Systems and methods for proxying cookies for SSL VPN clientless sessions
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
H04L-029/06
H04L-029/08
출원번호
US-0306354
(2014-06-17)
등록번호
US-9059966
(2015-06-16)
발명자
/ 주소
Agarwal, Puneet
Adhya, Saibal Kumar
Thirunarayanan, Srinivasan
Harris, James
출원인 / 주소
Citrix Systems, Inc.
대리인 / 주소
McKenna, Christopher J.
인용정보
피인용 횟수 :
2인용 특허 :
244
초록▼
The present application enables the enterprise to configure various policies to address various subsets of the traffic based on various information relating the client, the server, or the details and nature of the interactions between the client and the server. An intermediary deployed between clien
The present application enables the enterprise to configure various policies to address various subsets of the traffic based on various information relating the client, the server, or the details and nature of the interactions between the client and the server. An intermediary deployed between clients and servers may establish an SSL VPN session between a client and a server. The intermediary may receiving a response from a server to a request of a client via the clientless SSL VPN session. The response may comprise one or more cookies. The intermediary may identify an access profile for the clientless SSL VPN session. The access profile may identify one or more policies for proxying cookies. The intermediary may determine, responsive to the one or more policies of the access profile, whether to proxy or bypass proxying for the client the one or more cookies.
대표청구항▼
1. A method comprising: (a) identifying, by the device intermediary to a client and a server, a type of application from a communication via a session between the client and the server(b) identifying, by the device based on the type of application, an access profile for the session, the access profi
1. A method comprising: (a) identifying, by the device intermediary to a client and a server, a type of application from a communication via a session between the client and the server(b) identifying, by the device based on the type of application, an access profile for the session, the access profile comprising a policy for proxying cookies to be sent to the client;(c) determining, by the device responsive to the policy of the access profile identified for the session based on the type of application, to proxy for the client one or more cookies of a response received by the device from the server; and(d) retaining, by the device responsive to the determination, the one or more cookies at the device while forwarding to the client the response with the one or more cookies removed from the response. 2. The method of claim 1, wherein (a) further comprises establishing, by the device, the session comprising a secure socket layer virtual private network (SSL VPN) session between the server and the client. 3. The method of claim 2, wherein the SSL VPN session is a clientless SSL VPN session. 4. The method of claim 1, wherein (a) further comprising identifying, by the device, the type of application from applying a second policy to the communication between the client and the server. 5. The method of claim 1, wherein (b) further comprises identifying, by the device, the type of application from the communication comprising one of the following: the request from the client or the response from the server. 6. The method of claim 1, wherein (c) further comprises determining to proxy the one or more cookies instead of bypassing proxying the one or more cookies, bypass proxying comprising forwarding the response with the one or more cookies from the server to the client without modifying the one or more cookies. 7. The method of claim 1, wherein (c) further comprising identifying a cookie proxy action specified by the policy and handling, by the device, the one or more cookies in accordance with the cookie proxy action. 8. The method of claim 1, further comprising receiving, by the device, a second response for a second type of application via the session, the second response comprising a second cookie. 9. The method of claim 8, further comprising determining, by the device responsive to a second policy of the access profile, to bypass proxying cookies for the second type of application. 10. The method of claim 9, further comprising forwarding, by the device responsive to the determination to bypass proxying, the second response with the second cookie to the client. 11. A system comprising: a device intermediary to a client and a server, the device configured to identify a type of application from a communication via a session between the client and the server and based on the type of application, identify an access profile for the session, wherein the access profile comprises a policy for proxying cookies to be sent to the client;a policy engine of the device configured to proxy for the client one or more cookies of a response received by the device from the server responsive to the policy of the access profile identified for the session based on the type of application, andwherein the device is configured to, responsive to the determination, retain the one or more cookies at the device while forwarding to the client the response with the one or more cookies removed from the response. 12. The system of claim 11, wherein the device is further configured to establish the session comprising a secure socket layer virtual private network (SSL VPN) session between the server and the client. 13. The system of claim 12, wherein the SSL VPN session is a clientless SSL VPN session. 14. The system of claim 11, wherein the device is further configured to identify the type of application from applying a second policy to the communication between the client and the server. 15. The system of claim 11, wherein the device is further configured to identify the type of application from the communication comprising one of the following: the request from the client or the response from the server. 16. The system of claim 11, wherein the policy engine is further configured to determine to proxy the one or more cookies instead of bypassing proxying the one or more cookies, bypass proxying comprising forwarding the response with the one or more cookies from the server to the client without modifying the one or more cookies. 17. The system of claim 11, wherein the policy engine is further configured to identify a cookie proxy action specified by the policy and handle the one or more cookies in accordance with the cookie proxy action. 18. The system of claim 11, wherein the device is further configured to receive a second response for a second type of application via the session, the second response comprising a second cookie. 19. The system of claim 18, wherein the policy engine is further configured to determine, responsive to a second policy of the access profile, to bypass proxying cookies for the second type of application. 20. The system of claim 19, wherein the device is further configured to forward the second response with the second cookie to the client responsive to the determination to bypass proxying.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (244)
Starnes, Darrell J.; Elwahab, Amgad M.; Gabler, Jeffrey R.; Giap, Steven C.; Kothari, Rupali M.; Pronev, Svilen B.; Stewart, Christoher H., Accelerated content delivery over a network using reduced size objects.
