-
公开(公告)号:US20190253365A1
公开(公告)日:2019-08-15
申请号:US16272289
申请日:2019-02-11
Applicant: Cloudflare, Inc.
Inventor: Matthew Browning Prince , Matthieu Philippe François Tourne , Christopher Stephen Joel , John Brinton Roberts , Michael Jonas Sofaer , Jason Thomas Walte Benterou
IPC: H04L12/911 , H04L29/06 , H04L29/08 , G06F8/61
Abstract: A proxy server automatically includes web applications in web pages at the network level. The proxy server receives, from a client device, a request for a network resource at a domain and is hosted at an origin server. The proxy server retrieves the requested network resource. The retrieved network resource does not include the web applications. The proxy server determines that the web applications are to be installed within the network resource. The proxy server automatically modifies the retrieved network resource to include the web applications. The proxy server transmits a response to the client device that includes the modified network resource. The network resource may remain unchanged at the origin server.
-
公开(公告)号:US10169479B2
公开(公告)日:2019-01-01
申请号:US14686591
申请日:2015-04-14
Applicant: CLOUDFLARE, INC.
Inventor: Lee Hahn Holloway , Matthew Browning Prince , Ian Gerald Pye
IPC: G06F15/16 , G06F17/30 , H04L29/12 , H04L29/06 , H04L29/08 , H04L29/14 , G06F21/55 , G06F21/00 , G06Q30/02 , G06Q10/10 , G06F17/22 , H04L12/58
Abstract: A proxy server for limiting Internet connection speed of visitors that pose a threat. The proxy server receives from a client device a request to perform an action on an identified resource that is hosted at an origin server for a domain. The proxy server receives the request as a result of a DNS request for the domain resolving to the proxy server. The origin server is one of multiple origin servers that belong to different domains that resolve to the proxy server and are owned by different entities. The proxy server analyzes the request to determine whether a visitor belonging to the request poses a threat. If the proxy server determines that the visitor poses a threat, the proxy server reduces the speed at which the proxy server processes the request while keeping a connection to the client device open.
-
Patent Agency Ranking
公开(公告)号:US20180131668A1
公开(公告)日:2018-05-10
申请号:US15666412
申请日:2017-08-01
Applicant: CLOUDFLARE, INC.
Inventor: Matthew Browning Prince , Lee Hahn Holloway , Michelle Marie Zatlyn
CPC classification number: H04L61/2007 , H04L41/069 , H04L61/1511 , H04L63/0281 , H04L63/14 , H04L67/1034 , H04L67/2814 , H04L67/2842 , H04L69/40
Abstract: A domain name is received from a customer. DNS is queried for multiple possible subdomains of the domain. For each subdomain that resolves, information about that subdomain's corresponding resource record is stored in a zone file that also includes a resource record for the domain name. The zone file is presented to the customer. A designation from the customer of which of the resource records are to point to an IP address of a proxy server is received. The resource records are modified according to the input of the customer and the zone file is propagated including the modified resource records.
-
57.发明申请公开(公告)号:US20180048730A1
公开(公告)日:2018-02-15
申请号:US15233157
申请日:2016-08-10
Applicant: CLOUDFLARE, INC.
Inventor: Dane Orion Knecht , John Graham-Cumming , Matthew Browning Prince
CPC classification number: H04L67/2828 , H04L67/02 , H04L67/10 , H04L67/2842 , H04L67/42 , H04L69/04
Abstract: A near end point of presence (PoP) of a cloud proxy service receives, from a client device, a request for a network resource. A far end PoP from a plurality of PoPs of the cloud proxy service is identified. Responsive to determining that a version of the network resource is stored in the near end PoP, a request for the network resource is transmitted to the far end PoP with a version identifier that identifies that version. The far end PoP receives, from the near end PoP, a response that includes difference(s) between the version of the network resource stored in the near end PoP with a most current version of the network resource. The response does not include the entire network resource. The near end PoP applies the specified difference(s) to the version that it has stored to generate an updated version of the network resource, and transmits it to the client device.
