Abstract: A system and method are directed to managing text input. An image of a virtual keyboard is displayed to a user. The user enters text by using the virtual keyboard image and an input device, such as a pointing device. The image is repeatedly altered, such as by position, size, angle, or shape. One technique includes altering the image after each selection of a virtual key is made. One aspect of the invention includes determining sensitive input fields within a page and facilitating the use of the virtual keyboard for those fields. The invention can be used to improve security when the possibility of keyboard sniffers exists.

Abstract: Disclosed are methods and systems for providing persistence across multiple requests in a WAN load-balanced environment. More than one load balancing system may be used to provide persistence while load balancing. One method and system disclosed provides persistence by using modulus arithmetic to load balance requests. Another method and system disclosed provides persistence using topology information contained in the request. Another method and system disclosed provides persistence by storing connection information to refer a timely continuation request of a prior request to the same server the prior request was referred to. When more than one load balancing system is used with this method, the load balancing systems periodically exchange the stored connection information so that each load balancing system may provide persistence to repeat requests.

Abstract: A system and computer implementable method for updating content on servers coupled to a network. The method includes updating an origin server with a version of files used to provide content, retrieving data that indicates an action to be performed on one or more cache servers in conjunction with updating the origin server, and performing the action to update entries in the one or more cache servers. Each entry in each cache server is associated with a subset of the content on the origin server and may include an expiration field and/or a time to live field. An example of a subset of content to which a cache entry may be associated is a Web page. Cache servers are not required to poll origin servers to determine whether new content is available. Cache servers may be pre-populated using push or pull techniques.

Abstract: A method and system is directed to routing a flow of packets over a network to multiple traffic management devices. An apparatus receives each packet from a network and forwards the packet to one of a group of traffic management devices. The apparatus also may receive packets from servers for which the traffic management devices are managing communications. When forwarding packets, a traffic management device is selected from the group of traffic management devices by employing a hash of an IP address and port number. The IP address and port number are selected from source or destination information in the packet that has a greater port number. When the traffic management device performs a network address translation, further actions may be performed so that packets that are part of a flow between two network devices are delivered to the same traffic management device.

Abstract: A system for distributing network traffic to multiple traffic management devices. A distributor receives each packet from a network and may act as a layer 2 switch, a router, or distribute the packet to one of a group of traffic management devices. The distributor may receive packets from servers that the traffic management devices are managing communications to. When distributing packets to traffic management devices, information such as source and destination addresses may be used to determine which traffic management device each packet should be sent to. The distributor causes packets that are part of a flow to be delivered to the same traffic management device.

Abstract: A method and system for authenticating and authorizing requesters interacting with content servers. A message including a request is forwarded from an upstream device and received by an intermediate device. The intermediate device authenticates the upstream device. Then, if the intermediate device is authorized to make decisions as to which sender may access the content server, the intermediate device determines whether the sender of the message has authority to access the content server as requested in the request. Otherwise, the message is forwarded towards the content server with an indication that the intermediate device authenticated the upstream device.

Abstract: A method, system, machine-readable storage medium, and apparatus are directed towards upgrading a cluster by bifurcating the cluster into two virtual clusters, an “old” virtual cluster (old active cluster) and a “new” virtual cluster (new standby cluster), and iteratively upgrading members of the old cluster while moving them into the new cluster. While members are added to the new cluster, existing connections and new connections are seamlessly processed by the old cluster. Optionally, state mirroring occurs between the old cluster and the new cluster once the number of members of the old and new clusters are approximately equal. Once a threshold number of members have been transferred to the new cluster, control and processing may be taken over by the new cluster. Transfer of control from the old cluster to the new cluster may be performed by failing over connectivity from the old cluster to the new cluster.

Abstract: A system, apparatus, and method are directed to managing multiple back-end connections for pipelined HTTP communications. A traffic management device is configured to open back-end connections to multiple servers. The traffic management device distributes HTTP requests from a client device across multiple server connections. Instead of buffering the responses to ensure that each are returned in a same order as the requests, the traffic management device throttles a TCP receive window between all of the back-end server connections, but that back-end server connection associated with a first expected response. As each response is sent to the client device, the TCP window for the next back-end server connection is opened. This effectively offloads any significant buffering onto the back-end servers, enabling the traffic management device to return the responses in the same order as the requests.

Abstract: A method and apparatus for managing dynamic content processing in a reverse proxy server. The reverse proxy server may include modules for handling dynamic links, invalid or incorrect HTML code, and the like, in HTTP data. The reverse proxy server may further accept user- or administrator-defined specific modules for handling HTTP data. Upon receiving the HTTP data from the host server in response to a request from a client, the reverse proxy server determines whether pre-patching module(s) or post-patching module(s) are to be executed. Depending on the determination specific modules are executed before, after, or before and after generic patching. In one embodiment, the modules may include tags for automatic starting of an application tunnel, when an application requiring an application tunnel is to be launched at a host server.

Abstract: An architecture for optimizing network communications that utilizes a device positioned at two edges of a constrained Wide Area Network (WAN) link. The device intercepts outgoing network packets and reroutes them to a proxy application. The proxy application uses persistent connections with a network accelerator device at the other end of the persistent connection. The proxy applications transmit the intercepted data after compressing it using a dictionary-based compression algorithm. Packet mangling may involve spoofing the connection request at each end node; a proxy-to-proxy communication protocol specifies a way to forward an original address, port, and original transport protocol information end to end. The packet mangling and proxy-to-proxy communication protocol assure network transparency.

