Abstract: A method and system for authenticating answers to Domain Name System (DNS) queries originating from recursive DNS servers are provided. A verification component provides a verification that a DNS query originated from the recursive DNS server. An authoritative DNS server receives the query via a network, such as the Internet, and provides an answer to the query to an authentication component. The authentication component then provides an authentication, such as a digital signature, which confirms that the received answer was provided by the authoritative DNS server, and then communicates the answer and the authentication to the verification component via the network. The verification component then verifies that the authentication corresponds to the received answer and sends the answer to the recursive DNS server. When the verification component receives an answer in the absence of a corresponding authentication, the verification component drops the answer.

Abstract: Disclosed herein are enhancements for operating a web application firewall to reduce load. In one implementation, a method of operating a content server for a web application comprising running a web accelerator with a plurality of threads on the content server. The method further provides receiving a request for content which will be provided to a web application, filtering the request and determining that the content will be requested from a second server. After determining that the content will be requested from a second server, reviewing the request with a web application firewall operating at a network layer 7, forwarding the request, receiving the content, and providing the content. Further, the web application firewall is controlled by a plurality of sets of rules, which can be updated without restarting the web accelerator.

Abstract: Disclosed herein are enhancements for operating a web application firewall to reduce load. In one implementation, a method of operating a content server for a web application comprising running a web accelerator with a plurality of threads on the content server. The method further provides receiving a request for content which will be provided to a web application, filtering the request and determining that the content will be requested from a second server. After determining that the content will be requested from a second server, reviewing the request with a web application firewall operating at a network layer 7, forwarding the request, receiving the content, and providing the content. Further, the web application firewall is controlled by a plurality of sets of rules, which can be updated without restarting the web accelerator.

Abstract: A client application establishes a connection between the client application and an origin server over one or more networks. The application generates a request to establish a secure session with the origin server over the connection. The request includes information, in a header of the request, that flags traffic sent during the secure session to a network of the one or more networks as subject to one or more optimizations performed by the network. Subsequent to establishing the secure session, the application encrypts the traffic in accordance with the secure session and sends the traffic to the origin server over the connection, subject to the one or more optimizations. The infrastructure service applies the one or more optimizations to the traffic as it passes through the edge network to the origin server.

Abstract: Systems and methods for server authentication in a content delivery network are provided. Various embodiments include a content delivery network obtaining multiple digital certificates from multiple certificate authorities. When a client attempts to access the content delivery network, the network serves the client a digital certificate and then monitors the authentication of the certificate. If the authentication fails, the content delivery network serves the client another digital certificate that was issued from a different certificate authority. In other embodiments, the content delivery network constantly monitors the function of each certificate authority. The content delivery network constantly pings each certificate authority. If any one of the certificate authorities fails to respond to the pings, the content delivery network will presume the certificate authority is non-operational and will stop using certificates from the non-operational certificate authorities until they resume operation.

Abstract: Systems and methods for server authentication in a content delivery network are provided. Various embodiments include a content delivery network obtaining multiple digital certificates from multiple certificate authorities. When a client attempts to access the content delivery network, the network serves the client a digital certificate and then monitors the authentication of the certificate. If the authentication fails, the content delivery network serves the client another digital certificate that was issued from a different certificate authority. In other embodiments, the content delivery network constantly monitors the function of each certificate authority. The content delivery network constantly pings each certificate authority. If any one of the certificate authorities fails to respond to the pings, the content delivery network will presume the certificate authority is non-operational and will stop using certificates from the non-operational certificate authorities until they resume operation.

Abstract: Disclosed herein are enhancements for operating a web application firewall to reduce load. In one implementation, a method of operating a content server for a web application comprising running a web accelerator with a plurality of threads on the content server. The method further provides receiving a request for content which will be provided to a web application, filtering the request and determining that the content will be requested from a second server. After determining that the content will be requested from a second server, reviewing the request with a web application firewall operating at a network layer 7, forwarding the request, receiving the content, and providing the content. Further, the web application firewall is controlled by a plurality of sets of rules, which can be updated without restarting the web accelerator.

Abstract: A client application establishes a connection between the client application and an origin server over one or more networks. The application generates a request to establish a secure session with the origin server over the connection. The request includes information, in a header of the request, that flags traffic sent during the secure session to a network of the one or more networks as subject to one or more optimizations performed by the network. Subsequent to establishing the secure session, the application encrypts the traffic in accordance with the secure session and sends the traffic to the origin server over the connection, subject to the one or more optimizations. The infrastructure service applies the one or more optimizations to the traffic as it passes through the edge network to the origin server.

Abstract: A method and system for authenticating answers to Domain Name System (DNS) queries originating from recursive DNS servers are provided. A verification component provides a verification that a DNS query originated from the recursive DNS server. An authoritative DNS server receives the query via a network, such as the Internet, and provides an answer to the query to an authentication component. The authentication component then provides an authentication, such as a digital signature, which confirms that the received answer was provided by the authoritative DNS server, and then communicates the answer and the authentication to the verification component via the network. The verification component then verifies that the authentication corresponds to the received answer and sends the answer to the recursive DNS server. When the verification component receives an answer in the absence of a corresponding authentication, the verification component drops the answer.

Abstract: Systems and methods for server authentication in a content delivery network are provided. Various embodiments include a content delivery network obtaining multiple digital certificates from multiple certificate authorities. When a client attempts to access the content delivery network, the network serves the client a digital certificate and then monitors the authentication of the certificate. If the authentication fails, the content delivery network serves the client another digital certificate that was issued from a different certificate authority. In other embodiments, the content delivery network constantly monitors the function of each certificate authority. The content delivery network constantly pings each certificate authority. If any one of the certificate authorities fails to respond to the pings, the content delivery network will presume the certificate authority is non-operational and will stop using certificates from the non-operational certificate authorities until they resume operation.

