CPC H04L 63/1458 (2013.01) [H04L 63/1416 (2013.01); H04L 63/1425 (2013.01); H04L 67/01 (2022.05); H04L 67/288 (2013.01); H04L 67/63 (2022.05); H04L 69/325 (2013.01)] | 18 Claims |
1. A method, comprising:
receiving first internet traffic from a first client device at a first server of a plurality of servers of a distributed cloud computing network, wherein the first internet traffic is destined for a first destination, wherein each of the plurality of servers is associated with a set of one or more server identities including a server/data center certification identity;
processing, at layer 3, the first internet traffic destined for the first destination including participating in a layer 3 distributed denial of service (DDoS) protection service to protect against a layer 3 DDoS attack against the first destination;
determining that the received first internet traffic is not to be dropped by the layer 3 DDoS protection service;
determining that the first server is not permitted to process the received first internet traffic at layers 5-7, wherein the server/data center certification identity associated with the first server of the plurality of servers does not meet a selected criteria for processing internet traffic at layers 5-7;
determining that a second server of the plurality of servers is permitted to process the received first internet traffic at layers 5-7, and wherein the server/data center certification identity associated with the second server of the plurality of servers meets the selected criteria for processing internet traffic at layers 5-7;
transmitting the first internet traffic to the second server of the plurality of servers for processing the first internet traffic at layers 5-7;
receiving second internet traffic from a second client device at the first server of a plurality of servers of a distributed cloud computing network, wherein the second internet traffic is destined for a second destination;
processing, at layer 3, the second internet traffic destined for the second destination including participating in a layer 3 distributed denial of service (DDoS) protection service to protect against a layer 3 DDoS attack against the second destination;
determining that the received second internet traffic is not to be dropped by the layer 3 DDoS protection service;
determining that a policy for selective traffic processing at layers 5-7 applies to the received second internet traffic, wherein the policy indicates that internet traffic received from a first location is permitted to be processed at layers 5-7 only by servers in a second location, wherein the first server is not in the second location;
determining that the received second internet traffic is received from the first location; and
transmitting the second internet traffic to a server in the second location.
|