Rapaport,Jeffrey A.; Rapaport,Seymour A.; Clarke,Jeffrey E.; Rinehart,Eric R.; Bergens,Michael U., Adaptive communication methods and systems for facilitating the gathering, distribution and delivery of information related to medical care.
Kausik, Balas Natarajan; Race, Daren A.; Jawahar, Janardhanan, Adjusting the cacheability of web documents according to the responsiveness of its content server.
Duursma, Martin; Panasyuk, Anatoliy; Ciraldo, Robert; Ungerman, Anthony; Pedersen, Bradley Jay; Davis, III, Tom C.; Bloomfield, Marc A., Apparatus and method for determining a program neighborhood for a client node in a client-server network using markup language techniques.
Reed Drummond Shattuck ; Heymann Peter Earnshaw ; Mushero Steven Mark ; Jones Kevin Benard ; Oberlander Jeffrey Todd ; Banay Dan, Computer-based communication system and method using metadata defining a control structure.
Drummond Shattuck Reed ; Peter Earnshaw Heymann ; Steven Mark Mushero ; Kevin Benard Jones ; Jeffrey Todd Oberlander ; Dan Banay, Computer-based communication system and method using metadata defining a control-structure.
Reed Drummond Shattuck ; Heymann Peter Earnshaw ; Mushero Steven Mark ; Jones Kevin Benard ; Oberlander Jeffrey Todd, Computer-based communication system and method using metadata defining a control-structure.
Wilcock,Lawrence; Hawkes,Rycharde Jeffery; Low,Colin Andrew; Daanen,Johannes Maria Victo, Contact center system and method for specifying different service specific behavior and offering range of corresponding customer services.
Arganbright, Daniel A.; Bamborough, Dave; Bancino, Randy S.; Blodgett, James G.; Carlson, Bruce H.; Dangl, William; Hazard, William; Horder-Koop, Robin; Hunking, Jim; Kamphuis, Aaron M.; Lang, Gregor, Electronic commerce transactions within a marketing system that may contain a membership buying opportunity.
Briscoe,Paul Roger; Ferstat,Cameron Donald; Ganis,Matthew Robert; Hammer,Stephen Carl; Hansen,Gary Bob Kip; Harp,Sean Alan; Nichols,Michael Shannon; Pearthree,Herbert Daniel; Reed,Paul; Snitzer,Brian, Gathering enriched web server activity data of cached web content.
Leighton,F. Thomson; Lewin, legal representative,Anne E.; Lewin, deceased,Daniel M., HTML delivery from edge-of-network servers in a content delivery network (CDN).
Baer, William J.; Hartman, Jr., Robert C.; Kao, I-Ming; Murray, Janet L.; Robertson, III, Jerry D., Hitmask for querying hierarchically related content entities.
Combar, Curtis T.; Devine, Carol Y.; Pfister, Robert A., Integrated interface for real time web based viewing of telecommunications network call traffic.
Luzzi Joseph ; Reps Steven M. ; Zhu Gengxin ; Gentry Jerry L. ; Taylor John F., Interactive display system for sequential retrieval and display of a plurality of interrelated data sets.
Davis,Andrew Thomas; Parikh,Jay; Pichai,Srinivasan; Ruvinsky,Eddie; Stodolsky,Daniel; Tsimelzon,Mark; Weihl,William E., Java application framework for use in a content delivery network (CDN).
Wood, David L.; Weschler, Paul; Norton, Derk; Ferris, Chris; Wilson, Yvonne; Soley, William R., Log-on service providing credential level change without loss of session continuity.
Underwood, John; Neilson, Paul; Char, Hanson; Shing, David; Horner, Peter; Underwood, Mark; Slaney, Darren; Evesson, Gary, Method and apparatus for generating and modifying multiple instances of an element of a web site.