Abstract: A method and system for caching HTTP POST requested content using standard caching rules associated with HTTP GET requests are disclosed. When a POST request is received, it is transformed into a GET request with an identifying tag. The identifying tag includes an index value that is unique to the POST request and is based on the POST request's URL and payload. When the POST request has not been encountered before the POST request's URL and payload is stored in a data store. The client then receives a redirect response including the GET request with the identifying tag that it uses to request the data. When the ensuing GET request with the identifying tag is received it is determined if the requested content has been cached. If so, the cached content is returned to the client. Otherwise, the original POST request is recreated and sent to the origin server to retrieve the content. The returned content is sent to the client and is cached using the GET request with the identifying tag.

Abstract: A method and apparatus for accessing a destination computer behind a firewall using a browser are described. In one embodiment, the method includes an intermediary service receiving a destination computer request, which demonstrates that the destination computer is available to be accessed, and receiving a browser request to access the destination computer. The method then includes the intermediary service associating the browser with the destination computer and providing communication between the browser and the destination computer. The communication is being provided in a form acceptable to the firewall.

Abstract: A switched file system, also termed a file switch, is logically positioned between client computers and file servers in a computer network. The file switch distributes user files among multiple file servers using aggregated file, transaction and directory mechanisms. The file switch distributes and aggregates the client data files in accordance with a predetermined set of aggregation rules. Each rule can be modified independently of the other rules. Different aggregation rules can be used for different types of files, thereby adapting the characteristics of the switched file system to the intended use and to the expected or historical access patterns for different data files.

Abstract: A method and apparatus for inserting and examining Cookies in the data streams of HTTP connections for the purpose of persistently directing HTTP connections to the same destination. A network device directs subsequent HTTP connections from the same client to the same server (destination) for accessing the requested resources. There are four modes for employing the Cookie to persistently direct HTTP connections. The associated mode inserts a Cookie that uniquely identifies the client into an HTTP response. The passive mode inserts Cookie information that uniquely identifies a previously selected destination into an HTTP response. In the rewrite mode, a network device manages the destination information that is rewritten over blank Cookie information generated by the destination producing the HTTP response. The insert mode inserts and removes Cookie information in the data packets for HTTP requests and response prior to processing by the destination.

Abstract: An apparatus and method are provided in a computer network to decouple the client from the server, by placing a transparent network node, also termed a file switch or file switch computer, between the client and the server. Usage of such a file switch allows reduced latency in file transfers, as well as scalable mirroring, striping, spillover, and other features.

Abstract: A switched file system, also termed a file switch, is logically positioned between client computers and file servers in a computer network. The file switch distributes user files among multiple file servers using aggregated file, transaction and directory mechanisms. The file switch supports caching of a particular aggregated data file either locally in a client computer or in the file switch in accordance with the exclusivity level of an opportunistic lock granted to the entity that requested caching. The opportunistic lock can be obtained either on the individual data files stored in the file servers or on the metadata files that contain the location of each individual data files in the file servers. The opportunistic lock can be broken if another client tries to access the aggregated data file. Opportunistic locks allows client-side caching while preserving data integrity and consistency, hence the performance of the switched file system is increased.

Abstract: The invention provides for employing a complex data structure to optimize the retrieval of data over a network. The complex data structure includes two separate sub-data structures (Trie and List) that separately reference the same data objects in a data store. The Trie sub-data structure is used to fulfill a single data object request. The List sub-data structure is employed with function requests related to several data objects. Each data object is associated with a parent object that includes a list of every reference to the data object in both the Trie and List sub-data structures. A collector object is a type of data object that is associated with a member object and which includes a list of other related data/collector objects. When data associated with the collector object is requested, other data associated with the other data/collector objects on the member object list are automatically retrieved.

Abstract: A method and apparatus for allocating access to a scarce resource. A load of each flow on the resource is calculated. The aggregate load is compared to a maximum steady state load. A drop policy is established responsive to the comparison. The drop policy is applied to the flows at an input interface of the device.

Abstract: A technique for connecting New Network Devices (NNDs) to an existing communication network. The NND caches the MAC address of an Original (or “Old”) Network Device, then gratuitously transmits Address Resolution Protocol (ARP) responses on behalf of the OND, but pointing to its own MAC address. This, in effect, allows the NND to insert itself in the path of packets originally destined for the OND. After performing its designated operations such as filtering, compression, caching, file serving, virus scanning, etc., any remaining packets can still be forwarded to the OND for further processing. In this event, the packets are forwarded by the NND to the OND as MAC layer frames using the OND's MAC address only and not its IP address. In the event that the NND fails, no special steps need to be taken, as the OND will eventually receive traffic again as it responds to further ARP requests.

Abstract: An apparatus and method are provided in a computer network to decouple the client from the server, by placing a transparent network node, also termed a file switch or file switch computer, between the client and the server. Usage of such a file switch allows reduced latency in file transfers, as well as scalable mirroring, striping, spillover, and other features.