-
公开(公告)号:US11621924B2
公开(公告)日:2023-04-04
申请号:US17490975
申请日:2021-09-30
申请人: Cloudflare, Inc.
发明人: Matthew Browning Prince , Matthieu Philippe François Tourne , Christopher Stephen Joel , John Brinton Roberts , Michael Jonas Sofaer , Jason Thomas Walter Benterou
摘要: A proxy server automatically includes web applications in web pages at the network level. The proxy server receives, from a client device, a request for a network resource at a domain and is hosted at an origin server. The proxy server retrieves the requested network resource. The retrieved network resource does not include the web applications. The proxy server determines that the web applications are to be installed within the network resource. The proxy server automatically modifies the retrieved network resource to include the web applications. The proxy server transmits a response to the client device that includes the modified network resource. The network resource may remain unchanged at the origin server.
-
公开(公告)号:US20230083295A1
公开(公告)日:2023-03-16
申请号:US17878839
申请日:2022-08-01
申请人: CLOUDFLARE, INC.
发明人: Dani Grant
IPC分类号: H04L9/40 , H04L67/141 , H04L67/60 , H04L61/4511 , H04L61/5007 , H04L67/12 , G06F8/65
摘要: An Internet of Things (IoT) protection service at the network level is described. A secure session is established between an edge server and an IoT client that is requesting to send data to an IoT device. The edge server receives the request from the IoT client over the secure session instead of the IoT device directly because a Domain Name System (DNS) request for a unique fully qualified domain name assigned to the IoT device returns an IP address of the edge server instead of an IP address of the IoT device. The edge server analyzes the request to determine whether to transmit the request to the IoT device, including applying web application firewall rule(s) against the request. If the request does not trigger any rule, then the edge server transmits the request to the IoT device. If the request triggers any rule, then the edge server blocks the request.
-
公开(公告)号:US20230045949A1
公开(公告)日:2023-02-16
申请号:US17977381
申请日:2022-10-31
申请人: CLOUDFLARE, INC.
摘要: Traffic is received at an interface of a compute server. Identity information associated with the traffic is determined including an identifier of a customer to which the traffic is attributable. An egress policy configured for the first customer is used to determine whether the traffic is allowed to be transmitted to a destination where that destination is a resource of a second customer. If the traffic is allowed to be transmitted, the traffic and identity information is transmitted over a cross-customer GRE tunnel to a namespace of the second costumer on the compute server. An ingress policy configured for the second customer is used to determine whether the traffic is allowed to be transmitted to the destination, and if it is, then the traffic is transmitted.
-
公开(公告)号:US20230041645A1
公开(公告)日:2023-02-09
申请号:US17973216
申请日:2022-10-25
申请人: CLOUDFLARE, INC.
发明人: Jeff Sesung Kim , Junho Choi , Sang Jo Lee , Young Keun Park , Tianyu Shi
IPC分类号: H04W4/60
摘要: Techniques for providing mobile device content delivery acceleration for mobile applications are discussed herein. Some embodiments may provide for a mobile accelerator system including a plurality of point-of-presences (POPs) and a control tower system. The control tower system may be configured to control mobile data transfer acceleration between a mobile device and the content server via the plurality of POPs of the mobile accelerator system. Each mobile application executing on the mobile device may be registered, validated, and then associated with a device POP that forms a dedicated connection with an entry POP of the plurality of POPs. Mobile data transfer acceleration for each mobile application may be selectively activated or deactivated, such as based on user configurations at the application level, domain name level, and/or country level.
-
公开(公告)号:US11563685B2
公开(公告)日:2023-01-24
申请号:US17560121
申请日:2021-12-22
申请人: CLOUDFLARE, INC.
IPC分类号: H04L45/745 , H04L12/46 , H04L67/10 , H04L67/01 , H04L67/56
摘要: Method and apparatus for traffic optimization in virtual private networks (VPNs). A client device establishes a first VPN connection with a first server based on first VPN credentials. Traffic is transmitted and received through the first VPN connection to and from the first server. A second server is identified based on traffic optimization criteria that need to be satisfied by the VPN connection. Upon receipt of the identification of the second server the client device is to use the second server as a destination of a second VPN connection. The second VPN connection satisfies a set of traffic optimization goals for at least one flow from the flows forwarded through the first VPN connection. Based on the identification of the second server, the client device establishes the second VPN connection for the flow between the client device and the second server.
