Patent application number | Description | Published |
20120117458 | INTERNET-BASED PROXY SERVICE TO MODIFY INTERNET RESPONSES - A proxy server receives from a client device a request for a network resource that is hosted at an origin server for a domain. The request is received at the proxy server as a result of a DNS request for the domain resolving to the proxy server. The origin server is one of multiple origin servers that belong to different domains that resolve to the proxy server and are owned by different entities. The proxy server retrieves the requested network resource. The proxy server determines that the requested resource is an HTML page. The proxy server scans the HTML page to locate one or more modification tokens that each indicates content that is subject to being modified. For at least one of the located modification tokens, the proxy server automatically modifies at least a portion of the content of the HTML page that corresponds to that modification token. The proxy server then transmits the modified HTML page to the client device. | 05-10-2012 |
20130080574 | INCOMPATIBLE NETWORK GATEWAY PROVISIONED THROUGH DNS - A first packet of a first protocol version type that includes an incoming request for an action to be performed on an identified resource is received from a client at a proxy server as a result of a DNS request resolving to a network address of the proxy server. The proxy server transmits an outgoing request for the action to be performed on the identified resource to a network address of the destination origin server in a second packet that is of the second protocol version type. The proxy server receives a third packet that includes an incoming response from the destination origin server, the third packet being of the second protocol version type. The proxy server transmits a fourth packet to the client, the fourth packet being of the first protocol version type, wherein the fourth packet includes an outgoing response that is based on the incoming response. | 03-28-2013 |
20130080575 | DISTRIBUTING TRANSMISSION OF REQUESTS ACROSS MULTIPLE IP ADDRESSES OF A PROXY SERVER IN A CLOUD-BASED PROXY SERVICE - A first packet is received at a proxy server from a client and includes a first incoming request for an action to be performed on an identified resource. The first packet is received at the proxy server as a result of a DNS request for a domain corresponding to the identified resource resolving to an IP address of the proxy server. The proxy server selects, based on at least in part on a set of parameters associated with the first packet, one of multiple IP addresses for use as a source IP address for a second packet that carries an outgoing request and transmits the second packet. The proxy server receives a third packet that includes an incoming response from the destination origin server in response to the outgoing request and transmits a fourth packet to the client that includes an outgoing response based on the incoming response. | 03-28-2013 |
20130227167 | DISTRIBUTING TRANSMISSION OF REQUESTS ACROSS MULTIPLE IP ADDRESSES OF A PROXY SERVER IN A CLOUD-BASED PROXY SERVICE - A first packet is received at a proxy server from a client and includes a first incoming request for an action to be performed on an identified resource. The first packet is received at the proxy server as a result of a DNS request for a domain corresponding to the identified resource resolving to an IP address of the proxy server. The proxy server selects, based on at least in part on a set of parameters associated with the first packet, one of multiple IP addresses for use as a source IP address for a second packet that carries an outgoing request and transmits the second packet. The proxy server receives a third packet that includes an incoming response from the destination origin server in response to the outgoing request and transmits a fourth packet to the client that includes an outgoing response based on the incoming response. | 08-29-2013 |
20130311593 | INCORPORATING WEB APPLICATIONS INTO WEB PAGES AT THE NETWORK LEVEL - A proxy server automatically includes web applications in web pages at the network level. The proxy server receives, from a client device, a request for a network resource at a domain and is hosted at an origin server. The proxy server retrieves the requested network resource. The retrieved network resource does not include the web applications. The proxy server determines that the web applications are to be installed within the network resource. The proxy server automatically modifies the retrieved network resource to include the web applications. The proxy server transmits a response to the client device that includes the modified network resource. The network resource may remain unchanged at the origin server. | 11-21-2013 |
20140047539 | DETERMINING THE LIKELIHOOD OF TRAFFIC BEING LEGITIMATELY RECEIVED AT A PROXY SERVER IN A CLOUD-BASED PROXY SERVICE - Message(s) are received from each one of multiple proxy servers, which are anycasted to the same IP address, that indicate source IP addresses of packets that are received that are directed to that same IP address. These proxy servers receive the packets as result of domain(s) resolving to that same IP address, and a particular one of the proxy servers receives the packets as a result of an anycast protocol implementation selecting that proxy server. Based on these message(s) from each of the proxy servers, a determination of the likelihood of a packet having a particular source IP address being legitimately received at each of the proxy servers is determined A message is transmitted to each of the proxy servers that indicates which source IP addresses of packets are not likely to be legitimately received at that proxy server. | 02-13-2014 |
20140047542 | Mitigating a Denial-of-Service Attack in a Cloud-Based Proxy Service - A proxy server in a cloud-based proxy service receives a message that indicates that a domain, whose traffic passes through the proxy server, may be under a denial-of-service (DoS) attack. The proxy server enables a rule for the domain that specifies that future requests for resources at that domain are subject to at least initially passing a set of one or more challenges. In response to receiving a request for a resource of that domain from a visitor, the proxy server presents the set of challenges that, if not passed, are an indication that that the visitor is part of the DoS attack. If the set of challenges are passed, the request may be processed. If the set of challenges are not passed, the request may be dropped. | 02-13-2014 |
20140059668 | METHODS AND APPARATUSES FOR PROVIDING INTERNET-BASED PROXY SERVICES - A proxy server receives, from multiple visitors of multiple client devices, a plurality of requests for actions to be performed on identified network resources belonging to a plurality of origin servers. At least some of the origin servers belong to different domains and are owned by different entities. The proxy server and the origin servers are also owned by different entities. The proxy server analyzes each request it receives to determine whether that request poses a threat and whether the visitor belonging to the request poses a threat. The proxy server blocks those requests from visitors that pose a threat or in which the request itself poses a threat. The proxy server transmits the requests that are not a threat and is from a visitor that is not a threat to the appropriate origin server. | 02-27-2014 |
