Patent application number | Description | Published |
20120096546 | Edge server HTTP POST message processing - A CDN edge server process receives an HTTP message, takes a given action with respect to that message, and then forwards a modified version of the message to a target server, typically a server associated with a CDN customer. The process may include an associated intermediate processing agent (IPA) or a sub-processing thread to facilitate the given action. In one embodiment, the message is an HTTP POST, and the given action comprises the following: (i) recognizing the POST, (ii) removing given data from the POST, (iii) issuing an intermediate (or subordinate) request to another process (e.g., a third party server), passing the given data removed from the POST to the process, (iv) receiving a response to the intermediate request, (v) incorporating data received from or associated with the response into a new HTTP message, and (vi) forwarding the new HTTP message onto the target server. In this manner, the given data in the POST may be protected as the HTTP message “passes through” the edge server on its way from the client to the target (merchant) server. In an alternative embodiment, data extracted from the POST message is enhanced by passing the data to an externalized process and adding a derived value (such as a fraud risk score based on the data) back into the message. | 04-19-2012 |
20120124372 | Protecting Websites and Website Users By Obscuring URLs - Websites and website users are subject to an increasing array of online threats and attacks. Disclosed herein are, among other things, approaches for protecting websites and website users from online threats. For example, a content server, such as a proxying content delivery network (CDN) server that is delivering content on behalf of an origin server, can modify URLs as they pass through the content server to obscured values that are given to the end-user client browser. The end-user browser can use the obscured URL to obtain content from the content server, but the URL may be valid only for a limited time, and may be invalid for obtaining content from the origin. Hence, information is hidden from the client, making attacks against the website more difficult and frustrating client-end malware that leverages knowledge of browsed URLs. | 05-17-2012 |
20120203861 | METHODS AND SYSTEMS FOR DELIVERING CONTENT TO DIFFERENTIATED CLIENT DEVICES - Methods and systems are disclosed for delivery of tailored content to differentiated devices, such as desktop, mobile, and tablet devices, over a computer network. In one embodiment, a proxy cache server has a content cache for storing previously retrieved objects like web pages or multimedia files. For at least some objects, several versions are stored, each version representing an object suited for a given set of client device characteristics. A device-equivalency data structure maintained at the proxy facilitates a determination of whether such cached versions can be used to service a current request. The versions might represent, for example, modified versions created using, e.g., mobile device transcoding techniques, in response to prior requests. They may also represent a set of alternate content created by a content provider and available from an origin server. Such methods and systems may be implemented in a distributed computing networks, e.g., a content delivery network. | 08-09-2012 |
20120259942 | Proxy server with byte-based include interpreter - According to this disclosure, a proxy server is enhanced to be able to interpret instructions that specify how to modify an input object to create an output object to serve to a requesting client. Typically the instructions operate on binary data. For example, the instructions can be interpreted in a byte-based interpreter that directs the proxy as to what order, and from which source, to fill an output buffer that is served to the client. The instructions specify what changes to make to a generic input file. This functionality extends the capability of the proxy server in an open-ended fashion and enables it to efficiently create a wide variety of outputs for a given generic input file. The generic input file and/or the instructions may be cached at the proxy. The teachings hereof have applications in, among other things, the delivery of web content, streaming media, and the like. | 10-11-2012 |
20120265853 | FORMAT-AGNOSTIC STREAMING ARCHITECTURE USING AN HTTP NETWORK FOR STREAMING - This patent document describes, among other things, distributed computer platforms for online delivery of multimedia, including HD video, at broadcast audience scale to a variety of runtime environments and client devices in both fixed line and mobile environments. The teachings hereof can be applied to deliver live and on-demand content streams via computer networks. The teachings also relate to the ingestion of content streams in a given source format and the serving of the stream in a given target format. For example, a system might have machines in a content delivery network that ingest live streams in a source format, use an intermediate format to transport the stream within the system, and output the stream in a target format to clients that have requested (e.g., with an HTTP request) the stream. The streams may be archived for later playback. | 10-18-2012 |
20140006484 | Site acceleration with customer prefetching enabled through customer-specific configurations | 01-02-2014 |
20140101758 | SERVER WITH MECHANISM FOR REDUCING INTERNAL RESOURCES ASSOCIATED WITH A SELECTED CLIENT CONNECTION - According to certain non-limiting embodiments disclosed herein, the functionality of a server is extended with a mechanism for identifying connections with clients that have exhibited attack characteristics (for example, characteristics indicating a DoS attack), and for transitioning internal ownership of those connections such that server resources consumed by the connection are reduced, while keeping the connection open. The connection thus moves from a state of relatively high resource use to a state of relatively low server resource use, and the server is able to free resources such as memory and processing cycles previously allocated to the connection. In some cases, the server maintains the connection for at least some time and uses it to keep the client occupied so that it cannot launch—or has fewer resources to launch—further attacks, and possibly to gather information about the attacking client. | 04-10-2014 |
20150019633 | METHODS AND APPARATUS FOR MAKING BYTE-SPECIFIC MODIFICATIONS TO REQUESTED CONTENT - According to this disclosure, a proxy server is enhanced to be able to interpret instructions that specify how to modify an input object to create an output object to serve to a requesting client. Typically the instructions operate on binary data. For example, the instructions can be interpreted in a byte-based interpreter that directs the proxy as to what order, and from which source, to fill an output buffer that is served to the client. The instructions specify what changes to make to a generic input file. This functionality extends the capability of the proxy server in an open-ended fashion and enables it to efficiently create a wide variety of outputs for a given generic input file. The generic input file and/or the instructions may be cached at the proxy. The teachings hereof have applications in, among other things, the delivery of web content, streaming media, and the like. | 01-15-2015 |
20150040221 | SERVER WITH MECHANISM FOR CHANGING TREATMENT OF CLIENT CONNECTIONS DETERMINED TO BE RELATED TO ATTACKS - According to certain non-limiting embodiments disclosed herein, the functionality of a server is extended with a mechanism for identifying connections with clients that have exhibited attack characteristics (for example, characteristics indicating a DoS attack), and for transitioning internal ownership of those connections such that server resources consumed by the connection are reduced, while keeping the connection open. The connection thus moves from a state of relatively high resource use to a state of relatively low server resource use. According to certain non-limiting embodiments disclosed herein, the functionality of a server is extended by enabling the server to determine that any of a client and a connection exhibits one or more attack characteristics (e.g., based on at least one of client attributes, connection attributes, and client behavior during the connection, or otherwise). As a result of the determination, the server changes its treatment of the connection. | 02-05-2015 |