Abstract: In an embodiment, a distributed firewall that learns from traffic patterns to prevent attacks is configured to receive traffic comprising one or more uniform resource identifiers (URIs), where a URI of the one or more URIs includes one or more parameters and one or more corresponding values. The firewall is configured to classify the corresponding value(s) using a pre-configured classifier and obtain a statistical rule that specifies an allowable type and an allowable length for traffic containing the one or more parameters, where the statistical rule is generated based on the classification. The firewall is configured to apply the statistical rule to incoming traffic to allow or drop requests comprising the parameter(s).

Abstract: In an embodiment, a statistical approach for augmenting signature detection in a Web application firewall includes receiving a new request including a parameter in a uniform resource identifier (URI), tokenizing the new request, and determining a compound probability that tokens in a value that is associated with the parameter of the URI and that is included in the new request are associated with an attack. The compound probability is determined based at least in part on component probabilities of tokens of historical values associated with the parameter of the URI.

Abstract: A technique for content proxying is described. The technique includes receiving from a first device a stream of data. The stream of data is formatted in a format that does not indicate content length in a header. A received payload of the stream of data is encoded into a data chunk including a chunk length header and the received payload. The data chunk is forwarded to a second device that does not support the format.

Abstract: A method and system are disclosed. A first service engine among a plurality of service engines detects a traffic violation of a web application policy for an instantiation of a virtual service on the first service engine. The service engines maintain corresponding instances of a shared state of policy violations for the web application policy. In response to detecting the traffic violation, a first instance of the shared state on the first service engine is updated. The first service engine broadcasts the updated first instance of the shared state. Remaining service engines, which have instantiations of the virtual service, update their instances of the shared state in response to receiving the updated first instance. The instances of the shared state are aggregated to obtain an aggregated shared state. It is detected whether the aggregated shared state triggers an application policy rule for the web application policy.

Abstract: In an embodiment, a distributed firewall that learns from traffic patterns to prevent attacks is configured to receive traffic comprising one or more uniform resource identifiers (URIs), where a URI of the one or more URIs includes one or more parameters and one or more corresponding values. The firewall is configured to classify the corresponding value(s) using a pre-configured classifier and obtain a statistical rule that specifies an allowable type and an allowable length for traffic containing the one or more parameters, where the statistical rule is generated based on the classification. The firewall is configured to apply the statistical rule to incoming traffic to allow or drop requests comprising the parameter(s).

Abstract: A custom metrics technique includes: accessing a packet; processing the packet using a packet processing pipeline of a service engine in a distributed network service platform, including: reaching a pre-specified point in the packet processing pipeline; inserting, in the packet processing pipeline, script code that corresponds to the pre-specified point; executing the script code to collect at least metric-related data associated with a user-specified metric object; and executing remaining packet processing pipeline.

Abstract: A technique for content proxying is described. The technique includes receiving from a first device a stream of data. The stream of data is formatted in a format that does not indicate content length in a header. A received payload of the stream of data is encoded into a data chunk including a chunk length header and the received payload. The data chunk is forwarded to a second device that does not support the format.

Abstract: In an embodiment, a method of payload matching via a single pass transformation of an HTTP payload includes receiving a payload packet destined for a recipient and parsing the payload packet in a single scan of the packet using a combined regular expression. The combined regular expression includes a plurality of regular expressions that correspond to a set of replacement rules. The method includes determining a scatter-gather list conforming to the rule, constructing a new payload packet based on the scatter-gather list, and sending the new payload packet to the recipient.

Abstract: In an embodiment, a statistical approach for augmenting signature detection in a Web application firewall includes receiving a new request including a parameter in a uniform resource identifier (URI), tokenizing the new request, and determining a compound probability that tokens in a value that is associated with the parameter of the URI and that is included in the new request are associated with an attack. The compound probability is determined based at least in part on component probabilities of tokens of historical values associated with the parameter of the URI.

Abstract: In an embodiment, a method of payload matching via a single pass transformation of an HTTP payload includes receiving a payload packet destined for a recipient and parsing the payload packet in a single scan of the packet using a combined regular expression. The combined regular expression includes a plurality of regular expressions that correspond to a set of replacement rules.

