Abstract: Methods, non-transitory computer readable media, network traffic management apparatuses, and network traffic management systems that receive a request from a client to log into an application hosted by an application server. A determination is made when the client is authenticated in response to the request. Attribute(s) are extracted from the request, when the determining indicates that the client is authenticated. A first password is generated for the client. A record for the client stored at a global catalog server is identified based on the extracted attributes and the generated first password is injected into the identified record. Credential(s) including at least the generated first password are sent to the application hosted by the application server.

Abstract: Client requests for server resources are received by a network traffic management device (NTMD). The NTMD initially responds to the client requests on behalf of the associated servers. The initial responses include client side language scripts for execution by the clients. Executing the scripts causes the clients to resend their initial requests identified as a potential attack by the NTMD along with information indicating the client's legitimacy, such as the result of a computational JavaScript challenge. The NTMD receives the resent initial request, determines it was sent from a legitimate requestor and is therefore not an attack, and forwards it to the associate server.

Abstract: Embodiments are directed to stateless communication using a stateful protocol. One or more NTMAs may establish a connection with a client computer based on data exchanged with a the client computer using the stateful protocol. The exchanged data may include validation information provided by the one or more NTMAs. The exchanged data and other information associated with the connection may be discarded from one or more memories of the one or more NTMAs. A network packet communicated over the network using the stateful protocol may be obtained. Verification information and candidate validation information may be generated based on one or more characteristics of the network packet. The network packet may be validated based on a comparison of the verification information and the candidate validation information. A reply that adheres to the stateful protocol may be provided to the client computer based on the validated network packet.

Abstract: Embodiments are directed towards managing communication over a network with a traffic management computer (TMC). If a network protocol associated with a network traffic is unknown, additional actions may be performed. Constant value recognition actions may be selected for one or more complex protocols. The one or more complex protocols may be the Teredo protocol, or another tunneling protocol. If constant value recognition conditions may be satisfied still further actions may be performed to determine the complex protocol. If a sufficient number of the action results are affirmative, one or more operations on the network traffic may be performed based on the complex protocol. And, the network traffic may be sent to a client or a server. Performing the operations on the network traffic may include providing an identity of another network protocol that may be encapsulated in the complex protocol.

Abstract: Methods, non-transitory computer readable media, and mobile application manager apparatus that assists with enhancing enforcement on compliance based on security violations includes obtaining security violation data associated with a plurality of enrolled mobile devices and identifying one or more of the plurality of enrolled mobile devices causing one or more security violations based on the obtained security violation data. One or more compliance policies are updated based on the obtained security violation data. A compliance check is performed on the identified one or more enrolled mobile devices causing the one or more security violations based on the updated one or more policies and initiating one or more compliance correction actions on the identified one or more enrolled mobile devices causing the one or more security violations.

Abstract: Methods, non-transitory computer readable media, network traffic management apparatuses, and network traffic management systems that provide parameterized sub-policy evaluation for fine grain access control implemented by determining when there is a result for one of the plurality of sub-policies being evaluated for a received request for a resource during a session. The result for evaluation of the one of the plurality of sub-policies for the received request is used when the determination indicates the result is stored for the session. The one of the plurality of sub-policies is executed on the received request to obtain the result when the determination indicates the result is not stored for the session. The result for the one of the plurality of sub-policies from this execution is stored for the session.

Abstract: A method, non-transitory computer readable medium, security management apparatus, and network traffic management system that monitors received HTTP requests associated with a source IP address to obtain data for one or more signals. A value for one or more bins corresponding to one or more of the signals for individual behavioral histograms and a global behavioral histogram is updated based on the signal data. The individual behavioral histograms each correspond to one of the source IP addresses. A determination is made when a DDoS attack condition is detected. When the determining indicates that the DDoS attack condition is detected, an attack pattern is identified in the global behavioral histogram and a mitigation action is initiated for one of the source IP addresses based on a correlation of one of the individual behavioral histograms, which corresponds to the one of the source IP addresses, to the attack pattern.

Abstract: Methods, non-transitory computer readable media, network traffic management apparatuses, and network traffic management systems performing load balancing in a federated identity environment. An enhanced identity service provider server receives a redirected user authentication from a client device. Upon successfully authenticating the user of the client device a token is generated. Further another service provider server is selected based on a comparison of one or more network parameters and the client device is redirected with the token to the another selected service provider server. Based on a validation of the token the client device accesses applications protected by the selected another service provider server.

Abstract: Embodiments are directed towards managing name service communications. A name service device may be arranged to employ a hardware domain name service (DNS) processor to receive a name service query. The hardware DNS processor may perform operations on the name service query. If operations performed by the hardware DNS processor do not resolve the name service query, further operations may be performed. The name service device may be arranged to provide a name service reply that includes the answer to the name service query. And, the name service device may be arranged to send the name service reply back to the hardware DNS processor. Accordingly, the hardware DNS processor on the name service device may send the name service reply that includes at least an answer to the name service query to the requesting computers.

Abstract: Methods, non-transitory computer readable media, network traffic management apparatuses, and network traffic management systems that determine when an event has occurred. The event is defined in an obtained rule and is associated in the rule with a key. The key is attached to a connection associated with received network traffic that triggered the event, when the determining indicates that the event has occurred. The connection is associated with a first layer, the key comprises an input string value or corresponds to a portion of data associated with a second layer associated with the network traffic, and the second layer is different from the first layer. The connection is then monitored to obtain statistics for the connection and store or report the statistics as associated with the key.

