Abstract: A proxy server receives, from multiple visitors of multiple client devices, a plurality of requests for actions to be performed on identified network resources belonging to a plurality of origin servers. At least some of the origin servers belong to different domains and are owned by different entities. The proxy server and the origin servers are also owned by different entities. The proxy server analyzes each request it receives to determine whether that request poses a threat and whether the visitor belonging to the request poses a threat. The proxy server blocks those requests from visitors that pose a threat or in which the request itself poses a threat. The proxy server transmits the requests that are not a threat and is from a visitor that is not a threat to the appropriate origin server.

Abstract: A proxy server for limiting Internet connection speed of visitors that pose a threat. The proxy server receives from a client device a request to perform an action on an identified resource that is hosted at an origin server for a domain. The proxy server receives the request as a result of a DNS request for the domain resolving to the proxy server. The origin server is one of multiple origin servers that belong to different domains that resolve to the proxy server and are owned by different entities. The proxy server analyzes the request to determine whether a visitor belonging to the request poses a threat. If the proxy server determines that the visitor poses a threat, the proxy server reduces the speed at which the proxy server processes the request while keeping a connection to the client device open.

Abstract: A domain name is received from a customer. DNS is queried for multiple possible subdomains of the domain. For each subdomain that resolves, information about that subdomain's corresponding resource record is stored in a zone file that also includes a resource record for the domain name. The zone file is presented to the customer. A designation from the customer of which of the resource records are to point to an IP address of a proxy server is received. The resource records are modified according to the input of the customer and the zone file is propagated including the modified resource records.

Abstract: A proxy server receives, from multiple visitors of multiple client devices, a plurality of requests for actions to be performed on identified network resources belonging to a plurality of origin servers. At least some of the origin servers belong to different domains and are owned by different entities. The proxy server and the origin servers are also owned by different entities. The proxy server analyzes each request it receives to determine whether that request poses a threat and whether the visitor belonging to the request poses a threat. The proxy server blocks those requests from visitors that pose a threat or in which the request itself poses a threat. The proxy server transmits the requests that are not a threat and is from a visitor that is not a threat to the appropriate origin server.

Abstract: A proxy server automatically includes web applications in web pages at the network level. The proxy server receives, from a client device, a request for a network resource at a domain and is hosted at an origin server. The proxy server retrieves the requested network resource. The retrieved network resource does not include the web applications. The proxy server determines that the web applications are to be installed within the network resource. The proxy server automatically modifies the retrieved network resource to include the web applications. The proxy server transmits a response to the client device that includes the modified network resource. The network resource may remain unchanged at the origin server.

Abstract: A cloud-based proxy service identifies a denial-of-service (DoS) attack including determining that there is a potential DoS attack being directed to an IP address of the cloud-based proxy service; and responsive to determining that there are a plurality of domains that resolve to that IP address, identifying the one of the plurality of domains that is the target of the DoS attack. The domain that is under attack is identified by scattering the plurality of domains to resolve to different IP addresses, where a result of the scattering is that each of those domains resolves to a different IP address, and identifying one of those plurality of domains as the target of the DoS attack by determining that there is an abnormally high amount of traffic being directed to the IP address in which that domain resolves.

Abstract: A DNS name server manages CNAME records. The server receives a query for a first Address record for a fully qualified domain name from a requester. The server determines that the fully qualified domain name has a CNAME record, where the fully qualified domain name is a root domain. The server traverses a chain according to the CNAME record to locate a second Address record that includes an IP address. The server generates a response to the query that includes a third Address record for the fully qualified domain name that includes at least the IP address of the located second Address record. The server transmits the generated response to the requester.

Abstract: A proxy server automatically includes web applications in web pages at the network level. The proxy server receives, from a client device, a request for a network resource at a domain and is hosted at an origin server. The proxy server retrieves the requested network resource. The retrieved network resource does not include the web applications. The proxy server determines that the web applications are to be installed within the network resource. The proxy server automatically modifies the retrieved network resource to include the web applications. The proxy server transmits a response to the client device that includes the modified network resource. The network resource may remain unchanged at the origin server.

Abstract: A proxy server receives from a client device a request for a network resource that is hosted at an origin server for a domain. The request is received at the proxy server as a result of a DNS request for the domain resolving to the proxy server. The origin server is one of multiple origin servers that belong to different domains that resolve to the proxy server and are owned by different entities. The proxy server retrieves the requested network resource. The proxy server determines that the requested resource is an HTML page. The proxy server scans the HTML page to locate one or more modification tokens that each indicates content that is subject to being modified. For at least one of the located modification tokens, the proxy server automatically modifies at least a portion of the content of the HTML page that corresponds to that modification token. The proxy server then transmits the modified HTML page to the client device.

Abstract: A first server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different, second, server. The first server transmits messages between the client device and the second server where the second server has access to a private key that is not available on the first server. The first server receives from the second server a set of session key(s) used in the secure session for encrypting/decrypting communication between the client device and the first server. The session key(s) are generated using a master secret that is generated using a premaster secret generated using Diffie-Hellman public values selected by the client device and the second server. The first server uses the session key(s) to encrypt/decrypt communication with the client device.

Abstract: A near end point of presence (PoP) of a cloud proxy service receives, from a client device, a request for a network resource. A far end PoP from a plurality of PoPs of the cloud proxy service is identified. Responsive to determining that a version of the network resource is stored in the near end PoP, a request for the network resource is transmitted to the far end PoP with a version identifier that identifies that version. The far end PoP receives, from the near end PoP, a response that includes difference(s) between the version of the network resource stored in the near end PoP with a most current version of the network resource. The response does not include the entire network resource. The near end PoP applies the specified difference(s) to the version that it has stored to generate an updated version of the network resource, and transmits it to the client device.

