-
公开(公告)号:US20220164400A1
公开(公告)日:2022-05-26
申请号:US17667365
申请日:2022-02-08
Applicant: CLOUDFLARE, INC.
Inventor: Lee Hahn Holloway , Matthew Browning Prince , Ian Gerald Pye , Matthieu Philippe François Tourne , Michelle Marie Zatlyn
IPC: G06F16/958 , G06F16/95 , G06F21/55 , H04L9/40 , H04L67/561 , G06Q30/02 , G06Q10/10 , H04L61/4511 , H04L67/02 , H04L67/568 , H04L69/40 , G06F40/143 , G06F40/14 , G06F15/16 , G06F21/00 , H04L67/56 , H04L67/146 , H04L61/5007 , H04L51/42 , H04L47/74
Abstract: A proxy server receives, from multiple visitors of multiple client devices, a plurality of requests for actions to be performed on identified network resources belonging to a plurality of origin servers. At least some of the origin servers belong to different domains and are owned by different entities. The proxy server and the origin servers are also owned by different entities. The proxy server analyzes each request it receives to determine whether that request poses a threat and whether the visitor belonging to the request poses a threat. The proxy server blocks those requests from visitors that pose a threat or in which the request itself poses a threat. The proxy server transmits the requests that are not a threat and is from a visitor that is not a threat to the appropriate origin server.
-
公开(公告)号:US11244024B2
公开(公告)日:2022-02-08
申请号:US16889343
申请日:2020-06-01
Applicant: CLOUDFLARE, INC.
Inventor: Lee Hahn Holloway , Matthew Browning Prince , Ian Gerald Pye , Matthieu Philippe François Tourne , Michelle Marie Zatlyn
IPC: G06F21/00 , G06F16/958 , G06F16/95 , G06F21/55 , H04L29/06 , H04L29/08 , G06Q30/02 , G06Q10/10 , H04L29/12 , H04L29/14 , G06F40/143 , G06F40/14 , G06F15/16 , H04L12/58 , H04L12/911
Abstract: A proxy server receives, from multiple visitors of multiple client devices, a plurality of requests for actions to be performed on identified network resources belonging to a plurality of origin servers. At least some of the origin servers belong to different domains and are owned by different entities. The proxy server and the origin servers are also owned by different entities. The proxy server analyzes each request it receives to determine whether that request poses a threat and whether the visitor belonging to the request poses a threat. The proxy server blocks those requests from visitors that pose a threat or in which the request itself poses a threat. The proxy server transmits the requests that are not a threat and is from a visitor that is not a threat to the appropriate origin server.
-
公开(公告)号:US20200293584A1
公开(公告)日:2020-09-17
申请号:US16889343
申请日:2020-06-01
Applicant: CLOUDFLARE, INC.
Inventor: Lee Hahn Holloway , Matthew Browning Prince , Ian Gerald Pye , Matthieu Philippe François Tourne , Michelle Marie Zatlyn
IPC: G06F16/958 , G06F16/95 , G06F21/55 , H04L29/06 , H04L29/08 , G06Q30/02 , G06Q10/10 , H04L29/12 , H04L29/14 , G06F40/14 , G06F15/16 , G06F21/00 , H04L12/58 , H04L12/911
Abstract: A proxy server receives, from multiple visitors of multiple client devices, a plurality of requests for actions to be performed on identified network resources belonging to a plurality of origin servers. At least some of the origin servers belong to different domains and are owned by different entities. The proxy server and the origin servers are also owned by different entities. The proxy server analyzes each request it receives to determine whether that request poses a threat and whether the visitor belonging to the request poses a threat. The proxy server blocks those requests from visitors that pose a threat or in which the request itself poses a threat. The proxy server transmits the requests that are not a threat and is from a visitor that is not a threat to the appropriate origin server.
-
公开(公告)号:US20200242177A1
公开(公告)日:2020-07-30
申请号:US16848641
申请日:2020-04-14
Applicant: Cloudflare, Inc.
