Abstract: An example inline frame monitor is disclosed. The inline frame monitor injects monitoring logic into a document object model to monitor an activity within a dynamically loaded inline frame of a web page. Data regarding the activity within the dynamically loaded inline frame is received. A policy is applied to validate or invalidate the activity within the dynamically loaded inline frame.

Abstract: Techniques are described herein that are capable of load-balancing establishment of connections among groups of connector servers in a public computer network by performing operations that include receiving a connection request from a connector client in a private computer network, requesting establishment of a connection between the connector client and one of the connector servers in the public computer network. A number of connections between the private computer network and each group is determined. An identified group is selected from the groups based at least in part on a number of connections between the private computer network and the identified group being less than or equal to a number of connections between the private computer network and each other group. The connection request is provided toward the identified group, which enables establishment of the connection between the connector client and a connector server in the identified group.

Abstract: The disclosure is directed towards proxy services for the secure uploading of file-system tree structures. A method includes receiving, at a web security service, an indication that client device to upload content to a storage cloud provider. The proxy service performs a security scan of the content while the content is stored on the client device. A security and/or a privacy concern is identified in the content stored on the client device. A security and/or privacy mitigation action is performed in response to identifying the security and/or privacy concern.

Abstract: Methods, systems, and computer storage media for providing a local protocol server associated with a secure networking engine that provides client-side forwarding in a secure networking system. The local protocol server (e.g., local TCP/UDP server)—on a client device—operates based on client-side forwarding operations that include: IP assignment, operating system (OS) routing, destination network address translation, and original destination retrieval to support accessing a network resource (e.g., socket connection) on the client device and support communications between client applications on the client device and the local protocol server on the same client device. In this way, the local protocol server supports communications of a diverse set of data traffic or network traffic (e.g.

Abstract: A computer-implemented method includes receiving, by a proxy device, a document from a service provider in response to a request to the service provider from a client device. The proxy device injects into the document event monitoring code for monitoring user actions on the client device. The proxy device sends the document with the event monitoring code to the client device. The event monitoring code intercepts a user request for a file upload event using a client-side application on the client device. The proxy device receives a client request including file information regarding the file upload event from the event monitoring code. The proxy device determines whether the file upload event should be allowed or blocked based on the received file information and stored policy data.

Abstract: A proxy server to receive a request from a client to a webserver and a response corresponding with the request from the webserver to the client is disclosed. The request is wrapped, and a wrapped request is received at the proxy server. The wrapped request is read at the proxy server. Metadata is added to a response corresponding with the wrapped request at the proxy server. The metadata can be based on the read wrapped request or the corresponding response.

Abstract: Techniques are described herein that are capable of providing offline support for a database cluster that includes online nodes and an offline-compatible node. For example, an operation may be performed with regard to information, which is stored by the offline-compatible node while the offline-compatible node is not connected to the online nodes via the network, based at least in part on the offline-compatible node being connected to the online nodes. In another example, an operation may be performed with regard to information, which is stored by any one or more of the online nodes while the offline-compatible node is not connected to the online nodes via the network, based at least in part on the offline-compatible node being connected to the online nodes.

Abstract: A computer-implemented method includes receiving, by a proxy device, a document from a service provider in response to a request to the service provider from a client device. The proxy device injects into the document event monitoring code for monitoring user actions on the client device. The proxy device sends the document with the event monitoring code to the client device. The event monitoring code intercepts a user request for a file upload event using a client-side application on the client device. The proxy device receives a client request including file information regarding the file upload event from the event monitoring code. The proxy device determines whether the file upload event should be allowed or blocked based on the received file information and stored policy data.

Abstract: Methods and systems are provided for a client computing device including a browser that renders a web page. Program code generates a mock upload event and a corresponding mock data transfer object for uploading data using the web page. The mock upload event and the corresponding mock data transfer object are propagated to an upload event listener of the web page and executed. Prior to generating the mock upload event and corresponding mock data transfer object, an embedded upload event listener may receive an upload event, read the upload event, drop the received upload event from an event handler pipeline, and call synchronously or asynchronously, code to perform logic on the received upload event for the generation of the mock upload event and a corresponding mock data transfer object.

Abstract: A proxy server to receive a request from a client to a webserver and a response corresponding with the request from the webserver to the client is disclosed. The request is wrapped, and a wrapped request is received at the proxy server. The wrapped request is read at the proxy server. Metadata is added to a response corresponding with the wrapped request at the proxy server. The metadata can be based on the read wrapped request or the corresponding response.

Abstract: A file is enabled to be downloaded from a web server on behalf of a client browser, via an isolated browser of an RBI server. An isolated browser engine detects the file download and notifies an isolated browser controller. The isolated browser controller determines whether the file download is permitted. Responsive to determining that the file download is not permitted, the file is deleted at the RBI server and a policy event is transmitted to the client browser. Responsive to determining that the file download is permitted, the file is transmitted to the client browser. The file may be streamed to the client browser, or it may be published via an independent web server and a notification is transmitted to the client browser. The client browser is controlled to issue a request to the independent web server to download the file to the client browser.

