Manage encrypted network traffic using spoofed addresses

摘要

Methods and systems for managing encrypted network traffic using spoofed addresses. One example method includes receiving a request to resolve a domain name; determining that the domain name is included in a predetermined set of domain names; associating a spoofed address with the domain name; sending a response to the request to resolve the domain name including the spoofed address; receiving a secure request for a resource, the secure request directed to the spoofed address; identifying a user identity associated with the secure request; determining that the secure request is directed to the domain name based on the association between the spoofed address and the domain name; and selectively decrypting and/or blocking the secure request based at least in part on determining that the secure request is directed to the domain name and based at least in part on the user identity associated with the secure request.

主权项

1. A computer-implemented method executed by one or more processors, the method comprising:
receiving a request to resolve a particular domain name; in response to receiving the request to resolve a particular domain name, determining that secure requests directed to the particular domain name cannot be distinguished from secure requests directed to at least one other domain name based on a target address associated with each secure request; in response to receiving the request to resolve a particular domain name and to determining that the secure requests directed to the particular domain name cannot be distinguished from the secure requests directed to the at least one other domain name, uniquely associating a particular spoofed address with the particular domain name, wherein the particular spoofed address uniquely identifies the particular domain name after it is associated, and wherein the particular spoofed address identifies a different network location than a real address corresponding to the particular domain name; sending a response to the request to resolve the particular domain name, the response including the particular spoofed address associated with the particular domain name; receiving a secure request directed to the particular spoofed address associated with the particular domain name; identifying a user identity associated with the secure request based on the secure request without decrypting the secure request; determining that the secure request is directed to the particular domain name based on the unique association between the particular spoofed address and the particular domain name without decrypting the secure request; and selectively decrypting the secure request based at least in part on determining that the secure request is directed to the particular domain name and based at least in part on the user identity associated with the secure request.