-
公开(公告)号:US20180004765A1
公开(公告)日:2018-01-04
申请号:US15497153
申请日:2017-04-25
Applicant: CloudFlare, Inc.
IPC: G06F17/30 , G06F15/16 , H04L29/08 , H04L29/06 , G06F17/22 , H04L12/58 , G06Q30/02 , G06Q10/10 , G06F21/55 , G06F21/00 , H04L29/14 , H04L29/12
CPC classification number: G06F16/958 , G06F15/16 , G06F16/95 , G06F17/2247 , G06F21/00 , G06F21/552 , G06Q10/107 , G06Q30/0241 , G06Q30/0251 , G06Q30/0277 , H04L29/12066 , H04L47/745 , H04L51/22 , H04L61/1511 , H04L61/2007 , H04L61/6013 , H04L63/0236 , H04L63/0245 , H04L63/0254 , H04L63/0281 , H04L63/083 , H04L63/0861 , H04L63/102 , H04L63/126 , H04L63/1416 , H04L63/1433 , H04L63/1441 , H04L63/1458 , H04L63/1466 , H04L67/02 , H04L67/146 , H04L67/28 , H04L67/2804 , H04L67/2842 , H04L69/40
Abstract: A proxy server receives from a client device a request for a network resource that is hosted at an origin server for a domain. The request is received at the proxy server as a result of a DNS request for the domain resolving to the proxy server. The origin server is one of multiple origin servers that belong to different domains that resolve to the proxy server and are owned by different entities. The proxy server retrieves the requested network resource. The proxy server determines that the requested resource is an HTML page. The proxy server scans the HTML page to locate one or more modification tokens that each indicates content that is subject to being modified. For at least one of the located modification tokens, the proxy server automatically modifies at least a portion of the content of the HTML page that corresponds to that modification token. The proxy server then transmits the modified HTML page to the client device.
-
59.发明申请公开(公告)号:US20170237571A1
公开(公告)日:2017-08-17
申请号:US15271190
申请日:2016-09-20
Applicant: CLOUDFLARE, INC.
Inventor: Sébastien Andreas Henry Pahl , Matthieu Philippe François Tourne , Piotr Sikora , Ray Raymond Bejjani , Dane Orion Knecht , Matthew Browning Prince , John Graham-Cumming , Lee Hahn Holloway , Nicholas Thomas Sullivan , Albertus Strasheim
CPC classification number: H04L9/3263 , G06F21/33 , H04L9/083 , H04L9/0841 , H04L9/0844 , H04L9/14 , H04L9/3013 , H04L9/3247 , H04L63/0428 , H04L63/0485 , H04L63/061 , H04L63/0823 , H04L63/0869 , H04L63/164 , H04L63/166 , H04L63/205 , H04L67/141 , H04L67/42
Abstract: A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to the different server for decryption along with other information necessary to compute a master secret. The different server decrypts the encrypted premaster secret, generates the master secret, and transmits the master secret to the server. The server receives the master secret and continues with the handshake procedure including generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.
-
公开(公告)号:US20170223132A1
公开(公告)日:2017-08-03
申请号:US15489433
申请日:2017-04-17
Applicant: CLOUDFLARE, INC.
Inventor: Lee Hahn Holloway , Matthew Browning Prince
CPC classification number: H04L67/2861 , H04L61/1511 , H04L63/0209 , H04L63/0884 , H04L63/145 , H04L67/2838 , H04L67/2842
Abstract: A proxy server receives from a client device a request for a network resource that is hosted at an origin server for a domain. The request is received at the proxy server as a result of a DNS request for the domain resolving to the proxy server. The origin server is one of multiple origin servers that belong to different domains that resolve to the proxy server and are owned by different entities. The proxy server transmits the request to the origin server. Responsive to determining that the origin server is offline, the proxy server determines whether the requested resource is available in cache. If it is in cache, the proxy server retrieves the requested resource from the cache and transmits the requested resource to the client device.
-
-
-
-
-
-
-
-
-
Search Results
118
records
(took 0.043 seconds)
