Anoop K Reddy

8413225, Apr 2, 2013

Dec 22, 2010

12/976678

Craig Anderson - Sunnyvale CA, US
Anoop Reddy - San Jose CA, US
Rajiv Mirani - Los Gatos CA, US
Abhishek Chauhan - Saratoga CA, US

Citrix Systems, Inc. - Fort Lauderdale FL

H04L 29/02

726 12, 726 11

The present invention is directed towards systems and methods for efficiently an intermediary device processing strings in web pages across a plurality of user sessions. A device intermediary to a plurality of clients and a server identifies a plurality of strings in forms and uniform resource locators (URLs) of web pages traversing the device across a plurality of user sessions. The device stores each string of the plurality of strings to one or more allocation arenas shared among a plurality of user session. Each string is indexed using a hash key generated from the string. The device recognizes that a received string transmitted from a webpage of a session of a user is eligible to be shared among the plurality of user sessions. The device determines that a copy of the received string is stored in an allocation arena using a hash generated from the received string. The device uses the copy of the received string stored in the allocation arena in place of the string in the web page of the session of the user to process the web page.

8438626, May 7, 2013

Dec 23, 2009

12/645845

Craig Anderson - Sunnyvale CA, US
Anoop Reddy - San Jose CA, US
Rajiv Mirani - Los Gatos CA, US
Abhishek Chauhan - Saratoga CA, US

Citrix Systems, Inc. - Fort Lauderdale FL

G06F 9/00

726 11

The present invention is directed towards systems and methods for sharing session data among cores in a multi-core system. A first application firewall module executes on a core of a multi-core intermediary device which establishes a user session. The first application firewall module stores application firewall session data to memory accessible by the first core. A second application firewall module executes on a second core of the multi-core intermediary device. The second application firewall module receives a request from the user via the established user session. The request includes a session identifier identifying that the user session was established by the first core. The second application firewall module determines to perform one or more security checks on the request and communicates a portion of the request the first core. The second application firewall module receives and processes the security check results and instructions from the first core.

8490148, Jul 16, 2013

Mar 12, 2007

11/685177

Namit Sikka - San Jose CA, US
Anoop Reddy - Santa Clara CA, US
Rajiv Mirani - San Jose CA, US
Abhishek Chauhan - San Jose CA, US

Citrix Systems, Inc - Fort Lauderdale FL

G06F 17/00

726 1, 726 13, 726 22, 715700

Systems and methods for configuring and evaluating policies that direct processing of one or more data streams are described. A configuration interface is described for allowing users to specify object oriented policies. These object oriented policies may allow any data structures to be applied with respect to a payload of a received packet stream, including any portions of HTTP traffic. A configuration interface may also allow the user to control the order in which policies and policy groups are executed, in addition to specifying actions to be taken if one or more policies are undefined. Systems and methods for processing the policies may allow efficient processing of object-oriented policies by applying potentially complex data structures to unstructured data streams. A device may also interpret and process a number of flow control commands and policy group invocation statements to determine an order of execution among a number of policies and policy groups. These policy configurations and processing may allow configuration and processing of complex network behaviors relating to load balancing, VPNs, SSL offloading, content switching, application security, acceleration, and caching.

8578099, Nov 5, 2013

Jun 15, 2012

13/524692

Anoop Kandi Reddy - San Jose CA, US
Craig Steven Anderson - Sunnyvale CA, US
Prakash Khemani - San Jose CA, US

Citrix Systems, Inc. - Fort Lauderdale FL

G06F 12/08

711118, 711103, 711E12017, 709227, 726 14

The present invention is directed towards integrating cache managing and application firewall processing in a networked system. An integrated cache/firewall system comprises an application firewall operating in conjunction with a cache managing system in operation on an intermediary device. The application firewall processes a received HTTP response to a request by a networked entity serviced by the intermediary device. The application firewall generates metadata from the HTTP response and stores the metadata in cache with the HTTP response. When a subsequent request hits in the cache, the metadata is identified to a user session associated with the subsequent request. The application firewall can modify a cache-control header of the received HTTP response, and can alter the cookie-setting header of the cached HTTP response.

