A security service to verify a network resource accessed from a resource address in an application at client device is disclosed. The resource address is converted into a proxy address with a suffix domain of a proxy server. The proxy server is coupled to the client device. The network resource is verified at the proxy server.

A method may include receiving an outbound communication directed to one or more recipient addresses from a communications infrastructure hosting the true address for the user. A server or similar intermediary may generate an alias address for each recipient address in an outbound communication so that each recipient may communicate with the true address using a unique reply channel. A discrete security state may be assigned as a security attribute to each such alias address. The discrete security state, which can be controlled by the user and stored, e.g., at the intermediate server, establishes rules for controlling communications from one of the recipient addresses through the communications infrastructure to the true address via one of the alias addresses. Once an alias and a security state are assigned in this manner to facilitate handling of responsive communications, the outbound communication may be forwarded to recipient addresses through the communication network.

A server-side technique to detect and mitigate client-side content filtering, such as ad blocking. In operation, the technique operates on a server-side of a client-server communication path to provide real-time detect the existence of a client filter (e.g., an ad blocker plug-in) through transparent request exchanges, and then to mitigate (defeat) that filter through one or operations designed to modify the HTML response body or otherwise obscure URLs. Preferably, the publisher (the CDN customer) defines one or more criteria of the page resources being served by the overlay (CDN) and that need to be protected against the client-side filtering.

This disclosure provides techniques to support Internet Protocol (IP) Multimedia Subsystem (IMS) virtual clients (14) in a multi-operator environment. More specifically, the present disclosure provides new subscription types that can be utilized for serving IMS clients in enterprise communication systems. The improved type of subscription enables compatible IMS service providers (16, 18) to comprehend an enterprise-generated domain name in SIP sessions, where the enterprise-generated domain name is different than the explicit domain name corresponding to the IMS service provider. This ensures that an enterprise IMS node/client can obtain an IMS Public User Identity (IMPU/IMP) and use the domain name for a particular IMS service provider that was obtained by the enterprise to refer to the IMS service provider used for handling the session for the IMPU.

A method of operating a core access and mobility management function (AMF) node configured to operate in a communications network includes receiving a protocol data unit (PDU) session request from user equipment (UE). The PDU session request includes a requested data network name (DNN). The method also includes determining if a trigger has been activated. The method further includes receiving a manipulated DNN or replacement DNN for the requested DNN in response to the trigger being activated.

A method of operating a core access and mobility management function (AMF) node configured to operate in a communications network includes receiving a protocol data unit (PDU) session request from user equipment (UE). The PDU session request includes a requested data network name (DNN). The method also includes determining if a trigger has been activated. The method further includes receiving a manipulated DNN or replacement DNN for the requested DNN in response to the trigger being activated.

Systems, methods and devices are provided for registering DNS hostnames of Internet host devices for very large domain zones (VLZ) stored on a DNS server on a network, including setting a pseudo-zone as the VLZ, intercepting DNS updates to the pseudo-zone, mapping the entries in the pseudo-zone into a hierarchy of real parent zones and sub-zones using a mapping formula, and translating DNS updates to the pseudo-zone from an original fully qualified domain name (FQDN) into a at least one new FQDNs and adding the at least one new FQDNs to an authoritative DNS Server.

Example methods are provided a computer system to perform context-aware domain name system (DNS) query handling in a software-defined networking (SDN) environment. One example method may comprise detecting a DNS query to translate a domain name; identifying DNS record information that translates the domain name to a network address assigned to a virtualized computing instance; and identifying context information that is associated with the virtualized computing instance and mapped to the DNS record information. The method may also comprise: in response to detecting a potential security threat based on the context information, performing a remediation action to block access to the virtualized computing instance; but otherwise, generating and sending a DNS reply specifying the network address assigned to allow access to the virtualized computing instance.

Described embodiments provide systems and methods for rewriting an URL in a message transmitted via a clientless SSL VPN session. An intermediary device may identify, in a HTTP response transmitted via the session, an absolute URL that includes a hostname of the server. The device may determine that the absolute URL includes an intranet domain name. The device may generate, responsive to the determination, a URL segment by combining a unique string corresponding to the hostname of the server, with a hostname of the device. The device may rewrite, responsive to the determination, the absolute URL by replacing the server hostname in the absolute URL with the generated URL segment. A DNS server for the client may be configured with a DNS entry comprising a wildcard combined with the device hostname, to cause the DNS server to resolve the rewritten absolute URL to an IP address of the device.

Content delivery systems and methods are provided. A center node may determine a service domain name to be processed. The center node may obtain configuration parameters corresponding to the service domain name. The center node may generate configuration items based on the obtained configuration parameters. The configuration items may cause a plurality of edge nodes to deploy Hypertext Transfer Protocol Secure (HTTPS) security acceleration for the service domain name. The center node may send, to the edge nodes in the CDN, the configuration items that are based on the corresponding configuration parameters. The configuration item may include comprise a digital certificate providing mode and a back-to-source mode of an origin site. A first configuration parameter may correspond to the digital certificate providing and a second configuration parameter may correspond to a back-to-source mode of the origin site.