Abstract: Integrated techniques for computer bot detection and human user based access include determining if a client device has been identified as a computer bot based upon client information extracted from a service request and a service policy. The service policy is also utilized to determine if the client device is operating under control of a human user or operating autonomously based upon matching a captcha response to an expected captcha response.

Abstract: In response to communications between one or more given networks and one or more other networks, a network protection appliance discovers one or more computing resources of the one or more given networks from a plurality of protocol layers of the received communications. The network protection appliance also gleans properties of the one or more discovered computing resources of the one or more given networks from the plurality of protocol layers of the received communications. The network protection appliance maps the gleaned properties of the one or more discovered computing resources of the one or more given networks to a plurality of network protection policies. The network protection appliance also determines an applicable network protection policy for processing a corresponding received communication from the mapping of the gleaned properties of the one or more discovered given computing resources of the one or more given networks to the plurality of network protection policies.

Abstract: System and method for mobile network access load balancing. In accordance with a first method embodiment, a method includes receiving, at a network access load balancing controller, performance status information from a mobile network access gateway. The method also includes calculating, at the network access load balancing controller, a dynamic performance score for the mobile network access gateway utilizing the performance status information and calculating, at the network access load balancing controller, a weighted ranking of dynamic performance scores of a plurality of mobile network access gateways. The method further includes assigning, based on the weighted ranking of dynamic performance scores, one of the plurality of mobile network access gateways to serve as a mobile network access gateway for a user element.

Abstract: Client profile and service policy based captcha techniques. In one embodiment, a method comprises receiving a service request from a client device. A captcha is selected based upon the client information and a client policy in response to the service request. Captcha instructions and expected captcha response are generated for the selected captcha. The captcha instructions are sent to the client device for processing thereby. In response to the captcha instruction, a captcha response from the client device may be received. The captcha response is compared to the expected response to determine based on the service policy if the client device is operating under control of a user or operating autonomously.

Abstract: A method for routing Internet traffic is disclosed. The method comprises receiving an IPv6 packet. Further, the method comprises determining if the IPv6 packet comprises an extension header with geo-location information. Finally, responsive to a determination that the IPv6 packet comprises an extension header with geo-location information, the method comprises performing an action based on the geo-location information, wherein the action is selected from the group consisting of: authenticating the IPv6 packet, prioritizing the IPv6 packet relative to other packets, routing the IPv6 packet, and monitoring of the IPv6 packet.

Abstract: Captcha risk or score technique systems and methods are presented. A method can begin with extracting client information from the service request. The extracted client information may be used to determine if the client device has been identified as a computer bot. A captcha is also selected in response to the service request. Captcha instructions and expected captcha response are generated for the selected captcha. The captcha instructions are sent to the client device for processing and a captcha response from the client device may be received, which is compared to the expected response to determine based on the service policy if the client device is operating under control of a human user or operating autonomously. Risk levels may be associated with likelihood of the client device being a bot computer and operating autonomously or operating under control of a human user.

Abstract: System and method of determining active/standby statuses of an intermediary device with respect to a logic group based on a user defined switchover policy. A user is allowed to configure a template to determine respective health levels for multiple sets of delivery resources. Each set of resources associated with a function engine residing in a respective intermediary device. The multiple sets of resources, in conjunction with the associated function engines, are equivalently operable to provide the same service function. The template may include user-specified events and respective weight factors. The specified events are monitored and a health score is dynamically derived for each delivery resource based on the template. Based on an updated health score rank with respect to the service function, a switchover may automatically occur from an intermediary device of a lower health score to another device with a higher health score.

Abstract: A method for performing Layer 3 direct server return is disclosed. The method comprises receiving an IP packet from a client device over a communication network. Further, the method comprises extracting a virtual IP address from a destination header field of the IP packet. Subsequently, the method comprises determining a server to which to forward the IP packet and inserting an IP address of the server in the destination header field of the IP packet. Next, the method comprises inserting the virtual IP address in an extension header for the IP packet. Finally, in one embodiment, the method comprises transmitting the IP packet to the server over the communication network.

Abstract: A method for providing geo-location information in a communication packet is disclosed. The method comprises constructing an IPv6 packet using a client device. Further, the method comprises inserting an extension header into the IPv6 packet. Also, the method comprises determining geo-location information. Next, the method comprises inserting the geo-location information into the extension header. Finally, the method comprises transmitting the IPv6 packet to a communication network.

Abstract: A method for handling hyper-text transfer protocol (“HTTP”) requests from client devices is disclosed. The method comprises receiving an HTTP request from a client device to connect to a destination server. It further comprises extracting a plurality of HTTP headers from the HTTP request using a gateway device in accordance with a user defined configuration to create a subset of the request. Next, it comprises forwarding the subset to an external security device from the gateway device to perform URL policy processing using the request. Finally, it comprises based on a received result of the URL policy processing, transmitting the client request to the destination server.

Abstract: A method for handling hyper-text transfer protocol (“HTTP”) requests from client devices is disclosed. The method comprises receiving an HTTP request from a client device to connect to a destination server. It further comprises extracting a plurality of HTTP headers from the HTTP request using a gateway device in accordance with a user defined configuration to create a subset of the request. Next, it comprises forwarding the subset to an external security device from the gateway device to perform URL policy processing using the request. Finally, it comprises based on a received result of the URL policy processing, transmitting the client request to the destination server.