8640216, Jan 28, 2014

Dec 23, 2009

12/645924

Craig Anderson - Sunnyvale CA, US
Anoop Reddy - San Jose CA, US
Yariv Keinan - San Francisco CA, US

Citrix Systems, Inc. - Fort Lauderdale FL

G06F 17/00
H04L 29/06

726 11, 726 1, 726 2, 726 3, 726 4, 726 12, 726 14, 726 26, 726 30, 713151, 713152, 713154, 713161, 713165, 713170, 713171

The present solution described herein is directed towards systems and methods to prevent cross-site request forgeries based on web form verification using unique identifiers. The present solution tags each form from a server that is served out in the response with a unique and unpredictable identifier. When the form is posted, the present solution enforces that the identifier being returned is the same as the one that was served out to the user. This prevents malicious unauthorized third party users from submitting a form on a user's behalf since they cannot guess the value of this unique identifier that was inserted.

20090193126, Jul 30, 2009

Jan 26, 2009

12/359998

Puneet Agarwal - Bangalore, IN
Srinivasan Thirunarayanan - Chennai, TH
Vamsi Korrapatti - Sunnyvale CA, US
Prakash Khemani - San Jose CA, US
Rajiv Mirani - San Jose CA, US
Anoop Reddy - San Jose CA, US

G06F 15/173

709228

The present disclosure provides solutions for an enterprise providing services to a variety of clients to enable the client to use the resources provided by the enterprise by modifying URLs received and the URLs from the responses from the servers to the client's requests before forwarding the requests and the responses to the intended destinations. An intermediary may identify an access profile for a clients' request to access a server via a clientless SSL VPN session. The intermediary may detect one or more URLs in content served by the server in response to the request using one or more regular expressions of the access profile. The intermediary may rewrite or modify, responsive to detecting, the one or more detected URLs in accordance with a URL transformation specified by one or more rewrite policies of the access profile. The response with modified URLs may be forwarded to the client.

20100325357, Dec 23, 2010

Jun 22, 2009

12/489215

Anoop Kandi Reddy - San Jose CA, US
Craig Steven Anderson - Sunnyvale CA, US
Prakash Khemani - San Jose CA, US

G06F 21/00
G06F 12/08
G06F 15/16

711118, 726 14, 709227, 711E12017

The present invention is directed towards systems and methods for integrating cache managing and application firewall processing in a networked system. In various embodiments, an integrated cache/firewall system comprises an application firewall operating in conjunction with a cache managing system in operation on an intermediary device. In various embodiments, the application firewall processes a received HTTP response to a request by a networked entity serviced by the intermediary device. The application firewall generates metadata from the HTTP response and stores the metadata in cache with the HTTP response. When a subsequent request hits in the cache, the metadata is identified to a user session associated with the subsequent request. In various embodiments, the application firewall can modify a cache-control header of the received HTTP response, and can alter the cookie-setting header of the cached HTTP response. The system and methods can significantly reduce processing time associated with application firewall processing of web content exchanged over a network.

20100325588, Dec 23, 2010

Jun 22, 2009

12/489329

Anoop Kandi Reddy - San Jose CA, US
Stanley Wong - Cupertino CA, US
Raghu Goyal - Bangalore, IN
Sanjay Gupta - Bangalore, IN

G06F 15/18
G06F 3/048
G06F 21/00

715853, 706 12, 726 11

The present invention is directed towards systems and methods for generating a representation a plurality of learned rules from a learning engine of an application firewall. The representation may be generated based on a history of URL communications with a web server. A learning engine of an application firewall may determine a plurality of learned rules based on a history of URL communications with a web server. Each of the plurality of learned rules mat be assigned a URL string. A visualizer can categorize a subset of the plurality of learned rules under a first check type of a plurality of check types. The visualizer may further generate a tree representation of URL strings of the subset of learned rules. Each node of the tree corresponds to a segment of the URL strings identified based on a delimiter for the URL strings.