Abstract: Methods, non-transitory computer readable media, and mobile application manager apparatus that assists with deterministic enforcement of compliance policy includes receiving one or more compliance policy changes. An estimated time to enforce the received one or more compliance policy changes on one or more enrolled mobile devices is identified. It is determined whether the identified estimated time to enforce the received one or more compliance policy changes is acceptable based on one or more stored parameters. The received one or more compliance policy changes on the one or more enrolled mobile devices is enforced when the identified estimated time is determined to be acceptable and updating existing one or more compliancy policies with the received one or more compliance policy changes.

Abstract: Passing a reference to a first socket from a first process to a second process within a computing environment includes opening, by the first process, a second socket within the computing environment. The second socket is represented by a file in a first file system of the first process. The first process transmits a reference to the first socket to the second socket. A second file system of the second process is mapped to include the file representing the second socket. The second process reads the reference to the first socket from the file representing the second socket mapped to the second file system. The second process references the first socket using the reference to the first socket read from the file.

Abstract: A method, non-transitory computer readable medium, and health analysis apparatus that monitors network traffic exchanged with a plurality of server devices in a server pool to obtain signal data regarding a plurality of signals associated with the network traffic. A determination is made when there is a sever health anomaly for one or more of the server devices based on an application of a server health prediction model to the signal data. The server health prediction model includes a plurality of predictive health targets each based at least in part on historical signal data for one or more of the signals and having an associated threshold value. A mitigation action is initiated when the determining indicates there is a sever health anomaly for one or more of the server devices.

Abstract: Methods, non-transitory computer readable media, compliance management apparatuses, and network traffic management systems that execute a compliance check to determine when a mobile device is out of compliance. A number of mobile devices that both are out of compliance based on the violation and share a characteristic with the one mobile device is determined, when the determining indicates that the mobile device is out of compliance. A determination is made when the number of the mobile devices exceeds a threshold. Contact data associated with one or more mobile devices that are in compliance and share the characteristic is obtained, when the determining indicates that the number of mobile devices exceeds the threshold. A notification is automatically sent, using the contact data, to each of the mobile devices that share the characteristic. The notification comprises an indication of the violation and one or more precautions.

Abstract: A method, non-transitory computer readable medium and apparatus that manages web application servers includes receiving one or more changes to a compliance policy. One or more mobile application changes that is required on one or more mobile application executing on one or more mobile computing devices is determined. Next, an impact on a plurality of web application servers is determined based on the determined one or more mobile application changes and stored monitored data associated with the plurality of web application servers. A notification is provided based on the determined impact on the plurality of web application servers to manage the plurality of web application servers.

Abstract: A method, non-transitory computer readable medium, and device that provides multi-path TCP (MPTCP) proxy options includes receiving a SYN packet comprising one or more MPTCP options as a request for a new TCP connection. A new SYN packet including information from the received SYN packet is generated and the generated new SYN packet is forwarded to the server. A SYN acknowledgement including information associated with one or more supported MPTCP options is received from the server. A new SYN acknowledgement packet including the information from the received SYN acknowledgement is generated and forwarded to the requesting client computing device.

Abstract: A method, non-transitory computer readable medium and device that assist with configuring adaptive rate limit based on server health and statistics includes obtaining server health data and a current response transmission rate associated with one of the plurality of servers. An adaptive rate limit is determined based on the obtained server health data and the current response transmission rate. An actual rate and the determined adaptive rate limit is compared to determine when the actual rate of transmission is greater than the determined adaptive rate limit. A plurality of network data packets is transmitted at the determined adaptive rate limit when the actual rate of transmission is determined to be greater than the determined adaptive rate limit.

Abstract: Embodiments are directed towards using policy rules that may be extended by scripting operative on a traffic management device. Each policy rule may have a condition and a corresponding action. If the condition is a script, a script engine separate from the policy engine may be employed to execute the script to determine if the condition is met. Otherwise, the policy engine may determine if the condition is met based on declarative expressions that comprise the condition. If the condition is met the action corresponding to the policy rule may be executed. Scripts may be used to compute the values of operands that may be used in one or more of the expression that comprise a condition for a policy rule. Also, the action corresponding to a policy rule may be implemented using a script that is executed by a script engine.

Abstract: Methods, non-transitory computer readable media, network traffic management apparatuses, and network traffic management systems that utilize a reverse tunnel proxy in a cloud environment. The reverse tunnel proxy in a cloud environment automatically discovers its environment and creates an appropriate tunnel without using a public IP. The reverse tunnel proxy in a cloud environment utilizes an outgoing connection along with an initialization and channelization to connect to the cloud and accepts an incoming connection in response. In embodiments, a cloud initiates a connection and a tunnel is created without need for additional IP addresses. In embodiments, the reverse tunnel proxy in a cloud environment connects to a client as a server and a private key is stored at a server side without pushing private keys into a public environment.

Abstract: Embodiments are directed towards managing network communication. A TMC may be arranged to receive network traffic that includes cipher negotiation information from a client computer. The TMC may receive other network traffic from a server computer that may include server cipher negotiation information. The TMC provides negotiation data that may correspond to the client cipher negotiation information and other negotiation data that may correspond to the server cipher negotiation information. The TMC may store the negotiation data and the other negotiation data in a data store. Then TMC may send the server cipher negotiation information at least the client computer. If a query is received from a query client, the TMC may provide result set information based on the stored the negotiation data and the other negotiation data in the data store. The TMC may send the reporting information based on the result set information to the query client.