Patent application number | Description | Published |
20090234972 | Systems and Methods for Content Injection - The present solution is directed towards a policy-based intermediary that dynamically and flexibly injects content in responses between a client and a server based on one or more policies. The present solution addresses the challenges of injecting content in a client-server transaction. The intermediary determines when and what content to inject into a response of a client-server transaction based on a request and/or response policy. The injected content may include timestamp and/or variable tracking of different events in a client-server transaction. For example, when an intermediary appliance is deployed in a system to accelerate system performance and improve user experience, the appliance may inject content based on policy to monitor the acceleration performance of the deployed appliance. | 09-17-2009 |
20100325287 | SYSTEMS AND METHODS OF HANDLING NON-HTTP CLIENT OR SERVER PUSH ON HTTP VSERVER - The present application presents systems and methods for handling by an HTTP virtual server (HTTPVS), connections via which non-HTTP data is transmitted between clients and servers. HTTPVS intercepts a request from a client to establish first transport layer connection (TLC) with a server. HTTPVS establishes second TLC with the servers in response to receiving an acknowledgment from a client to establish the first TLC. HTTPVS determines if a first network packet transmitted via first TLC comprises an HTTP payload or non-HTTP payload. If HTTPVP the first network packet includes HTTP payload, HTTPVS may process all transmissions from the first TLC in accordance with connection tracking and forward the processed transmissions to the server via the second TLC. If HTTPVS determines that the first network packet does not include an HTTP payload, HTTPVS may link the first TLC and the second TLC so the client and server exchange non-HTTP communication without interruption. | 12-23-2010 |
20100325288 | SYSTEMS AND METHODS OF STATE MIGRATION IN A MULTI-CORE SYSTEM - The present application is directed towards systems and methods of state migration in a multi-core system. An external process on a client or server may initiate a plurality of connections with the multi-core system, such that some cores have a plurality of connections and others have none. The present invention provides systems and methods for redirecting a connection or migrating the state of a connection from being associated with a first core with a plurality of connections to a second core with no connections. | 12-23-2010 |
20110125892 | SYSTEMS AND METHODS FOR TRACE FILTERS BY ASSOCIATION OF CLIENT TO VSERVER TO SERVICES - The present disclosure is directed towards systems and methods for tracing packets via an intermediary device. The systems and methods include an intermediary device that establishes connections with clients and connections with servers. The intermediary device links a connection to a server with a connection to a client to provide a client with access to the server. When the client requests a packet trace, the intermediary device applies the trace to linked connections with the client to obtain full trace information for network packets servicing the client. | 05-26-2011 |
20110153720 | SYSTEMS AND METHODS FOR SAMPLING MANAGEMENT ACROSS MULTIPLE CORES FOR HTML INJECTION - A method for sampling management includes establishing, for a multi-core intermediary comprising a plurality of packet evaluation components executing on a corresponding plurality of cores, a frequency at which the multi-core intermediary intercepts a response transmitted from a server to a client and injects data into the intercepted response. For each of the plurality of packet evaluation components, an offset and a frequency based on a number of packet evaluation components in the plurality of packet evaluation components is established, a combination of the established frequencies substantially similar to the frequency established for the multi-core intermediary. One of the plurality of cores intercepts a response from the server to the client, at a time specified by the frequency and the offset. The packet evaluation component executing on the one of the plurality of cores injects data into the intercepted response. | 06-23-2011 |
20110153822 | SYSTEMS AND METHODS FOR MANAGING PREFERRED CLIENT CONNECTIVITY TO SERVERS VIA MULTI-CORE SYSTEM - The present application is directed towards systems and methods for providing a cookie by an intermediary device comprising a plurality of packet processing engines executing on a corresponding plurality of cores, the cookie identifying a session of a user that was redirected responsive to a service exceeding a response time limit. The cookie may be generated with identifiers based off a name of a virtual server managing a service of a server, and a name of a policy associated with the virtual server. Each packet processing engine of the plurality of packet processing engines may interpret cookies generated by other packet processing engines due to the name of the virtual server and name of the policy, and may provide preferred client connectivity based on cookies included in requests for access to a service. | 06-23-2011 |
20110153839 | SYSTEMS AND METHODS FOR SERVER SURGE PROTECTION IN A MULTI-CORE SYSTEM - The present application is directed towards systems and methods for providing connection surge protection to one or more servers by an intermediary multi-core system. A packet processing engine of a multi-core device deployed as an intermediary between a plurality of clients and one or more servers determines an estimated number of total pending requests received by all packet processing engines based on a value of a local counter of received requests, the total number of pending requests received by all other packet processing engines at a last predetermined interval, and a rate of change of the total number of pending requests received by all other packet processing engines multiplied by the time since the last predetermined interval. The packet processing engine applies a surge protection policy to received pending requests responsive to the determined estimated number of total pending requests. | 06-23-2011 |
