Verification of server name in a proxy device for connection requests made using domain names

    公开(公告)号:US10326730B2

    公开(公告)日:2019-06-18

    申请号:US15193863

    申请日:2016-06-27

    Abstract: Techniques are presented herein for a proxy device to verify that the server name listed in a connection request message is the name of the server at the IP address listed in the connection request message. The proxy device obtains a domain name server query sent by a client to a domain name server and then obtains a domain name server result that is sent by the domain name server. The proxy device may cache the data of the domain name server result. The proxy device may obtain a connection request message sent by the client seeking a connection with a server, and then compare the connection request message to the cached domain name server result. Finally, the proxy device may apply one or more policies to the connection request message based on the comparison between the connection request message and the domain name server result.

    Fastpath web sessions with HTTP header modification by redirecting clients

    公开(公告)号:US10264079B2

    公开(公告)日:2019-04-16

    申请号:US15157621

    申请日:2016-05-18

    Abstract: A handshake procedure to establish a first connection between a client and a server is monitored at an intermediate network device. A request message sent to the server from the client is received at the intermediate network device. The request message includes parameters defining a manner of receiving information from the server. The parameters defining the manner of receiving information from the server are modified to produce modified parameters. A redirect message is sent from the intermediate network device to the client to induce or cause the client to establish a second connection with the server based upon the modified parameters, wherein the redirect message contains the modified parameters.

    VERIFICATION OF SERVER NAME IN A PROXY DEVICE FOR CONNECTION REQUESTS MADE USING DOMAIN NAMES

    公开(公告)号:US20170374017A1

    公开(公告)日:2017-12-28

    申请号:US15193863

    申请日:2016-06-27

    Abstract: Techniques are presented herein for a proxy device to verify that the server name listed in a connection request message is the name of the server at the IP address listed in the connection request message. The proxy device obtains a domain name server query sent by a client to a domain name server and then obtains a domain name server result that is sent by the domain name server. The proxy device may cache the data of the domain name server result. The proxy device may obtain a connection request message sent by the client seeking a connection with a server, and then compare the connection request message to the cached domain name server result. Finally, the proxy device may apply one or more policies to the connection request message based on the comparison between the connection request message and the domain name server result.

    FASTPATH WEB SESSIONS WITH HTTP HEADER MODIFICATION BY REDIRECTING CLIENTS

    公开(公告)号:US20170339253A1

    公开(公告)日:2017-11-23

    申请号:US15157621

    申请日:2016-05-18

    CPC classification number: H04L67/142 H04L67/146 H04L69/22

    Abstract: A handshake procedure to establish a first connection between a client and a server is monitored at an intermediate network device. A request message sent to the server from the client is received at the intermediate network device. The request message includes parameters defining a manner of receiving information from the server. The parameters defining the manner of receiving information from the server are modified to produce modified parameters. A redirect message is sent from the intermediate network device to the client to induce or cause the client to establish a second connection with the server based upon the modified parameters, wherein the redirect message contains the modified parameters.

    Fastpath web sessions with HTTP header modification by redirecting clients

    公开(公告)号:US10686889B2

    公开(公告)日:2020-06-16

    申请号:US16287099

    申请日:2019-02-27

    Abstract: A handshake procedure to establish a first connection between a client and a server is monitored at an intermediate network device. A request message sent to the server from the client is received at the intermediate network device. The request message includes parameters defining a manner of receiving information from the server. The parameters defining the manner of receiving information from the server are modified to produce modified parameters. A redirect message is sent from the intermediate network device to the client to induce or cause the client to establish a second connection with the server based upon the modified parameters, wherein the redirect message contains the modified parameters.

    FASTPATH WEB SESSIONS WITH HTTP HEADER MODIFICATION BY REDIRECTING CLIENTS

    公开(公告)号:US20190199804A1

    公开(公告)日:2019-06-27

    申请号:US16287099

    申请日:2019-02-27

    CPC classification number: H04L67/142 H04L67/146 H04L69/22

    Abstract: A handshake procedure to establish a first connection between a client and a server is monitored at an intermediate network device. A request message sent to the server from the client is received at the intermediate network device. The request message includes parameters defining a manner of receiving information from the server. The parameters defining the manner of receiving information from the server are modified to produce modified parameters. A redirect message is sent from the intermediate network device to the client to induce or cause the client to establish a second connection with the server based upon the modified parameters, wherein the redirect message contains the modified parameters.

    Context sharing between endpoint device and network security device using in-band communications

    公开(公告)号:US10027627B2

    公开(公告)日:2018-07-17

    申请号:US14877116

    申请日:2015-10-07

    Abstract: A network security device (NSD) is connected between a network and an endpoint device configured to host a client application. The client application communicates with the network through the network security device using a request-response protocol. The NSD receives from the client application a request destined for the network and that seeks a response from the network. The request has a context header including context information about the client application. The NSD determines whether the client application or a file accessed thereby has a suspicious nature based on the context information. If it is determined that the client application or the file accessed thereby has a suspicious nature, the NSD blocks the request from the network, and sends to the client application a response indicating the block.

Patent Agency Ranking