| 主权项 |
1. A network device for managing a communication over a network, comprising:
a transceiver configured to intercept an incoming message from a client device and an outgoing message from a server device, wherein an application resides on the server device; and a processor configured to perform actions including:
intercepting a request from the client device to the application residing on the server device for content from the application;determining when the request for content is compliant based on a comparison of hidden fields by performing actions, comprising:
examining the request for an encrypted state token;decrypting the encrypted state token;extracting from the state token a hidden field;comparing the extracted hidden field to values of hidden fields from an application state data store; andwhen the extracted hidden field is determined to be non-compliant based on the comparison, blocking the request from being forwarded to the application; anddetermining whether the request for content is compliant by comparing the request to a list of allowable compliant requests determined by a current state of the client device with the application and an application model of the application, the application model being automatically generated in part based on a probe of interactions with the application, the probe of interactions being separately generated by the network device absent use of the incoming message from the client device or a response from the server device to the incoming message to obtain responses to the probes that are used to identify at least the list of allowable compliant requests including allowable navigation paths within the application;when the request for content is determined to be compliant based on the comparison of the request, forwarding the request for the content to the application; andwhen the request is determined to be non-compliant based on the comparison of the request, blocking the request from being forwarded to the application. |
