Processing

Please wait...

Settings

Settings

Goto Application

1. WO2020112414 - APPLYING APPLICATION LAYER POLICY TO TRANSPORT LAYER SECURITY REQUESTS SYSTEMS AND METHODS

Note: Text based on automatic Optical Character Recognition processes. Please use the PDF version for legal matters

[ EN ]

CLAIMS

What is claimed is:

1 A method for applying an application layer policy to a transport layer security request, the method comprising:

(a) receiving, by a device intermediary to one or more clients and one or more servers, a transport layer security (TLS) request to establish a TLS connection between a client of the one or more clients and a server of the one or more servers, the TLS request including an application layer request to a resource of the server;

(b) applying, by the device, an application layer policy to the application layer request of the TLS request; and

(c) determining, by the device responsive to applying the application layer policy, whether to one of accept or reject at least the application layer request of the TLS request.

2 The method of claim 1, wherein (c) further comprises rejecting the application layer request but accepting the TLS request.

3. The method of claim 2, further comprising omitting, by the device, an extension for early data during a TLS handshake with the client to indicate rejection of the application layer request.

4. The method of claim 1, wherein (c) further comprises accepting both the TLS request and the application layer request.

5. The method of claim 4, further comprising including, by the device, an extension for early data during a TLS handshake with the client to indicate allowing the application layer request.

6. The method of claim 1, wherein (b) further comprises decrypting, by the device, the application layer request using at least one key included within the TLS request.

7. The method of claim 1, further comprising identifying, by the device based at least on the TLS request, the application layer policy for accessing the resource.

8. The method of claim 1, wherein the application layer policy specifies a pattern for matching against at least a portion of the application layer request.

9. The method of claim 1, wherein the application layer request comprises a HyperText Transfer Protocol (HTTP) request.

10. The method of claim 1, further comprising terminating, at the device, the TLS connection with the client and establishing a communication channel between the device and the server.

11. A system for applying an application layer policy to a transport layer security request, the system comprising:

a device intermediary to one or more clients and one or more servers, wherein the device is configured to:

receive a transport layer security (TLS) request to establish a TLS connection between a client of the one or more clients and a server of the one or more servers, wherein the TLS request includes an application layer request to a resource of the server;

apply an application layer policy to the application layer request of the TLS request; and

determine responsive to applying the application layer policy, whether to one of accept or reject at least the application layer request of the TLS request.

12. The system of claim 11, wherein the device is further configured to reject the application layer request but accept the TLS request.

13. The system of claim 12, wherein the device is further configured to omit an extension for early data during a TLS handshake with the client to indicate rejection of the application layer request.

14. The system of claim 11, wherein the device is further configured to accept both the TLS request and the application layer request.

15. The system of claim 14, wherein the device is further configured to include an extension for early data during a TLS handshake with the client to indicate allowing the application layer request.

16. The system of claim 11, wherein the device is further configured to decrypt the application layer request using at least one key included within the TLS request.

17. The system of claim 11, wherein the device is further configured to identify, based at least on the TLS request, the application layer policy for accessing the resource.

18. The system of claim 11, wherein the application layer policy is configured with a pattern for matching against at least a portion of the application layer request.

19. The system of claim 11, wherein the application layer request comprises a HyperText Transfer Protocol (HTTP) request.

20. The system of claim 11, wherein the device is further configured to terminate the TLS connection with the client and establishing a communication channel between the device and the server.