Inventor: Lee Hahn Holloway , Matthew Browning Prince , Ian Gerald Pye
IPC: G06F16/958 , H04L29/12 , H04L12/911 , H04L29/06 , H04L29/08 , G06F21/00 , G06F16/95 , G06Q30/02 , H04L12/58 , G06F15/16 , G06F40/14 , G06Q10/10 , G06F21/55 , H04L29/14
Abstract: A proxy server for limiting Internet connection speed of visitors that pose a threat. The proxy server receives from a client device a request to perform an action on an identified resource that is hosted at an origin server for a domain. The proxy server receives the request as a result of a DNS request for the domain resolving to the proxy server. The origin server is one of multiple origin servers that belong to different domains that resolve to the proxy server and are owned by different entities. The proxy server analyzes the request to determine whether a visitor belonging to the request poses a threat. If the proxy server determines that the visitor poses a threat, the proxy server reduces the speed at which the proxy server processes the request while keeping a connection to the client device open.
-
公开(公告)号:US20190215166A1
公开(公告)日:2019-07-11
申请号:US16356304
申请日:2019-03-18
Applicant: CLOUDFLARE, INC.
Inventor: Matthew Browning Prince , Srikanth N. Rao , Lee Hahn Holloway , Ian Gerald Pye
Abstract: A proxy server in a cloud-based proxy service receives a secure session request from a client device as a result of a Domain Name System (DNS) request for a domain resolving to the proxy server. The proxy server participates in a secure session negotiation with the client device including transmitting a digital certificate to the client device that is bound to domain and multiple other domains. The proxy server receives an encrypted request from the client device for an action to be performed on a resource that is hosted at an origin server corresponding to the domain. The proxy server decrypts the request and participates in a secure session negotiation with the origin server including receiving a digital certificate from the origin server. The proxy server encrypts the decrypted request using the digital certificate from the origin server and transmits the encrypted request to the origin server.
-
Patent Agency Ranking
公开(公告)号:US10129296B2
公开(公告)日:2018-11-13
申请号:US15603256
申请日:2017-05-23
Applicant: CLOUDFLARE, INC.
Inventor: Lee Hahn Holloway , Srikanth N. Rao , Matthew Browning Prince , Matthieu Philippe François Tourne , Ian Gerald Pye , Ray Raymond Bejjani , Terry Paul Rodery, Jr.
Abstract: A proxy server in a cloud-based proxy service receives a message that indicates that a domain, whose traffic passes through the proxy server, may be under a denial-of-service (DoS) attack. The proxy server enables a rule for the domain that specifies that future requests for resources at that domain are subject to at least initially passing a set of one or more challenges. In response to receiving a request for a resource of that domain from a visitor, the proxy server presents the set of challenges that, if not passed, are an indication that that the visitor is part of the DoS attack. If the set of challenges are passed, the request may be processed. If the set of challenges are not passed, the request may be dropped.
-
公开(公告)号:US09548966B2
公开(公告)日:2017-01-17
申请号:US14503299
申请日:2014-09-30
Applicant: CLOUDFLARE, INC.
Inventor: Matthew Browning Prince , Lee Hahn Holloway , Ian Gerald Pye
IPC: H04L29/06 , H04L29/12 , H04L29/08 , G06Q30/02 , G06F17/30 , G06F15/16 , G06F21/55 , G06F21/00 , H04L29/14
CPC classification number: G06F17/3089 , G06F15/16 , G06F17/2247 , G06F17/30861 , G06F21/00 , G06F21/552 , G06Q10/107 , G06Q30/0241 , G06Q30/0251 , G06Q30/0277 , H04L29/12066 , H04L51/22 , H04L61/1511 , H04L61/2007 , H04L63/0236 , H04L63/0245 , H04L63/0254 , H04L63/0281 , H04L63/083 , H04L63/0861 , H04L63/102 , H04L63/126 , H04L63/1416 , H04L63/1433 , H04L63/1441 , H04L63/1458 , H04L63/1466 , H04L67/02 , H04L67/146 , H04L67/28 , H04L67/2804 , H04L67/2842 , H04L69/40
Abstract: A validating server receives from a client device a first request that does not include a cookie for a validating domain that resolves to the validating sever. The first request is received at the validating server as a result of a proxy server redirecting the client device to the validating domain upon a determination that a visitor belonging to the client device is a potential threat based on an IP (Internet Protocol) address assigned to the client device used for a second request to perform an action on an identified resource hosted on an origin server for an origin domain. The validating server sets a cookie for the client device, determines a set of characteristics associated with the first client device, and transmits the cookie and a block page to the client device that has been customized based on the set of characteristics, the block page indicating that the second request has been blocked.
