A content distributor operates and manages a distributed platform. Using the distributed platform, the content distributor delivers content and services generated by and sourced from different origins to thousands of different end users using the distributed platform. The distributed platform is typically comprised of a set of servers located at different points throughout the Internet. Content delivery networks, cloud operators, and proxies are some examples of content distributors that operate a distributed platform.
Origins rely on the content distributor's distributed platform for delivery of their content and services because the distributed platform offers origins scalability, accelerated delivery, and security while removing the infrastructure management overhead from the origins. The distributor provisions, configures, and deploys additional server resources as demand for different origin content and services increases or changes. The distributor also accelerates content and service delivery to end users by virtue of placing its servers at different locations. End user requests and the content and services sent in response to those requests are received and delivered from the distributed platform servers that are closest to the requesting end user. This accelerates delivery of the origin content and services by reducing the number of network hop traversals for submitting the requests, content, and services to an intended destination. The distributed platform servers also provide security for the origins. The distributed platform servers act as the front line of defense against network launched attacks directed to content and services of the origins. Any request or message that is part of an attack directed to content and services of an origin will arrive at one of the distributed platform servers before any of the origin's own servers. The distributed platform servers can perform various attack protections on behalf of the origin to protect the origin servers.
Rate limiting is one attack protection the distributed platform can perform on behalf of an origin. Rate limiting is effective in shielding an origin from a distributed denial of service (DDoS) attack. As part of rate limiting, the distributed platform servers monitor request rates for different provider content and services. The distributed platform servers can monitor the request rates individually on a server-by-server basis, on an aggregate basis, or some combination of both. When the request rate for particular content exceeds a distributed platform configured threshold, the distributed platform servers can take ameliorative action to limit or reduce the rate of requests directed to the particular content. One such ameliorative action involves sending a computationally expensive problem (i.e., a hashcache problem) in response to end user requests directed to the particular content. Requests with a correct answer to the problem will then be processed by the distributed platform servers, while requests without the correct answer will be ignored, dropped, or responded to with another problem.
The above approach and other similar approaches with which the content distributor or distributed platform triggers the attack protections on behalf of an origin are limited. The distributed platform detects an attack and invokes attack protections based on what happens at the distributed platform level. The distributed platform however, does not account for loads on the origin or the servers under origin control (i.e., origin servers). More generally, the origins are not integrated as part of the distributed platform, thereby leaving attack detection and attack protections under distributed platform control. This prevents the origins from being able to take action when they perceive a threat independent of the criteria or thresholds put in place by the distributed platform. This is especially problematic for dynamic or uncacheable content, because the distributed platform servers typically forward all such requests to the origin servers. Due to the scale of the distributed platform, the distributed platform servers are able to handle much greater loads than the origin servers. Accordingly, the distributed platform servers may invoke attack protections after the load on the origin servers becomes excessive. Also, since the origin is a central point at which all user requests for the origin content may be funneled, the origin may have additional information from which to detect an attack that different distributed platform servers receiving subsets of the requests cannot. The origin may also use different criteria than the distributed platform or proprietary methods to detect attacks.
The origin can implement its own attack protections at the origin servers. This however would duplicate functionality already available at the distributed platform level and would shift the security burden back to the origin, eliminating a significant reason behind the origin's usage of the distributed platform.
Accordingly, there is a need to create better synergy between origins and the third party distributed platform that delivers and protects the content and services of the origins. More specifically, there is a need to extend security controls from the distributed platform to the origins so that origins can leverage the distributed platform attack protections without having to replicate.