Detailed Action

1.	This Office Action is responsive to the Application 17/646,522 filed 12/30/2021.  Claims 1-20 are presented for examination.  The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Priority

2.	Applicant’s claim for the benefit of a prior-filed application under 35 U.S.C. 119(e) or under 35 U.S.C. 120, 121, or 365(c) is acknowledged.  


Information Disclosure Statement

3.	The information disclosure statement (IDS) submitted on 12/30/2021 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Terminal Disclaimer

4.	The terminal disclaimer filed on 06/03/2022 disclaiming the terminal portion of any patent granted on this application which would extend beyond the expiration date of the full statutory term of prior patent number 11,228,565 has been reviewed and is accepted.  The terminal disclaimer has been recorded.

Interview Summary

5.	A proposed amendment was submitted for applicant’s consideration.  Examiner suggested the Applicant to amend claims as shown in the Examiner’s Amendment below in order to place the application in condition for allowance.

6.	Authorization for this Examiner’s Amendment was given in a telephone interview with the Applicant’s Representative, Ms. Katherine R. Koebrich (Reg. No. 77,801), on June 02nd, 2022.

Examiner’s Amendment

7.	An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

8.	Please amend the claims as below:

Claim 1. (Currently Amended) A method comprising:
identifying one or more containers of a cloud application deployed to a cloud cluster that are exposed external to the cloud cluster; 
determining a first container of the one or more containers in front of which to instantiate a web application firewall for the cloud application;  
instantiating a web application firewall in front of the first container with a default configuration, wherein the default configuration comprises one or more protections enabled for the web application firewall; [[and]]
determining if any  should be enabled in addition to those of the default configuration based on characteristics of the cloud application; and
based on determining that one or more additional protections should be enabled for the web application firewall based on the characteristics of the cloud application, enabling the one or more additional protections for the web application firewall. 

Claims 2-4. (Cancelled) 

Claim 5. (Currently Amended) The method of claim 1, wherein determining if any protections of the web application firewall should be enabled in addition to those of the default configuration comprises evaluating the characteristics of the cloud application against a plurality of rules for enabling a corresponding plurality of protections offered by the web application firewall[[;]], and 
wherein enabling the one or more additional protections comprises, based on determining that the characteristics satisfy one or more rules of the plurality of rules, enabling [[a]]the one or more protections that correspond[[s]] to the one or more rules for the web application firewall. 

Claim 6. (Original) The method of claim 1, wherein identifying the one or more containers comprises identifying containers deployed to the cloud cluster that are exposed to a load balancer that distributes traffic across the cloud cluster. 

Claim 7. (Original) The method of claim 1, wherein identifying the one or more containers that are exposed external to the cloud cluster comprises identifying the one or more containers based on at least one of network topology information obtained for the cloud cluster and a configuration of the cloud cluster.

Claim 8. (Original) The method of claim 1 further comprising determining communication protocols used for communicating requests to each of the one or more containers, wherein determining the first container in front of which to instantiate the web application firewall comprises determining that a communication protocol that is compatible with web application firewall protection is used for communicating requests to the first container.

Claim 9. (Original) The method of claim 8, wherein determining that a communication protocol that is compatible with web application firewall protection is used for communicating requests to the first container comprises determining that Hypertext Transfer Protocol (HTTP) or Hypertext Transfer Protocol Secure (HTTPS) is used for communicating requests to the first container.

Claim 10. (Currently Amended) The method of claim 1, wherein enabling the one or more additional protections of the web application firewall comprises configuring the web application firewall to enable at least one of a signature for which the web application firewall is to monitor and a policy the web application firewall is to apply.

Claim 11. (Currently Amended) One or more non-transitory machine-readable media having program code stored thereon, the program code comprising instructions that are executable by a processor to cause the processor to:
identify one or more containers of a cloud application that are exposed external to a cloud cluster on which the cloud application executes; 
determine whether any of the one or more containers are compatible with web application firewall protection;
based on a determination that a first container of the one or more containers is compatible with web application firewall protection, instantiate a web application firewall in front of the first container with a default set of protections enabled; [[and]]
determine one or more additional protections [[of]]to enable for the web application firewall application, wherein the one or more additional protections are protections in addition to those of the default set of protections; and
enable the one or more additional protections for the web application firewall. 

Claims 12-14. (Cancelled)

Claim 15. (Currently Amended) The non-transitory machine-readable media of claim [[13]]11, wherein the program code further comprises instructions to determine a first protection of the default set of protections to disable for the web application firewall based on the characteristics of the cloud application and disable the first protection.