Abstract: A proxy server in a cloud-based proxy service receives a secure session request from a client device as a result of a Domain Name System (DNS) request for a domain resolving to the proxy server. The proxy server participates in a secure session negotiation with the client device including transmitting a digital certificate to the client device that is bound to domain and multiple other domains. The proxy server receives an encrypted request from the client device for an action to be performed on a resource that is hosted at an origin server corresponding to the domain. The proxy server decrypts the request and participates in a secure session negotiation with the origin server including receiving a digital certificate from the origin server. The proxy server encrypts the decrypted request using the digital certificate from the origin server and transmits the encrypted request to the origin server.

Abstract: A proxy server for limiting Internet connection speed of visitors that pose a threat. The proxy server receives from a client device a request to perform an action on an identified resource that is hosted at an origin server for a domain. The proxy server receives the request as a result of a DNS request for the domain resolving to the proxy server. The origin server is one of multiple origin servers that belong to different domains that resolve to the proxy server and are owned by different entities. The proxy server analyzes the request to determine whether a visitor belonging to the request poses a threat. If the proxy server determines that the visitor poses a threat, the proxy server reduces the speed at which the proxy server processes the request while keeping a connection to the client device open.

Abstract: A proxy server receives from a client device a request for a network resource that is hosted at an origin server for a domain. The request is received at the proxy server as a result of a DNS request for the domain resolving to the proxy server. The origin server is one of multiple origin servers that belong to different domains that resolve to the proxy server and are owned by different entities. The proxy server retrieves the requested network resource. The proxy server determines that the requested resource is an HTML page. The proxy server scans the HTML page to locate one or more modification tokens that each indicates content that is subject to being modified. For at least one of the located modification tokens, the proxy server automatically modifies at least a portion of the content of the HTML page that corresponds to that modification token. The proxy server then transmits the modified HTML page to the client device.

Abstract: A proxy server in a cloud-based proxy service receives a secure session request from a client device as a result of a Domain Name System (DNS) request for a domain resolving to the proxy server. The proxy server participates in a secure session negotiation with the client device including transmitting a digital certificate to the client device that is bound to domain and multiple other domains. The proxy server receives an encrypted request from the client device for an action to be performed on a resource that is hosted at an origin server corresponding to the domain. The proxy server decrypts the request and participates in a secure session negotiation with the origin server including receiving a digital certificate from the origin server. The proxy server encrypts the decrypted request using the digital certificate from the origin server and transmits the encrypted request to the origin server.

Abstract: A proxy server for limiting Internet connection speed of visitors that pose a threat. The proxy server receives from a client device a request to perform an action on an identified resource that is hosted at an origin server for a domain. The proxy server receives the request as a result of a DNS request for the domain resolving to the proxy server. The origin server is one of multiple origin servers that belong to different domains that resolve to the proxy server and are owned by different entities. The proxy server analyzes the request to determine whether a visitor belonging to the request poses a threat. If the proxy server determines that the visitor poses a threat, the proxy server reduces the speed at which the proxy server processes the request while keeping a connection to the client device open.

Abstract: A first packet of a first protocol version type that includes an incoming request for an action to be performed on an identified resource is received from a client at a proxy server as a result of a DNS request resolving to a network address of the proxy server. The proxy server transmits an outgoing request for the action to be performed on the identified resource to a network address of the destination origin server in a second packet that is of the second protocol version type. The proxy server receives a third packet that includes an incoming response from the destination origin server, the third packet being of the second protocol version type. The proxy server transmits a fourth packet to the client, the fourth packet being of the first protocol version type, wherein the fourth packet includes an outgoing response that is based on the incoming response.

Abstract: A first server receives a set of cryptographic parameters from a second server. The set of cryptographic parameters is received from the second server as part of a secure session establishment between a client device and the second server. The first server accesses a private key that is not stored on the second server. The first server signs the set of cryptographic parameters using the private key. The first server transmits the signed set of cryptographic parameters to the second server. The first server receives, from the second server, a request to generate a premaster secret using a value generated by the second server that is included in the request and generates the premaster secret. The first server transmits the premaster secret to the second server for use in the secure session establishment between the client device and the second server.

Abstract: A near end point of presence (PoP) of a cloud proxy service receives, from a client device, a request for a network resource. A far end PoP from a plurality of PoPs of the cloud proxy service is identified. Responsive to determining that a version of the network resource is stored in the near end PoP, a request for the network resource is transmitted to the far end PoP with a version identifier that identifies that version. The far end PoP receives, from the near end PoP, a response that includes difference(s) between the version of the network resource stored in the near end PoP with a most current version of the network resource. The response does not include the entire network resource. The near end PoP applies the specified difference(s) to the version that it has stored to generate an updated version of the network resource, and transmits it to the client device.

Abstract: A proxy server receives from a client device a request for a network resource hosted at an origins server for a domain. The request is received at the proxy server as a result of a DNS request for the domain resolving to the proxy server. The origin server is one of multiple origin servers that belong to different domains and resolve to the proxy server and are owned by different entities. The proxy server requests the network resource from the origin server. The proxy server receives a response from the origin server that indicates that the network resource is unavailable. The proxy server transmits a custom error page to the client device that indicates that the requested resource is unavailable.