Abstract: Load balancing includes receiving, from a client, a connection request to establish a connection with a server; determining load balancing state information based at least in part on the connection request; synchronizing the load balancing state information across a plurality of service engines using a distributed data store service, the distributed data store service being configured to: determine whether in a distributed data store there is an existing entry that corresponds to the load balancing state information; in the event that it is determined that in the distributed data store there is no existing entry that corresponds to the load balancing state information, atomically create a new entry based on the load balancing state information; and distributing the connection to a selected server among a plurality of servers, the selected server being selected based at least in part on the load balancing state information.

Abstract: Load balancing includes receiving, from a client, a connection request to establish a connection with a server; determining load balancing state information based at least in part on the connection request; synchronizing the load balancing state information across a plurality of service engines using a distributed data store service, the distributed data store service being configured to: determine whether in a distributed data store there is an existing entry that corresponds to the load balancing state information; in the event that it is determined that in the distributed data store there is no existing entry that corresponds to the load balancing state information, atomically create a new entry based on the load balancing state information; and distributing the connection to a selected server among a plurality of servers, the selected server being selected based at least in part on the load balancing state information.

Abstract: Load balancing includes receiving, from a client, a connection request to establish a connection with a server; determining load balancing state information based at least in part on the connection request; synchronizing the determined load balancing state information across a plurality of service engines, including to invoke an atomic read-miss-create (RMC) function on a distributed data store service; and distributing the connection to a selected server among a plurality of servers according to a result of the RMC function.

Abstract: Load balancing includes receiving, from a client, a connection request to establish a connection with a server; determining load balancing state information based at least in part on the connection request; synchronizing the determined load balancing state information across a plurality of service engines, including to invoke an atomic read-miss-create (RMC) function on a distributed data store service; and distributing the connection to a selected server among a plurality of servers according to a result of the RMC function.

Abstract: In one embodiment, the present invention includes a method for determining from a data block in a buffer a number of first operands in a first portion of the buffer and a number of second operands in a second portion of the buffer. Based on these numbers, a cyclic redundancy checksum (CRC) operation may be iteratively performed on the first and second operands to obtain a checksum result. The first and second operands are of a different length, and the checksum operation may be executed using processor instructions corresponding to the different lengths. Other embodiments are described and claimed.

Abstract: In one embodiment, the present invention includes a method for determining from a data block in a buffer a number of first operands in a first portion of the buffer and a number of second operands in a second portion of the buffer. Based on these numbers, a cyclic redundancy checksum (CRC) operation may be iteratively performed on the first and second operands to obtain a checksum result. The first and second operands are of a different length, and the checksum operation may be executed using processor instructions corresponding to the different lengths. Other embodiments are described and claimed.

Abstract: In one embodiment, the present invention includes a method for determining from a data block in a buffer a number of first operands in a first portion of the buffer and a number of second operands in a second portion of the buffer. Based on these numbers, a cyclic redundancy checksum (CRC) operation may be iteratively performed on the first and second operands to obtain a checksum result. The first and second operands are of a different length, and the checksum operation may be executed using processor instructions corresponding to the different lengths. Other embodiments are described and claimed.

Abstract: Techniques to issue a single application programming interface (API) to request both data copy and CRC validation operations. In some embodiments, a receiver of the API may observe which logic (e.g., software or hardware and/or combinations of software and hardware) is available to execute instructions for data copy and CRC validation operations.

Abstract: In one embodiment, the present invention includes a method for determining from a data block in a buffer a number of first operands in a first portion of the buffer and a number of second operands in a second portion of the buffer. Based on these numbers, a cyclic redundancy checksum (CRC) operation may be iteratively performed on the first and second operands to obtain a checksum result. The first and second operands are of a different length, and the checksum operation may be executed using processor instructions corresponding to the different lengths. Other embodiments are described and claimed.

Abstract: Techniques are described herein that may be used to instruct a network component to determine an integrity validation value over information as well as when to include the determined integrity validation value in a network protocol unit to be transmitted. For example, in some implementations, the network component may generate a cyclical redundancy checking (CRC) value. The value may be determined by the network component across multiple segments of information and independent of the utilized protocol.