20140108941 | Method and Apparatus for Automatically Optimizing the Loading of Images in a Cloud-Based Proxy Service - A web page is received at a client device. The web page includes at least one reference to an image. The client device determines a display size of the image. The client device transmits a request for the image, where the request includes an indication of a set of one or more requested dimensions for the image that is equal or substantially equal to the determined display size. The client device receives the image having a size that is equal or substantially equal to the set of requested dimensions, and the client device displays the image. | 04-17-2014 |
20140108969 | METHOD AND APPARATUS FOR AUTOMATICALLY OPTIMIZING THE LOADING OF IMAGES IN A CLOUD-BASED PROXY SERVICE - A request is received at a proxy server for a web page, the request originating from a client network application of a client device. The requested web page includes multiple references to multiple images. The proxy server retrieves the requested web page. The proxy server modifies code of the retrieved web page such that the client network application will not, for each one of images, request that image until the location where that image is to be displayed is within a viewport of the client network application or within a defined distance from the viewport of the client network application. The proxy server transmits the modified web page to the client device. | 04-17-2014 |
20140109225 | Identifying a Denial-of-Service Attack in a Cloud-Based Proxy Service - A cloud-based proxy service identifies a denial-of-service (DoS) attack including determining that there is a potential DoS attack being directed to an IP address of the cloud-based proxy service; and responsive to determining that there are a plurality of domains that resolve to that IP address, identifying the one of the plurality of domains that is the target of the DoS attack. The domain that is under attack is identified by scattering the plurality of domains to resolve to different IP addresses, where a result of the scattering is that each of those domains resolves to a different IP address, and identifying one of those plurality of domains as the target of the DoS attack by determining that there is an abnormally high amount of traffic being directed to the IP address in which that domain resolves. | 04-17-2014 |
20140157416 | Determining the Likelihood of Traffic Being Legitimately Received At a Proxy Server in a Cloud-Based Proxy Service - Message(s) are received from each one of multiple proxy servers, which are anycasted to the same IP address, that indicate source IP addresses of packets that are received that are directed to that same IP address. These proxy servers receive the packets as result of domain(s) resolving to that same IP address, and a particular one of the proxy servers receives the packets as a result of an anycast protocol implementation selecting that proxy server. Based on these message(s) from each of the proxy servers, a determination of the likelihood of a packet having a particular source IP address being legitimately received at each of the proxy servers is determined. A message is transmitted to each of the proxy servers that indicates which source IP addresses of packets are not likely to be legitimately received at that proxy server. | 06-05-2014 |
20140310526 | SECURE SESSION CAPABILITY USING PUBLIC-KEY CRYPTOGRAPHY WITHOUT ACCESS TO THE PRIVATE KEY - A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to another server for decryption. The server receives the decrypted premaster secret and continues with the handshake procedure including generating a master secret from the decrypted premaster secret and generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server. | 10-16-2014 |
20150019679 | INCORPORATING WEB APPLICATIONS INTO WEB PAGES AT THE NETWORK LEVEL - A proxy server automatically includes web applications in web pages at the network level. The proxy server receives, from a client device, a request for a network resource at a domain and is hosted at an origin server. The proxy server retrieves the requested network resource. The retrieved network resource does not include the web applications. The proxy server determines that the web applications are to be installed within the network resource. The proxy server automatically modifies the retrieved network resource to include the web applications. The proxy server transmits a response to the client device that includes the modified network resource. The network resource may remain unchanged at the origin server. | 01-15-2015 |
20150026766 | Mitigating a Denial-of-Service Attack in a Cloud-Based Proxy Service - A proxy server in a cloud-based proxy service receives a message that indicates that a domain, whose traffic passes through the proxy server, may be under a denial-of-service (DoS) attack. The proxy server enables a rule for the domain that specifies that future requests for resources at that domain are subject to at least initially passing a set of one or more challenges. In response to receiving a request for a resource of that domain from a visitor, the proxy server presents the set of challenges that, if not passed, are an indication that that the visitor is part of the DoS attack. If the set of challenges are passed, the request may be processed. If the set of challenges are not passed, the request may be dropped. | 01-22-2015 |
20150032552 | INTERNET-BASED PROXY SERVICE TO MODIFY INTERNET RESPONSES - A proxy server receives from a client device a request for a network resource that is hosted at an origin server for a domain. The request is received at the proxy server as a result of a DNS request for the domain resolving to the proxy server. The origin server is one of multiple origin servers that belong to different domains that resolve to the proxy server and are owned by different entities. The proxy server retrieves the requested network resource. The proxy server determines that the requested resource is an HTML page, automatically modifies the HTML page, and transmits the modified HTML page to the client device. | 01-29-2015 |
20150033113 | INTERNET-BASED PROXY SERVICE TO MODIFY INTERNET RESPONSES - A proxy server receives from a client device a request for a network resource that is hosted at an origin server for a domain. The request is received at the proxy server as a result of a DNS request for the domain resolving to the proxy server. The origin server is one of multiple origin servers that belong to different domains that resolve to the proxy server and are owned by different entities. The proxy server retrieves the requested network resource. The proxy server determines that the requested resource is an HTML page. The proxy server scans the HTML page to locate one or more modification tokens that each indicates content that is subject to being modified. For at least one of the located modification tokens, the proxy server automatically modifies at least a portion of the content of the HTML page that corresponds to that modification token. The proxy server then transmits the modified HTML page to the client device. | 01-29-2015 |