-
公开(公告)号:US11546175B2
公开(公告)日:2023-01-03
申请号:US17181917
申请日:2021-02-22
申请人: CLOUDFLARE, INC.
摘要: An attack is detected on a first IP address and a determination is made that the first IP address is associated with a primary digital certificate that is bound with multiple different domains. For each of these domains, a secondary certificate is accessed that is bound only to that domain and that secondary certificate is associated with a unique IP address such that each of the different domains has a unique IP address associated with its secondary certificate respectively. The attack is isolated to the domain the attack follows.
-
公开(公告)号:US20220337654A1
公开(公告)日:2022-10-20
申请号:US17559994
申请日:2021-12-22
申请人: CLOUDFLARE, INC.
发明人: Killian Koenig , Dane Orion Knecht , James Royal
IPC分类号: H04L67/02 , H04L67/561 , H04L67/51 , H04L9/40
摘要: Layer 7 protocol (non-HTTP) client applications are executed in the browser. The non-HTTP layer 7 protocol client application connects to a compute server that proxies layer 4 packets to the origin network that has the non-HTTP layer 7 protocol service. As an example, an SSH client (a non-HTTP layer 7 protocol) can execute in the browser and the TCP packets (layer 4 packets) are proxied by a compute server to the origin network that has the appropriate SSH server. The non-HTTP layer 7 protocol client application allows users to run commands or otherwise interact with the client as if they were using a native application (one that is not executed within the browser) without any client-side configuration or agent.
-
88.发明申请公开(公告)号:US20220337630A1
公开(公告)日:2022-10-20
申请号:US17672500
申请日:2022-02-15
申请人: CLOUDFLARE, INC.
发明人: Jesse Kipp , Patrick Meenan
IPC分类号: H04L9/40
摘要: Methods and apparatuses for automatic determination of a content security policy for a network resource are described. A proxy server receives from a first authenticated client device a first request for a first network resource, retrieves the first network resource and transmits a first response to the first client device that includes a content tracker that causes the client device to report information on additional network resources identified when the first client device interprets the first network resource. A content security policy is determined based on the reported information. The proxy server receives, from a second client device, a second request for the first network resource. The proxy server transmits, to the second client device, a second response that includes the content security policy that is determined based on the information on the additional network resources.
-
公开(公告)号:US20220303244A1
公开(公告)日:2022-09-22
申请号:US17700058
申请日:2022-03-21
申请人: CLOUDFLARE, INC.
发明人: Nicholas Alexander Wondra , Igor Postelnik , Michael John Vanderwater , Adam Simon Chalmers , Nuno Miguel Lourenço Diegues , Arég Harutyunyan , Erich Alfred Heine
摘要: A unified network service that connects multiple disparate private networks and end user client devices operating on separate networks is described. The multiple disparate private networks and end user client devices connect to a distributed cloud computing network that provides routing services, security services, and performance services, and that can be controlled consistently regardless of the connection type. The unified network service provides uniform access control at the L3 layer (e.g., at the IP layer) or at a higher layer using user identity information (e.g., a zero-trust model). The disparate private networks are run on top of the distributed cloud computing network. The virtual routing layer of the distributed cloud computing network allows customers of the service to have private resources visible only to client devices (e.g., user devices of the customer and/or server devices of the customer) of the organization while using address space that potentially overlaps with other customers of the distributed cloud computing network.
-
90.发明申请公开(公告)号:US20220182448A1
公开(公告)日:2022-06-09
申请号:US17566539
申请日:2021-12-30
申请人: CLOUDFLARE, INC.
发明人: Kenton Taylor Varda , Alex Dwane Robinson , Brett Joseph Hoerner , Loren Cody Koeninger , Gregory Richard McKeon
IPC分类号: H04L67/1097 , H04L67/01 , H04L67/1021
摘要: A compute server of a distributed cloud computing network receives a request for an object that is to be handled by an object worker, where the object worker includes a single instantiation of a piece of code that solely controls reading/writing to the object. The object worker is instantiated at the compute server. The compute server enforces an access policy to determine whether the request is allowed to be processed by the object worker. If the request is allowed to be processed by the object worker, the object worker processes the request. If the request is not allowed to be processed by the object worker, the request is blocked.
-
-
-
-
-
-
-
-
-
搜索结果
387 条记录 (耗时 0.027 秒)
