System and method for denial of service attack mitigation using cloud services
US-9432385-B2 · Aug 30, 2016 · US
Cloud based firewell system and service
US10243925B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10243925-B2 |
| Application number | US-201514998187-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 24, 2015 |
| Priority date | Dec 12, 2009 |
| Publication date | Mar 26, 2019 |
| Grant date | Mar 26, 2019 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A cloud-based firewall system and service is provided to protect customer sites from attacks, leakage of confidential information, and other security threats. In various embodiments, such a firewall system and service can be implemented in conjunction with a content delivery network (CDN) having a plurality of distributed content servers. The CDN servers receive requests for content identified by the customer for delivery via the CDN. The CDN servers include firewalls that examine those requests and take action against security threats, so as to prevent them from reaching the customer site. The CDN provider implements the firewall system as a managed firewall service, with the operation of the firewalls for given customer content being defined by that customer, independently of other customers. In some embodiments, a customer may define different firewall configurations for different categories of that customer's content identified for delivery via the CDN.
First claim
Opening claim text (preview).
What is claimed is: 1. A method of content delivery in a content delivery network (CDN) operated by a content delivery network service provider (CDNSP) on behalf of a plurality of participating content providers, wherein the plurality of participating content providers identify content to be delivered over the CDN, the method comprising: at one or more computers: receiving, via a web-based user interface and from a first participating content provider, one or more first firewall settings that specify how a firewall is to operate with respect to requests for content identified by the first participating content provider for delivery over the CDN, the firewall operating at the application layer and the one or more first firewall settings received via the web-based user interface including (i) a selection of one or more rules defining any of: attacks and security threats, and (ii) a selection of one or more actions which the firewall is to take upon detecting traffic meeting one of the one or more rules; receiving, via the web-based user interface and from a second participating content provider, one or more second firewall settings that specify how a firewall is to operate with respect to requests for content identified by the second participating content provider for delivery over the CDN, the firewall operating at the application layer and the one or more second firewall settings received via the web-based user interface including (i) a selection of one or more rules defining any of: attacks and security threats, and (ii) a selection of one or more actions which the firewall is to take upon detecting traffic meeting one of the one or more rules; communicating the one or more first firewall settings and the one or more second firewall settings to a plurality of content servers in the CDN; at one of the plurality of content servers in the CDN, receiving a first request for content identified by the participating content provider for delivery over the CDN, and, upon a determination that the first request matches a first match target, invoking a firewall that will evaluate the first request using the one or more first firewall settings, wherein the first match target comprises one or more request-related criteria for invoking the firewall, the one or more request-related criteria specifying at least one of: a kind of content, domain name, subdomain, URI path, file extension; at one of the plurality of content servers in the CDN, receiving a second request for content identified by the second participating content provider for delivery over the CDN, and, upon a determination that the first request matches a second match target, invoking a firewall that will evaluate the second request using the one or more second firewall settings, wherein the second match target comprises one or more request-related criteria for invoking the firewall, the one or more request-related criteria specifying at least one of: a kind of content, domain name, subdomain, URI path, file extension; wherein each of the first request and the second request is an application layer request, and the one or more first firewall settings and the one or more second firewall settings are application layer settings; and wherein the one or more computers and the plurality of content servers each have at least one processor and a memory storing instructions that, when executed by the at least one processor, cause the one or more computers to perform the steps specified above. 2. The method of claim 1 , wherein the one or more first firewall settings are different from the one or more second firewall settings. 3. The method of claim 1 , wherein evaluating the first request using the one or more first firewall settings comprises: testing the first request against one or more criteria, and if the one or more criteria are met, taking an action with respect to the first request. 4. The method of claim 3 , wherein the action taken is a protective action. 5. The method of claim 3 , wherein evaluating the second request using the one or more second firewall settings comprises: testing the second request against one or more criteria, and if the one or more criteria are met, taking an action with respect to the second request. 6. The method of claim 1 , wherein any of the one or more first firewall settings and the one or more second firewall settings specify one or more criteria against which to test a content request, the one or more criteria defining rules that seek to identify security threats. 7. The method of claim 1 , wherein any of the one or more first firewall settings and the one or more second firewall settings specify an action selected from the group of actions that are: deny the request, generate an alert, modify the request, stop processing the request, and log the request. 8. The method of claim 1 , wherein at least one of the first request and the second request is an HTTP request. 9. The method of claim 1 , wherein the one or more the first firewall settings and the one or more second firewall settings are communicated to the plurality of content servers in a metadata configuration file. 10. The method of claim 1 , wherein the first match target and the second match target each comprise request-related criteria specifying a kind of content. 11. The method of claim 1 , wherein the first match target and the second match target each comprise one or more request-related criteria specifying any of: domain name and subdomain. 12. The method of claim 1 , wherein the first match target and the second match target each comprise one or more request-related criteria specifying any of: URI path and file extension. 13. A content delivery network (CDN) operated by a content delivery network service provider (CDNSP) on behalf of a plurality of participating content providers, wherein the plurality of participating content providers identify content to be delivered over the CDN, the CDN comprising one or more content servers having a processor and a memory storing instructions that, when executed by the processor, cause the one or more content servers to execute the following steps: receiving, via a web-based user interface and from a first participating content provider, one or more first firewall settings that specify how a firewall is to operate with respect to requests for content identified by a first participating content provider for delivery over the CDN, the firewall operating at the application layer and the one or more first firewall settings received via the web-based user interface including (i) a selection of one or more rules defining any of: attacks and security threats, and (ii) a selection of one or more actions which the firewall is to take upon detecting traffic meeting one of the one or more rules; receiving, via the web-based user interface and from a second participating content provider, one or more second firewall settings that specify how a firewall is to operate with respect to requests for content identified by a second participating content provider for delivery over the CDN, the firewall operating at the application layer and the one or more second firewall settings received via the web-based user interface including (i) a selection of one or more rules defining any of attacks and security threats, and (ii) a selection of one or more actions which the firewall is to take upon detecting traffic meeting one of the one or more rules; at one of a plurality of content servers in the CDN, receiving a first request for content identified by the participating content provider for delivery over the CDN, and, upon a determination that the first request matches a first match target, invoking a fire
Assignees
Inventors
Classifications
Filtering policies (mail message filtering H04L51/212) · CPC title
in which an application is distributed across nodes in the network (software deployment G06F8/60; multiprogramming arrangements G06F9/46) · CPC title
Distributed architectures, e.g. distributed firewalls · CPC title
Implementing security features at a particular protocol layer · CPC title
- H04L63/0263Primary
Rule management · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10243925B2 cover?
- A cloud-based firewall system and service is provided to protect customer sites from attacks, leakage of confidential information, and other security threats. In various embodiments, such a firewall system and service can be implemented in conjunction with a content delivery network (CDN) having a plurality of distributed content servers. The CDN servers receive requests for content identified …
- Who is the assignee on this patent?
- Akamai Tech Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0263. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Mar 26 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).