IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
US-0360019
(2009-01-26)
|
등록번호 |
US-8769660
(2014-07-01)
|
발명자
/ 주소 |
- Agarwal, Puneet
- Adhya, Saibal Kumar
- Thirunarayanan, Srinivasan
- Harris, James
|
출원인 / 주소 |
|
대리인 / 주소 |
|
인용정보 |
피인용 횟수 :
1 인용 특허 :
243 |
초록
▼
The present application enables the enterprise to configure various policies to address various subsets of the traffic based on various information relating the client, the server, or the details and nature of the interactions between the client and the server. An intermediary deployed between clien
The present application enables the enterprise to configure various policies to address various subsets of the traffic based on various information relating the client, the server, or the details and nature of the interactions between the client and the server. An intermediary deployed between clients and servers may establish an SSL VPN session between a client and a server. The intermediary may receiving a response from a server to a request of a client via the clientless SSL VPN session. The response may comprise one or more cookies. The intermediary may identify an access profile for the clientless SSL VPN session. The access profile may identify one or more policies for proxying cookies. The intermediary may determine, responsive to the one or more policies of the access profile, whether to proxy or bypass proxying for the client the one or more cookies.
대표청구항
▼
1. A method for configuration driven proxying of cookies by an intermediary between one or more servers and one or more clients, the intermediary establishing SSL VPN sessions between the one or more servers and the one or more clients, the method comprising: (a) receiving, by an intermediary, a res
1. A method for configuration driven proxying of cookies by an intermediary between one or more servers and one or more clients, the intermediary establishing SSL VPN sessions between the one or more servers and the one or more clients, the method comprising: (a) receiving, by an intermediary, a response from a server to a request of a client via a clientless SSL VPN session established by the intermediary between the server and the client, the response comprising one or more cookies;(b) identifying, by the intermediary, via the request or the response based on identification of a type of resource, an access profile for the clientless SSL VPN session, the access profile identifying one or more policies for proxying cookies; and(c) determining, by the intermediary responsive to the one or more policies of the access profile, whether to proxy the one or more cookies, comprising handling the one or more cookies on behalf of the client, or to bypass proxying for the client by forwarding the response with the one or more cookies from the server to the client without modifying the one or more cookies. 2. The method of claim 1, wherein step (a) further comprising receiving, by the intermediary, the response a client consumed cookie of the one or more cookies, wherein step (b) further comprises the access profile identifying a policy comprising a cookie proxy action for the client consumed cookie, and wherein step (c) further comprises bypassing proxying, by the intermediary, the client consumed cookie responsive to the policy. 3. The method of claim 2, further comprises retaining, by the intermediary, the client consumed cookie in the response forwarded to the client. 4. The method of claim 1, wherein step (a) further comprising receiving, by the intermediary, via the response a server cookie of the one or more cookies and wherein step (c) further comprises proxying by the intermediary the server cookie. 5. The method of claim 4, further comprising removing, by the intermediary, the server cookie from the response and forwarding the response to the client. 6. The method of claim 1, wherein step (c) comprises proxying, by the intermediary, the one or more cookies of the response responsive to determining via the one or more policies that client does not support the one or more cookies. 7. The method of claim 1, wherein step (b) comprises the access profile identifying a policy defining a cookie proxy action for a server consumed cookie of a specified domain name and wherein step (c) comprising modifying, by the intermediary, the response as specified by the action of the policy. 8. The method of claim 1, comprising identifying the access profile based on the identification of the type of resource, the resource comprising an application. 9. The method of claim 1, further comprising the access profile identifying a policy comprising a cookie proxy action to bypass proxying a cookie of the one or more cookies based on identification of a user or a group of the user. 10. The method of claim 1, further comprising the access profile identifying a policy to bypass proxying a cookie of the one or more cookies based on identification of a virtual server of the intermediary. 11. The method of claim 1, wherein step (c) further comprises proxying, by the intermediary, the one or more cookies of the response unless the one or more policies of the access profile identify a cookie of the one or more cookies to be bypassed. 12. An intermediary device for configuration driven proxying of cookies between one or more servers and one or more clients, the intermediary device establishing SSL VPN sessions between the one or more servers and the one or more clients, the intermediary device comprising: a packet engine executing on a device of the intermediary device, for receiving a response from a server to a request of a client via a clientless SSL VPN session established by the intermediary device between the server and the client, the response comprising one or more cookies,a policy engine for identifying, via the request or the response based on identification of a type of resource, an access profile for the clientless SSL VPN session, the access profile identifying one or more policies for proxying cookies; andwherein the intermediary device determines responsive to the one or more policies of the access profile whether to proxy the one or more cookies, comprising handling the one or more cookies on behalf of the client, or to bypass proxying for the client by forwarding the response with the one or more cookies from the server to the client without modifying the one or more cookies. 13. The intermediary device of claim 12, wherein the packet engine receives via the response a client consumed cookie of the one or more cookies, the access profile identifies a policy comprising a cookie proxy action for the client consumed cookie, and wherein the intermediary device determines to bypass proxying the client consumed cookie responsive to the policy. 14. The intermediary device of claim 13, wherein the intermediary device retains the client consumed cookie in the response forwarded to the client. 15. The intermediary device of claim 12, wherein the packet engine receives via the response a server cookie of the one or more cookies and wherein the intermediary device proxies the server cookie responsive to the one or more policies. 16. The intermediary device of claim 15, wherein the intermediary device removes the server cookie from the response and forwards the response to the client. 17. The intermediary device of claim 12, wherein the intermediary device proxies the one or more cookies of the response responsive to determining via the one or more policies that client does not support the one or more cookies. 18. The intermediary device of claim 12, wherein the policy engine identifies via the access profile a policy of the one or more policies defining a cookie proxy action for a server consumed cookie of a specified domain name and wherein the intermediary device modifies the response as specified by the action of the policy. 19. The intermediary device of claim 12, wherein the policy engine identifies the access profile based on the identification of the type of resource, the resource comprising an application. 20. The intermediary device of claim 12, wherein the policy engine identifies via the access profile a policy comprising a cookie proxy action to bypass proxying a cookie of the one or more cookies based on identification of a user or a group of the user.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.