20110154488 | SYSTEMS AND METHODS FOR GENERATING AND MANAGING COOKIE SIGNATURES FOR PREVENTION OF HTTP DENIAL OF SERVICE IN MULTI-CORE SYSTEM - The present application is directed towards systems and methods for generating and maintaining cookie consistency for security protection across a plurality of cores in a multi-core system. A packet processing engine executing on one core designated as a primary packet processing engine generates and maintains a global random seed. The global random seed may be used as an initial seed for creation of cookie signatures by each of a plurality of packet processing engines executing on a plurality of cores of the multi-core system using a deterministic pseudo-random number generation function such that each core creates an identical set of cookie signatures. | 06-23-2011 |
20110320617 | SYSTEMS AND METHODS FOR DETECTING INCOMPLETE REQUESTS, TCP TIMEOUTS AND APPLICATION TIMEOUTS - Described herein is a method and system for preventing Denial of Service (DoS) attacks. An intermediary device is deployed between clients and servers. The device receives a first packet of an application layer transaction via a transport layer connection between the device and client. The device records a last activity time for the transport layer connection based upon the timestamp of the first packet. The device receives subsequent data packets and determines whether the data in the packets completes a protocol data structure of the application layer protocol. If the device determines that the subsequent packet completes the protocol data structure, the last activity time is updated. If the device determines that the application layer protocol remains incomplete, the device retains the last activity time and determines that the duration of inactivity for the transport layer connection exceeds a predetermined threshold. The device may subsequently drop the connection. | 12-29-2011 |
20130151650 | SYSTEMS AND METHODS FOR GENERATING AND MANAGING COOKIE SIGNATURES FOR PREVENTION OF HTTP DENIAL OF SERVICE IN A MULTI-CORE SYSTEM - The present application is directed towards systems and methods for generating and maintaining cookie consistency for security protection across a plurality of cores in a multi-core system. A packet processing engine executing on one core designated as a primary packet processing engine generates and maintains a global random seed. The global random seed may be used as an initial seed for creation of cookie signatures by each of a plurality of packet processing engines executing on a plurality of cores of the multi-core system using a deterministic pseudo-random number generation function such that each core creates an identical set of cookie signatures. | 06-13-2013 |
20130173801 | SYSTEMS AND METHODS FOR MANAGING PREFERRED CLIENT CONNECTIVITY TO SERVERS VIA MULTI-CORE SYSTEM - The present application is directed towards systems and methods for providing a cookie by an intermediary device comprising a plurality of packet processing engines executing on a corresponding plurality of cores, the cookie identifying a session of a user that was redirected responsive to a service exceeding a response time limit. The cookie may be generated with identifiers based off a name of a virtual server managing a service of a server, and a name of a policy associated with the virtual server. Each packet processing engine of the plurality of packet processing engines may interpret cookies generated by other packet processing engines due to the name of the virtual server and name of the policy, and may provide preferred client connectivity based on cookies included in requests for access to a service. | 07-04-2013 |
20130275617 | SYSTEMS AND METHODS FOR SERVER SURGE PROTECTION IN A MULTI-CORE SYSTEM - The present application is directed towards systems and methods for providing connection surge protection to one or more servers by an intermediary multi-core system. A packet processing engine of a multi-core device deployed as an intermediary between a plurality of clients and one or more servers determines an estimated number of total pending requests received by all packet processing engines based on a value of a local counter of received requests, the total number of pending requests received by all other packet processing engines at a last predetermined interval, and a rate of change of the total number of pending requests received by all other packet processing engines multiplied by the time since the last predetermined interval. The packet processing engine applies a surge protection policy to received pending requests responsive to the determined estimated number of total pending requests. | 10-17-2013 |
20140365563 | SYSTEMS AND METHODS FOR CONTENT INJECTION - The present solution is directed towards a policy-based intermediary that dynamically and flexibly injects content in responses between a client and a server based on one or more policies. The present solution addresses the challenges of injecting content in a client-server transaction. The intermediary determines when and what content to inject into a response of a client-server transaction based on a request and/or response policy. The injected content may include timestamp and/or variable tracking of different events in a client-server transaction. For example, when an intermediary appliance is deployed in a system to accelerate system performance and improve user experience, the appliance may inject content based on policy to monitor the acceleration performance of the deployed appliance. | 12-11-2014 |
20150019630 | SYSTEMS AND METHODS FOR SAMPLING MANAGEMENT ACROSS MULTIPLE CORES FOR HTML INJECTION - A method for sampling management includes establishing, for a multi-core intermediary comprising a plurality of packet evaluation components executing on a corresponding plurality of cores, a frequency at which the multi-core intermediary intercepts a response transmitted from a server to a client and injects data into the intercepted response. For each of the plurality of packet evaluation components, an offset and a frequency based on a number of packet evaluation components in the plurality of packet evaluation components is established, a combination of the established frequencies substantially similar to the frequency established for the multi-core intermediary. One of the plurality of cores intercepts a response from the server to the client, at a time specified by the frequency and the offset. The packet evaluation component executing on the one of the plurality of cores injects data into the intercepted response. | 01-15-2015 |