A server-side technique to detect and mitigate client-side content filtering, such as ad blocking. In operation, the technique operates on a server-side of a client-server communication path to provide real-time detect the existence of a client filter (e.g., an ad blocker plug-in) through transparent request exchanges, and then to mitigate (defeat) that filter through one or operations designed to modify the HTML response body or otherwise obscure URLs. Preferably, the publisher (the CDN customer) defines one or more criteria of the page resources being served by the overlay (CDN) and that need to be protected against the client-side filtering.

A server-side technique to detect and mitigate client-side content filtering, such as ad blocking. In operation, the technique operates on a server-side of a client-server communication path to provide real-time detect the existence of a client filter (e.g., an ad blocker plug-in) through transparent request exchanges, and then to mitigate (defeat) that filter through one or operations designed to modify the HTML response body or otherwise obscure URLs. Preferably, the publisher (the CDN customer) defines one or more criteria of the page resources being served by the overlay (CDN) and that need to be protected against the client-side filtering.

A method for traffic management of proprietary data, in a network system comprising a gateway and a sensor communicatively coupled to the gateway via a data bus, includes determining, by a processor of a bridging device, whether a dedicated pipeline for transmission to the gateway is available, in response to determining that the dedicated pipeline is available, transmitting, by the processor, a request for the dedicated pipeline, determining, by the processor, whether the dedicated pipeline has been established between the bridging device and the gateway, and in response to determining that the dedicated pipe has been established, requesting, by the processor, the proprietary data from the sensor, transmitting, by the processor, the proprietary data from the sensor to the gateway via the dedicated pipeline, and transmitting, by the processor, a dedicated pipeline release signal to the gateway indicating release of dedicated pipeline between the bridging device and the gateway.

A method for traffic management of proprietary data, in a network system comprising a gateway and a sensor communicatively coupled to the gateway via a data bus, includes determining, by a processor of a bridging device, whether a dedicated pipeline for transmission to the gateway is available, in response to determining that the dedicated pipeline is available, transmitting, by the processor, a request for the dedicated pipeline, determining, by the processor, whether the dedicated pipeline has been established between the bridging device and the gateway, and in response to determining that the dedicated pipe has been established, requesting, by the processor, the proprietary data from the sensor, transmitting, by the processor, the proprietary data from the sensor to the gateway via the dedicated pipeline, and transmitting, by the processor, a dedicated pipeline release signal to the gateway indicating release of dedicated pipeline between the bridging device and the gateway.

In a method for providing access to a service provided by a physical server in a cloud computing system, a cloud platform allocates to the service a publishing IP address and a publishing port, and sends a NAT rule to an access network element associated with the virtual machine. Upon receiving a service access request from the virtual machine for accessing the service, the access network element modifies, according to the NAT rule, a destination address of the service access request into the IP address and the port of the physical server that provides the service, and routes the modified service access request to the physical server.

In a method for providing access to a service provided by a physical server in a cloud computing system, a cloud platform allocates to the service a publishing IP address and a publishing port, and sends a NAT rule to an access network element associated with the virtual machine. Upon receiving a service access request from the virtual machine for accessing the service, the access network element modifies, according to the NAT rule, a destination address of the service access request into the IP address and the port of the physical server that provides the service, and routes the modified service access request to the physical server.

A method for processing a request for anonymisation of a source IP address of an IP packet is described, the IP packet being transmitted by a transmitting device to a recipient device via a communications network, the transmitting device being connected to the network via a network terminal apparatus. The method is carried out by an anonymisation device positioned for cutting the flow between the network terminal apparatus and the recipient device, and comprises receiving the packet; establishing whether the source IP address has to be anonymised or not; if a result of the verification is negative, routing the packet to the recipient device; if the result of the verification is positive and if the anonymisation device has an address translation function: replacing the source IP address with an IP address of the anonymisation device; and. If the result of the verification is positive and if the anonymisation device does not have an address translation function, a step of routing the IP packet is routed to the recipient device via an apparatus of the network which has an address translation function.

A method for processing a request for anonymisation of a source IP address of an IP packet is described, the IP packet being transmitted by a transmitting device to a recipient device via a communications network, the transmitting device being connected to the network via a network terminal apparatus. The method is carried out by an anonymisation device positioned for cutting the flow between the network terminal apparatus and the recipient device, and comprises receiving the packet; establishing whether the source IP address has to be anonymised or not; if a result of the verification is negative, routing the packet to the recipient device; if the result of the verification is positive and if the anonymisation device has an address translation function: replacing the source IP address with an IP address of the anonymisation device; and. If the result of the verification is positive and if the anonymisation device does not have an address translation function, a step of routing the IP packet is routed to the recipient device via an apparatus of the network which has an address translation function.

A method of providing infrastructure protection for a server of a network organization, the method including announcing, as an internet protocol (IP) address associated with a server of a plurality of servers, a first anycast IP address, the first anycast IP address being one of a plurality of anycast IP addresses that each serve as an anycast address for a scrubbing center network. Each of the plurality of anycast IP addresses is allocated to a respective server of the plurality of servers by the scrubbing center network. The scrubbing center network may receive an incoming network packet intended for the server, the incoming network packet identified using the first anycast IP address. The scrubbing center network may determine whether the incoming network packet is legitimate and if so, the incoming network packet may be routed to the server using a generic routing encapsulation (GRE) tunnel.

A method of providing infrastructure protection for a server of a network organization, the method including announcing an internet protocol (IP) address range associated with the network organization using a border gateway protocol (BGP) on an edge server of a distributed network of edge servers. The method further including receiving an incoming network packet intended for the server of the network organization identified using a public IP address within the IP address range, the public IP address serving as a first anycast address for a distributed network of edge servers. The method further including determining, by the distributed network, whether the incoming network packet is legitimate. The method further including responsive to determining that the incoming network packet is legitimate, routing, by a processor using generic routing encapsulation (GRE), the incoming network packet to the server at a private IP address.