Inventors:
Eric Bloch - San Mateo CA, US
Shalabh Mohan - Mountain View CA, US
Rajendraprasad R. Pagaku - Foster City CA, US
Doug Moore - Houston TX, US
Mark Krentel - Houston TX, US
Bruce Thompson - South San Francisco CA, US
Julian R. Elischer - El Cerrito CA, US
Brandon L. Golm - San Francisco CA, US
Assignee:
Ironport Systems, Inc. - San Bruno CA
International Classification:
G06F 15/16
G06F 11/00
US Classification:
726 11, 726 22, 726 23, 726 24
Abstract:
A data processing apparatus can perform HTTP traffic monitoring and filtering of HTTP requests from clients and responses from servers. Example apparatus comprises a processor, a first network interface to a protected network, a second network interface to an external network, and a traffic monitor having an address-domain name database, a firewall rules manager, and a DNS snooper. The traffic monitor accesses a blacklist and can perform receiving, from a client computer, a request to access a resource in the external network; blocking the request to the resource when a user agent of the client is in the blacklist as malicious software or when a file extension in a response to the request is in the blacklist; requesting, from a web reputation service, and receiving a reputation score indicating a reputation of the resource; blocking sending the request to the resource when the reputation is below a specified threshold.