Abstract: Disclosed herein are enhancements for operating a web application firewall to reduce load. In one implementation, a method of operating a content server for a web application comprising running a web accelerator with a plurality of threads on the content server. The method further provides receiving a request for content which will be provided to a web application, filtering the request and determining that the content will be requested from a second server. After determining that the content will be requested from a second server, reviewing the request with a web application firewall operating at a network layer 7, forwarding the request, receiving the content, and providing the content. Further, the web application firewall is controlled by a plurality of sets of rules, which can be updated without restarting the web accelerator.

Abstract: A client application establishes a connection between the client application and an origin server over one or more networks. The application generates a request to establish a secure session with the origin server over the connection. The request includes information, in a header of the request, that flags traffic sent during the secure session to a network of the one or more networks as subject to one or more optimizations performed by the network. Subsequent to establishing the secure session, the application encrypts the traffic in accordance with the secure session and sends the traffic to the origin server over the connection, subject to the one or more optimizations. The infrastructure service applies the one or more optimizations to the traffic as it passes through the edge network to the origin server.

Abstract: A method and system for authenticating answers to Domain Name System (DNS) queries originating from recursive DNS servers provided. A verification component provides a versification that a DNS query originated from the recursive DNS server. An authoritative DNS server receives the query via a network, such as the Internet, provides an answer to the query to an authentication component. The authentication component then provides an authentication such as a digital signature, which confirms that the received answer was provided by the authoritative DNS server, and then communicates the answer and the authentication to the verification component via the network. The verification component then verifies that the authentication corresponds to the receive answer and sends the answer to the recursive DNS server. When the verification component receives an answer in the absence of a corresponding authentication the verification component drops the answer.

Abstract: Systems, methods, apparatuses, and software for operating content delivery networks are provided herein. In one example, a method of operating a domain name translation node in a first point-of-presence of a content delivery network is presented. The method includes receiving a translation message issued by an end user device for translation of a domain name into a content network address, and processing the translation message to identify a network address of a node that transferred the translation message. The method also includes selecting the content network address based at least in part on correlations between network addresses and performance factors to direct the end user device to a target cache node at a point-of-presence different than the point-of-presence of the domain name translation node, and transferring a response message indicating the content network address which directs the end user device to the target cache node at the second point-of-presence.

Abstract: A client application establishes a connection between the client application and an origin server over one or more networks. The application generates a request to establish a secure session with the origin server over the connection. The request includes information, in a header of the request, that flags traffic sent during the secure session to a network of the one or more networks as subject to one or more optimizations performed by the network. Subsequent to establishing the secure session, the application encrypts the traffic in accordance with the secure session and sends the traffic to the origin server over the connection, subject to the one or more optimizations. The infrastructure service applies the one or more optimizations to the traffic as it passes through the edge network to the origin server.

Abstract: Systems, methods, apparatuses, and software for operating content delivery networks are provided herein. In one example, a method of operating a domain name translation node in a first point-of-presence of a content delivery network is presented. The method includes receiving a translation message issued by an end user device for translation of a domain name into a content network address, and processing the translation message to identify a network address of a node that transferred the translation message. The method also includes selecting the content network address based at least in part on correlations between network addresses and performance factors to direct the end user device to a target cache node at a point-of-presence different than the point-of-presence of the domain name translation node, and transferring a response message indicating the content network address which directs the end user device to the target cache node at the second point-of-presence.

Abstract: A content delivery network is configured to receive information about wireless network conditions from a wireless device. The wireless device is configured to provide information about the conditions of the wireless device and/or the conditions of the network the wireless device is being served by. These conditions can then be used to help optimize content delivery to the wireless device or similarly situated wireless devices.

Abstract: Systems and methods are disclosed for providing distributed denial-of-service (DDoS) mitigation service. The systems and methods may receive a request to access a web server from a user host, generate an integrated user challenge page including a user challenge test and a web page image of the web server, and transmits the integrated user challenge page to the user host. The systems and methods may further receive an answer to the user challenge test from the user host, determine whether the answer to the user challenge test is correct or not. When the answer to the user challenge test is correct, the systems and methods may establish a connection between the user host and the web server.

Abstract: Disclosed herein are enhancements for operating a web application firewall to reduce load. In one implementation, a method of operating a content server for a web application comprising running a web accelerator with a plurality of threads on the content server. The method further provides receiving a request for content which will be provided to a web application, filtering the request and determining that the content will be requested from a second server. After determining that the content will be requested from a second server, reviewing the request with a web application firewall operating at a network layer 7, forwarding the request, receiving the content, and providing the content. Further, the web application firewall is controlled by a plurality of sets of rules, which can be updated without restarting the web accelerator.

Abstract: Systems, methods, apparatuses, and software for operating content delivery networks are provided herein. In one example, a method of operating a domain name translation node in a first point-of-presence of a content delivery network is presented. The method includes receiving a translation message issued by an end user device for translation of a domain name into a content network address, and processing the translation message to identify a network address of a node that transferred the translation message. The method also includes selecting the content network address based at least in part on correlations between network addresses and performance factors to direct the end user device to a target cache node at a point-of-presence different than the point-of-presence of the domain name translation node, and transferring a response message indicating the content network address which directs the end user device to the target cache node at the second point-of-presence.