Abstract translation: 验证服务器从客户端设备接收到不包含用于解析为验证服务器的验证域的cookie的第一请求。 由于代理服务器在确定属于客户端设备的访问者是基于分配给的IP(因特网协议)地址的潜在威胁的确定时,代理服务器将客户端设备重定向到验证域,则在验证服务器处接收到第一请求。 用于第二请求的客户端设备对原始域的原始服务器上承载的标识资源执行动作。 验证服务器为客户端设备设置cookie,确定与第一客户端设备相关联的一组特征,并将cookie和块页面发送到已经基于该特征集合定制的客户端设备,该块页面指示 第二个请求已被阻止。
-
公开(公告)号:US11546175B2
公开(公告)日:2023-01-03
申请号:US17181917
申请日:2021-02-22
Applicant: CLOUDFLARE, INC.
Inventor: Matthew Browning Prince , Srikanth N. Rao , Lee Hahn Holloway , Ian Gerald Pye
Abstract: An attack is detected on a first IP address and a determination is made that the first IP address is associated with a primary digital certificate that is bound with multiple different domains. For each of these domains, a secondary certificate is accessed that is bound only to that domain and that secondary certificate is associated with a unique IP address such that each of the different domains has a unique IP address associated with its secondary certificate respectively. The attack is isolated to the domain the attack follows.
-
公开(公告)号:US20210176079A1
公开(公告)日:2021-06-10
申请号:US17181917
申请日:2021-02-22
Applicant: CLOUDFLARE, INC.
Inventor: Matthew Browning Prince , Srikanth N. Rao , Lee Hahn Holloway , Ian Gerald Pye
Abstract: A proxy server in a cloud-based proxy service receives a secure session request from a client device as a result of a Domain Name System (DNS) request for a domain resolving to the proxy server. The proxy server participates in a secure session negotiation with the client device including transmitting a digital certificate to the client device that is bound to domain and multiple other domains. The proxy server receives an encrypted request from the client device for an action to be performed on a resource that is hosted at an origin server corresponding to the domain. The proxy server decrypts the request and participates in a secure session negotiation with the origin server including receiving a digital certificate from the origin server. The proxy server encrypts the decrypted request using the digital certificate from the origin server and transmits the encrypted request to the origin server.
-
公开(公告)号:US10671694B2
公开(公告)日:2020-06-02
申请号:US16363835
申请日:2019-03-25
Applicant: CLOUDFLARE, INC.
Inventor: Lee Hahn Holloway , Matthew Browning Prince , Ian Gerald Pye , Matthieu Philippe François Tourne , Michelle Marie Zatlyn
IPC: G06F21/00 , G06F16/958 , G06F16/95 , G06F21/55 , H04L29/06 , H04L29/08 , G06Q30/02 , G06Q10/10 , H04L29/12 , H04L29/14 , G06F40/14 , G06F15/16 , H04L12/58 , H04L12/911
Abstract: A proxy server receives, from multiple visitors of multiple client devices, a plurality of requests for actions to be performed on identified network resources belonging to a plurality of origin servers. At least some of the origin servers belong to different domains and are owned by different entities. The proxy server and the origin servers are also owned by different entities. The proxy server analyzes each request it receives to determine whether that request poses a threat and whether the visitor belonging to the request poses a threat. The proxy server blocks those requests from visitors that pose a threat or in which the request itself poses a threat. The proxy server transmits the requests that are not a threat and is from a visitor that is not a threat to the appropriate origin server.
-
-
-
-
-
-
-
-
-
Search Results
42
records
(took 0.021 seconds)
