The Internet is a worldwide, publicly accessible network of interconnected computer networks, which has long been employed by users for data management, communication, purchasing goods, sharing, searching, etc. As the Internet continues to evolve, the risk of users being vulnerable to malicious websites and/or inappropriate and/or unwanted content also increases. Therefore, detecting these malicious websites and/or inappropriate and/or unwanted content more efficiently and intelligently is a critical task for individuals and organizations alike.
One technique to detect malicious websites and/or inappropriate and/or unwanted content involves the utilization of web gateway appliances. A web gateway appliance may function as a relay between one or more users and the Internet in order to help inhibit an attacker from invading, for example, the user's computer or network, which may cause an immense amount of damage to the user.
Consider the situation wherein, for example, all Uniform Resource Locator (URL) requests from the user to the Internet are first intercepted by a web gateway appliance before connections to the Internet are allowed or disallowed. The web gateway appliance may act as a “traffic cop” and evaluate each web access request. The web gateway appliance evaluates each web access request by making a connection to, for example, Trend Micro's Web Reputation Service (WRS) or another URL or rating/scoring/malware detection service, in order to receive a rating or score for the URL. Once the URL rating or score is evaluated, the web access request is then either allowed or denied. If the web gateway appliance allows the request, the web gateway appliance then permits or enables the user to connect to the Internet for that particular web access request. On the other hand, if the web gateway appliance disallows the web access request, the web gateway appliance would then transmit back to the user a warning and/or a denial of access for that particular web access request.
Unfortunately, each time the web gateway appliance intercepts a request from the user, resources have to be allocated from the gateway's application space to facilitate the evaluation task. Likewise, when the web gateway appliance makes a connection with, for example, web reputation service and to the destination server, resources have to also be allocated from the gateway's application space to manage the connection. Therefore, for each web access request made by the user, two or more connections have to be made, and each time a connection is made resources are allocated from the gateway's application space. By tying up too much of the resources from the gateway's application space or even possibly all of the application space resources, the web gateway could slow down and/or limits its ability to service additional new connections, resulting in an inability to timely service web access requests. In severe cases, the user could be denied access to any website due to gateway congestion.
In view of the foregoing, improved solutions for detecting malicious websites or inappropriate and unwanted content are desired.