Abstract: For each network resource request received at a server of a cloud-based service, a determination of whether that request originated from a second network resource is made. For each such request where the network resource originated from the second network resource, a referrer indication is logged that indicates the second network resource is a referrer to that network resource. A network resource relevance dataset is generated based on the referrer indications of the second network resources. A relevance metric is associated with each second network resource based on a total number of referrer indications. A search request is received from a client device. Based at least in part on the network resource relevance dataset, search results are determined. The search results are transmitted to the client device.

Abstract: A first edge server of multiple edge servers of a distributed edge computing network receives a request from a client device regarding a resource hosted at an origin server according to an anycast implementation. The first edge server modifies the request to include identifying information for the first edge server prior to sending the request to the origin server. The origin server responds with a response packet that includes the identifying information of the first edge server. Instead of routing the response packet to the client device directly, one of the multiple edge servers receives the response packet due to the edge servers each having the same anycast address. If the edge server that receives the response packet is not the first edge server, that edge server transmits the response packet to the first edge server, who processes the response packet and transmits the response packet to the client device.

Abstract: An edge server receives a plurality of requests from a client network application for actions to be performed on a resource that is hosted at an origin server. The edge server determines request attributes of the requests and associates the request attributes with a session identifying the client network application. The edge server generates a confidence value for the client network application based at least on the determined request attributes of the plurality of requests and computed session metrics of the session. When the confidence value indicates that the client network application is malicious, the edge server performs one or more mitigation actions.

Abstract: A method and system for detection of security threats on network resources based on referrer indications are presented. A determination that a second request originated from a first network resource is performed based on second request information associated with a second request for a second network resource. In response to determining that the second request originated from the first network resource, a referrer indication that the first network resource is a referrer to the second network resource is logged. A third request for a third network resource is received. A determination that the third request is part of a cyber-attack on a second server is performed based at least in part on the referrer indication.

Abstract: A first edge server of multiple edge servers of a distributed edge computing network receives a request from a client device regarding a resource hosted at an origin server according to an anycast implementation. The first edge server modifies the request to include identifying information for the first edge server prior to sending the request to the origin server. The origin server responds with a response packet that includes the identifying information of the first edge server. Instead of routing the response packet to the client device directly, one of the multiple edge servers receives the response packet due to the edge servers each having the same anycast address. If the edge server that receives the response packet is not the first edge server, that edge server transmits the response packet to the first edge server, who processes the response packet and transmits the response packet to the client device.

Abstract: An edge server receives a plurality of requests from a client network application for actions to be performed on a resource that is hosted at an origin server. The edge server determines request attributes of the requests and associates the request attributes with a session identifying the client network application. The edge server generates a confidence value for the client network application based at least on the determined request attributes of the plurality of requests and computed session metrics of the session. When the confidence value indicates that the client network application is malicious, the edge server performs one or more mitigation actions.

Abstract: A first edge server of multiple edge servers of a distributed edge computing network receives a request from a client device regarding a resource hosted at an origin server according to an anycast implementation. The first edge server modifies the request to include identifying information for the first edge server prior to sending the request to the origin server. The origin server responds with a response packet that includes the identifying information of the first edge server. Instead of routing the response packet to the client device directly, one of the multiple edge servers receives the response packet due to the edge servers each having the same anycast address. If the edge server that receives the response packet is not the first edge server, that edge server transmits the response packet to the first edge server, who processes the response packet and transmits the response packet to the client device.