Underwood,John; Neilson,Paul; Char,Hanson; Shing,David; Horner,Peter; Dean,Andrew; Underwood,Mark; Slaney,Darren; Evesson,Gary, Method and apparatus for providing conditional customization for generating a web site.
Davis, Owen; Jain, Vidyut, Method and apparatus for tracking client interaction with a network resource and creating client profiles and resource database.
Skopp Peter ; Vitale Benjamin F. ; Marur Vinod R. ; Tse Clifford S.C. ; Dulai Dharmender S., Method and apparatus to determine user identity and limit access to a communications network.
Baer,William J.; Hartman, Jr.,Robert C.; Johnson, Jr.,Eugene; Kao,I Ming; Murray,Janet L.; Robertson, III,Jerry D., Method and configurable model for storing hierarchical data in a non-hierarchical data repository.
Rajkumar,N. Isaac; You,Puhong; Caldwell,David Dean; Larsen,Brett J.; Afshar,Jamshid; O'Connell,Conleth, Method and system for an extensible caching framework.
Stephen J. Purpura, Method and system for authentication and single sign on using cryptographically assured cookies in a distributed computer environment.
LeMole Suzanne L. ; Nurenberg Steven Howard ; O'Neil Joseph Thomas ; Stuntebeck Peter H., Method and system for presenting customized advertising to a user on the world wide web.
Baer,William J.; Barker,James A.; Hanapole,Edward; Hartman, Jr.,Robert C.; Hennessy,Richard D.; Johnson, Jr.,Eugene; Kao,I Ming; Murray,Janet L.; Robertson, III,Jerry D.; Walkus,Richard W., Method and system for preventing mutually exclusive content entities stored in a data repository to be included in the same compilation of content.
Baer, William J.; Hanapole, Edward; Hartman, Jr., Robert C.; Hennessy, Richard D.; Johnson, Jr., Eugene; Kao, I-Ming; Murray, Janet L.; Robertson, III, Jerry D.; Walkus, Richard W., Method and system for removing content entity object in a hierarchically structured content object stored in a database.
Baer,William J.; Barker,James A.; Hartman, Jr.,Robert C.; Kao,I Ming; Murray,Janet L.; Robertson, III,Jerry D.; Walkus,Richard W., Method and system for storing hierarchical content objects in a data repository.
Jorgensen, Jacob W., Method for the recognition and operation of virtual private networks (VPNs) over a wireless point to multi-point (PtMP) transmission system.
Skarbo Rune A. ; Clitheroe Cameron J. ; Lawless Christopher C. ; Kukkal Puneet ; Hochman Stephen D., Method for web based storage and retrieval of documents.
Srivastava,Sunil K., Method providing server affinity and client stickiness in a server load balancing device without TCP termination and without keeping flow states.
Bendinelli,Samuel; Herrick,Michael; Keane,John; Macey,Christopher; Tuomenoksa,Mark; Francus,Jerold; Harwood,Jonathan; Shimamoto,Brion; Ferraro,Joseph, Methods and system for providing network services using at least one processor interfacing a base network.
Keane,John; Brutman,Neil R.; Harris,Michael J.; Macey,Christopher, Methods and systems for enabling communication between a processor and a network operations center.
Cox, David E.; Hayes, Jr., Kent F.; Lindquist, David B.; McGarvey, John R.; Salahshour, Abdi, Methods, systems and computer program products for centralized management of application programs on a network.
Sievers,A. Kent; Barfuss,Lex B.; Whitehouse,Steven T.; Nuttall,David L.; Clayton,Scott M.; Tse,Ralph, Methods, systems, and data structures to connect services.
Baer,William J.; Hartman, Jr.,Robert C.; Johnson, Jr.,Eugene; Kao,I Ming; Murray,Janet L.; Robertson, III,Jerry D., Providing a functional layer for facilitating creation and manipulation of compilations of content.
Cui, Lawrence; Marchukov, Mark Vladimirovich; Vo, Phan T.; Mendhekar, Anurag; Vishwanath, Mohan, Removing cookies from web page response headers and storing the cookies in a repository for later use.
Tso Michael Man-Hak ; Jing Jin ; Knauerhase Robert Conrad ; Romrell David Alfred ; Gillespie Daniel Joshua ; Bakshi Bikram Singh ; Sathyanarayan Seshardi, Scaling proxy server sending to the client a graphical user interface for establishing object encoding preferences after receiving the client's request for the object.
