A proxy server receives from a client network application a request for an action to be performed on an identified network resource of a domain of an origin server. The request is received at the proxy server as a result of a DNS request for the domain returning an IP address of the proxy server. The proxy server determines that the first request is indicative of being from a bot. Responsive to this determination, the proxy server transmits a block page to the client network application that includes a mechanism to allow a human user of the client network application to provide input that indicates that they are human and not a bot. If the proxy server does not receive input from the client network application through the mechanism in the block page that indicates that the first request is not from a bot, the proxy server blocks the request.

A method for overcoming intermittent, temporary, or other fetching failures by using multiple attempts for retrieving a content from a web server to a client device is disclosed. The URL fetching may use direct or non-direct fetching schemes, or a combination thereof. The non-direct fetching method may use intermediate devices, such as proxy server, Data-Center proxy server, tunnel devices, or any combination thereof. Upon sensing a failure of a fetching action, the action is repeated using the same or different parameters or attributes, such as by using different intermediate devices, selected based on different parameters or attributes, such as different countries. The repetitions are limited to a pre-defined maximum number or attempts. The fetching attempts may be performed by the client device, by an intermediate device in a non-direct fetching scheme, or a combination thereof. Various fetching schemes may be used sequentially until the content is retrieved.

Network devices that are inserted inline into network links and process in-transit packets may significantly improve their packet-throughput performance by not assigning L3 IP addresses and L2 MAC addresses to their network interfaces and thereby process packets through a logical fast path that bypasses the slow path through the operating system kernel. When virtualizing such Bump-In-The-Wire (BITW) devices for deployment into clouds, the network interfaces must have L3 IP and L2 MAC addresses assigned to them. Thus, packets are processed through the slow path of a virtual BITW device, significantly reducing the performance. By adding new logic to the virtual BITW device and/or configuring proxies, addresses, subnets, and/or routing tables, a virtual BITW device can process packets through the fast path and potentially improve performance accordingly. For example, the virtual BITW device may be configured to enforce a virtual path (comprising the fast path) through the virtual BITW device.

A method for overcoming intermittent, temporary, or other fetching failures by using multiple attempts for retrieving a content from a web server to a client device is disclosed. The URL fetching may use direct or non-direct fetching schemes, or a combination thereof. The non-direct fetching method may use intermediate devices, such as proxy server, Data-Center proxy server, tunnel devices, or any combination thereof. Upon sensing a failure of a fetching action, the action is repeated using the same or different parameters or attributes, such as by using different intermediate devices, selected based on different parameters or attributes, such as different countries. The repetitions are limited to a pre-defined maximum number or attempts. The fetching attempts may be performed by the client device, by an intermediate device in a non-direct fetching scheme, or a combination thereof. Various fetching schemes may be used sequentially until the content is retrieved.

The disclosed computer-implemented method may include (1) creating, at a proxy node within an IP network, a proxy group that includes a plurality of network nodes within a subnet of the IP network that are represented by a pseudo MAC address, (2) receiving a neighbor solicitation from a network node included in the proxy group, (3) identifying, within the neighbor solicitation, a link-layer address of the network node that sent the neighbor solicitation, (4) modifying the neighbor solicitation by replacing the link-layer address of the network node with the pseudo MAC address of the proxy group, and then (5) forwarding the modified neighbor solicitation to another network node included in the proxy group to facilitate completion of an NDP process in which the other network node responds to the modified neighbor solicitation with a neighbor advertisement proxied by the proxy node. Various other methods, systems, and apparatuses are also disclosed.

A mobile device identifies multiple, different networks available to a client resident on the mobile device, and sends multiple registration messages to an outbound proxy over the multiple, different networks via first, second and third communication interfaces. The mobile device determines whether access has been lost to a first network of the multiple different networks, and sends an invite message via the second communication interface, based on the determination, for an outbound call via a second network of the multiple, different networks for routing the outbound call via the second network.

A proxy server receives from a client device a request for a network resource that is hosted at an origin server for a domain. The request is received at the proxy server as a result of a DNS request for the domain resolving to the proxy server. The origin server is one of multiple origin servers that belong to different domains that resolve to the proxy server and are owned by different entities. The proxy server retrieves the requested network resource. The proxy server determines that the requested resource is an HTML page, automatically modifies the HTML page, and transmits the modified HTML page to the client device.

A system and method for content request monitoring and filtering for a plurality of managed devices in a managed network uses a smart PAC file that is uniquely associated with a particular user using a particular managed device and a DNS look up to perform both the logging/monitoring of the content request and the filtering without a hardware appliance or partial proxying.

A triggering event correlated with domain name system (DNS) requests is identified. In response to the identification, DNS answers to the DNS requests are resolved. A determination is made that a part of the answers or the DNS requests is missing from a list of acceptable parts. In response to determining that the part is missing, an action is performed.

This specification generally relates to methods and systems for applying network policies to devices based on their current access network. One example method includes identifying a proxy connection request sent from a particular client device to a proxy server over a network, the proxy connection request including a hostname and configured to direct the proxy server to establish communication with the computer identified by the hostname on behalf of the client device; determining an identity of the client device based on the proxy connection request; identifying a domain name system (DNS) response to a DNS request including the hostname from the proxy connection request; and updating DNS usage information for the particular client based on the identified DNS response including the hostname from the proxy connection request.