Abstract: Methods and systems are provided for a client computing device including a browser that renders a web page. Program code generates a mock upload event and a corresponding mock data transfer object for uploading data using the web page. The mock upload event and the corresponding mock data transfer object are propagated to an upload event listener of the web page and executed. Prior to generating the mock upload event and corresponding mock data transfer object, an embedded upload event listener may receive an upload event, read the upload event, drop the received upload event from an event handler pipeline, and call synchronously or asynchronously, code to perform logic on the received upload event for the generation of the mock upload event and a corresponding mock data transfer object.

Abstract: Techniques are described herein that are capable of providing offline support for a database cluster that includes online nodes and an offline-compatible node. For example, an operation may be performed with regard to information, which is stored by the offline-compatible node while the offline-compatible node is not connected to the online nodes via the network, based at least in part on the offline-compatible node being connected to the online nodes. In another example, an operation may be performed with regard to information, which is stored by any one or more of the online nodes while the offline-compatible node is not connected to the online nodes via the network, based at least in part on the offline-compatible node being connected to the online nodes.

Abstract: Methods for dynamic forward proxy chaining are performed by systems and devices. A forward proxy server receives an electronic communication message that includes destination information in a header and payload information. Destination information includes an ordered set of subsequent destination identifiers associated with subsequent forward proxy servers and an ultimate destination identifier for the electronic communication message. The destination information in the electronic communication message is modified by the forward proxy server to generate a modified electronic communication message. Based on proxy operations performed by the forward proxy server, destination information is modified by removing destinations, adding destinations, altering ports for destinations, and other modifications.

Abstract: Methods, systems, apparatuses, and computer-readable storage mediums are described for performing malware detection and mitigation on behalf of a client device by a forward proxy server. For example, the client device is configured to route network traffic through the forward proxy server. The forward proxy server is configured to detect file transfer operations between the client device and a destination server. Responsive to detecting a file transfer operation, the forward proxy server obtains a copy of the file to be transferred and provides it to a malware identification service, which analyzes the file for malware. The malware identification service may execute on the forward proxy server or another server communicatively coupled thereto. Responsive to determining that the file has been compromised with malware, the forward proxy server performs one or more actions to mitigate the malware.

Abstract: Sharing context between web frames increases consistent application of security policies, without requiring changes to a document object model. A proxy receives a first request implicating a first web frame and its URL, potentially issues a sub-request and gets a sub-response, and creates a first response to the first request, including a context in frame creation or frame navigation code. Thus, context such as a domain identification is made available for sharing between the first web frame and a second web frame without altering a document object model of a web page of the first web frame, and without imposing a same-origin policy workaround. Sharing the context allows the proxy to ascertain a policy based on the context, so it can apply the policy in reactions to subsequent requests. Context sharing allows window frames to be associated together in the proxy, and informs browser rendering.

Abstract: Techniques are described herein that are capable of implementing a client-side policy on client-side logic. The client-side policy is configured to support client-side hooks by configuring a rule in the client-side policy to be applied to the client-side logic, which is configured to be executed in a browser of a client device in a network-based system. The rule indicates an administrator-defined action to be performed in response to a request to execute the client-side logic. The request to execute the client-side logic in the browser is received. The administrator-defined action is performed based at least in part on the rule in the client-side policy in response to receipt of the request.

Abstract: Providing fluid external access to a resource that is internal to a network from external to that network. From within the network, the internal user simply provides an internal identifier, and the external user accesses not the internal identifier, but an external uniform resource identifier (URL) that the external user can simply select to obtain access to the internal resource of the network. This is accomplished by translating the internal identifier to an external URL having a proxy server as its domain name. When the external URL selects the URL, a request with that external URL is made to the proxy server, which translates the external URL back to the internal identifier, and coordinates with the network to obtain the resource for the external user.

Abstract: Methods and systems are provided for a browser in a client device that receives a user interface script-code snippet from a web page. A chain logic engine determines whether an in-memory map indicates an output value of prior execution of the UI script-code snippet. If the in-memory map does indicate the output value, it is returned from the in-memory map to generate the user interface. If not, the engine determines whether an in-local storage map indicates the prior executed snippet output. If the in-local storage map indicates the prior executed snippet output, it is returned from the in-local storage map to generate the user interface, and it is stored in the in-memory map. If not, the UI script-code snippet is executed to generate the output value, which is used to generate the user interface, and is stored in the in-memory map and in the in-local storage map.

Abstract: Methods, systems and computer program products are provided for service to service SSH with authentication and SSH session reauthentication. A client service initiates an SSH session by automatically providing authentication information to an authentication provider service, which returns access information. The client service uses an SSH client to automatically provide the access information to an SSH server, which receives and validates the access information. A service-to-service SSH session is created between the SSH client and SSH server. The client service and a server service may communicate securely via the service-to-service SSH session. Security may be maintained for any type of SSH connection (e.g., user to service, service to service) by periodically and automatically providing and validating reauthentication and refresh information. AN SSH connection/session is maintained if periodic access information is validated.