US Patent:
20130254343, Sep 26, 2013
Inventors:
Matthew J. Stevens - Lexington MA, US
Ameya P. Shendarkar - San Mateo CA, US
Assignee:
AKAMAI TECHNOLOGIES INC. - Cambridge MA
International Classification:
G06F 15/16
Abstract:
A server has a firewall module that performs accounting of traffic seen at the server. The traffic includes message exchanges, such as HTTP requests and HTTP responses. The server tests the message exchanges to determine if they match any of several message exchange categories. The server keeps statistics on matching traffic, for example the rate of matching traffic generated by a particular requesting client. Typically, the server is a proxy server that is part of a content delivery network (CDN), and the message exchanges occur between a client requesting content, the proxy server, other servers in the CDN, and/or an origin server from which the proxy server retrieves requested content. Using the message exchange model and the statistics generated thereby, the server can flag particular traffic or clients, and take protective action (e.g., deny, alert). In an alternate embodiment, a central control system gathers statistics from multiple servers for analysis.