| 发明名称 |
Cloud based firewall system and service |
| 摘要 |
A cloud-based firewall system and service is provided to protect customer sites from attacks, leakage of confidential information, and other security threats. In various embodiments, such a firewall system and service can be implemented in conjunction with a content delivery network (CDN) having a plurality of distributed content servers. The CDN servers receive requests for content identified by the customer for delivery via the CDN. The CDN servers include firewalls that examine those requests and take action against security threats, so as to prevent them from reaching the customer site. The CDN provider implements the firewall system as a managed firewall service, with the operation of the firewalls for given customer content being defined by that customer, independently of other customers. In some embodiments, a customer may define different firewall configurations for different categories of that customer's content identified for delivery via the CDN. |
| 申请公布号 |
US9009781(B2) |
申请公布日期 |
2015.04.14 |
| 申请号 |
US201313896995 |
申请日期 |
2013.05.17 |
| 申请人 |
Akamai Technologies, Inc. |
发明人 |
Dilley John A.;Laghate Prasanna;Summers John;Devanneaux Thomas |
| 分类号 |
G06F17/00;G06F11/00;H04L29/06 |
主分类号 |
G06F17/00 |
| 代理机构 |
|
代理人 |
Matt Joshua T. |
| 主权项 |
1. A system, comprising:
a plurality of machines operated by a service provider on behalf of content providers, each respective one of the plurality of machines comprising circuitry forming one or more processors coupled to one or more non-transitory computer-readable mediums storing program code executable by the one or more processors, the program code including code executable to run a server application on the respective machine; the program code further including code executable to cause the respective machine to receive an application layer request from a client via a network interface on the respective machine, and to handle the application layer request with the server application; wherein the application layer request includes a domain name associated with a particular content provider; the program code further including code executable to cause the respective machine to, based at least in part on the domain name, identify one or more rules from a security ruleset to apply to the application layer request, wherein rules in the security ruleset function to find security threats in application layer requests; the program code further including code executable to cause the respective machine to apply the one or more rules to the application layer request to determine whether one or more security threats are found in the application layer request, and if any of the one or more security threats are found, to take an action against the application layer request. |
| 地址 |
Cambridge MA US |