Cabana,Joseph, Software method utilizing gateways for maintaining connectivity during communications over distinct wireless networks by mobile computer terminals.
Somasundaram, Mahadev; Sivakumar, Senthil; Jayasenan, Siva S.; Zhang, Yongming; Short, Todd M., Solution for handling URL-substitution for data access in a private network architecture.
Franco, Louis M.; Rose, Frank Leon; Brittan, Philip S. J.; Cunningham, Mark; Bulkin, Alex; Baskin, Mat; Blonder, Greg, System and method for delivering a graphical user interface of remote applications over a thin bandwidth connection.
Li, Wen Syan; Candan, Kasim Selouk; Agrawal, Divyakant, System and method for intelligent caching and refresh of dynamically generated and static web content.
Garcia Luna Aceves, Jose J.; Smith, Bradley R., System and method for using a mapping between client addresses and addresses of caches to support content delivery.
Eschelbeck, Gerhard; Steiner, Thomas; Johannes, Mayr, System and process for maintaining a plurality of remote security applications using a modular framework in a distributed computing environment.
Tso Michael Man-Hak ; Bakshi Bikram Singh ; Knauerhase Robert Conrad, System for collecting and displaying performance improvement information for a computer.
Slotznick Benjamin, System for delivering and simultaneously displaying primary and secondary information, and for displaying only the secondary information during interstitial space.
Eastep, Guido M.; Litzenberger, Paul; Orebaugh, Shannon R., System, method and article of manufacture for a call back architecture in a hybrid network with support for internet telephony.
Krishnaswamy, Sridhar; Elliott, Isaac K.; Reynolds, Tim E.; Forgy, Glen A.; Solbrig, Erin M., System, method and article of manufacture for a communication system architecture including video conferencing.
Nguyen Trong ; Subramanian Mahadevan P. ; Haller Daniel R., System, method and article of manufacture for a gateway system architecture with system administration information acce.
Nguyen Trong ; Subramanian Mahadevan P. ; Haller Daniel R., System, method and article of manufacture for a gateway system architecture with system administration information accessible from a browser.
Nguyen Trong ; Haller Daniel R. ; Subramanian Mahadevan P., System, method and article of manufacture for a payment gateway system architecture for processing encrypted payment tr.
Hoskins Josiah C. ; Brooks Ruven E. ; Hafemann Dennis R. ; Chalupa Jan,CZX, System, method and article of manufacture for building an enterprise-wide data model.
Schwenke Marvin J. ; Staron Raymond J. ; Sinclair James A. ; Franklin Paul F. ; Hoskins Josiah C., System, method and article of manufacture for displaying an animated, realtime updated control sequence chart.
Weber Jay C. ; Rowney Kevin T. B. ; Kramer Glenn A., System, method and article of manufacture for exchanging software and configuration data over a multichannel, extensible, flexible architecture.
Haller Daniel R. ; Nguyen Trong, System, method and article of manufacture for handling transaction results in a gateway payment architecture utilizing.
Daniel R. Haller ; Trong Nguyen ; Kevin T. B. Rowney ; David A. Berger ; Glenn A. Kramer, System, method and article of manufacture for managing transactions in a high availability system.
Haller Daniel R. ; Nguyen Trong ; Rowney Kevin T. B. ; Berger David A. ; Kramer Glenn A., System, method and article of manufacture for managing transactions in a high availability system.
Kevin T. B. Rowney, System, method and article of manufacture for transmitting messages within messages utilizing an extensible, flexible architecture.
Hafemann Dennis R. ; Brooks Ruyen E. ; Hoskins Josiah C. ; Sastry Shivakumar, System, method and article of manufacture for utilizing external models for enterprise wide control.
Krishnaswamy Sridhar ; Elliott Isaac K. ; Reynolds Tim E. ; Forgy Glen A. ; Solbrig Erin M., System, method and article of manufacture with integrated video conferencing billing in a communication system architect.
Haswell, John Jeffrey; Young, Robert J.; Schramm, Kevin, System, method, and article of manufacture for test maintenance in an automated scripting framework.
Wallace, Robert L.; Hart, Brian T.; Hart, Richard D.; Berube, Arthur A.; Liff, Harold J.; Buciuman-Coman, Liana; Dowling, James; Piantedosi, Steve, Systems and methods for dispensing medical products.
William J. Baer ; James A. Barker ; Edward Hanapole ; Robert C. Hartman, Jr. ; Eugene Johnson, Jr. ; I-Ming Kao ; Janet L. Murray ; Jerry D. Robertson, III ; Richard W. Walkus, Volume management method and system for a compilation of content.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.