Claim 16. (Original) The non-transitory machine-readable media of claim 11, wherein the program code further comprises instructions to determine communication protocols used for communicating requests to the one or more containers, and wherein the instructions to determine whether any of the one or more containers are compatible with web application firewall protection comprise instructions to determine whether Hypertext Transfer Protocol (HTTP) or Hypertext Transfer Protocol Secure (HTTPS) are used for communicating requests to any of the one or more containers.

Claim 17. (Currently Amended) An apparatus comprising:
a processor; and
a non-transitory computer-readable medium having instructions stored thereon that are executable by the processor to cause the apparatus to[[,]]:
identify one or more containers of a cloud application deployed to a cloud cluster that are exposed external to the cloud cluster;
determine a first container of the one or more containers in front of which to instantiate a web application firewall for the cloud application;  
instantiate a web application firewall in front of the first container with a default set of protections enabled; [[and]]
determine one or more additional protections [[of]]to enable for the web application firewall based on characteristics of the cloud application, wherein the one or more additional protections are protections in addition to those of the default set of protections; and 
enable the one or more additional protections for the web application firewall. 

	Claims 18-20. (Cancelled)  

Claim 21. (New) The method of claim 1 further comprising:
determining a first protection of the one or more protections enabled in the default configuration to disable for the web application firewall based on the characteristics of the cloud application; and
disabling the first protection for the web application firewall. 



Claim 22. (New) The non-transitory machine-readable media of claim 11, wherein the instructions to identify the one or more containers of the cloud application that are exposed external to the cloud cluster comprise at least one of:
instructions to identify containers deployed to the cloud cluster that are exposed to a load balancer that distributes traffic across the cloud cluster, wherein the one or more containers are exposed to the load balancer,
instructions to identify the one or more containers based on network topology information obtained for the cloud cluster, and
instructions to identify the one or more containers based on a configuration of the cloud cluster. 

Claim 23. (New) The non-transitory machine-readable media of claim 11, 
wherein the instructions to determine the one or more additional protections to enable for the web application firewall comprise instructions to evaluate the characteristics of the cloud application against a plurality of rules for enabling a corresponding plurality of protections offered by the web application firewall, and
wherein the instructions to enable the one or more additional protections comprise instructions to, based on a determination that the characteristics satisfy one or more rules of the plurality of rules, enable the one or protections that correspond to the one or more rules for the web application firewall. 

Claim 24. (New) The apparatus of claim 17, 
wherein the instructions executable by the processor to cause the apparatus to determine the one or more additional protections to enable for the web application firewall comprise instructions executable by the processor to cause the apparatus to evaluate the characteristics of the cloud application against a plurality of rules for enabling a corresponding plurality of protections offered by the web application firewall, and
wherein the instructions executable by the processor to cause the apparatus to enable the one or more additional protections comprise instructions executable by the processor to cause the apparatus to, based on a determination that the characteristics satisfy one or more rules of the plurality of rules, enable the one or protections that correspond to the one or more rules for the web application firewall. 

Claim 25. (New) The apparatus of claim 17, wherein the instructions executable by the processor to cause the apparatus to identify the one or more containers that are exposed external to the cloud cluster comprise instructions executable by the processor to cause the apparatus to identify containers deployed to the cloud cluster that are exposed to a load balancer that distributes traffic across the cloud cluster, wherein the one or more containers are exposed to the load balancer. 

Claim 26. (New) The apparatus of claim 17, wherein the instructions executable by the processor to cause the apparatus to identify the one or more containers that are exposed external to the cloud cluster comprise instructions executable by the processor to cause the apparatus to identify the one or more containers based on at least one of network topology information obtained for the cloud cluster and a configuration of the cloud cluster. 

Claim 27. (New) The apparatus of claim 17 further comprising instructions executable by the processor to cause the apparatus to determine communication protocols used for communicating requests to each of the one or more containers, wherein the instructions executable by the processor to cause the apparatus to determine the first container in front of which to instantiate the web application firewall comprise instructions executable by the processor to cause the apparatus to determine that a communication protocol that is compatible with web application firewall protection is used for communicating requests to the first container.

Claim 28. (New) The apparatus of claim 27, wherein the instructions executable by the processor to cause the apparatus to determine that a communication protocol that is compatible with web application firewall protection is used for communicating requests to the first container comprise instructions executable by the processor to cause the apparatus to determine that Hypertext Transfer Protocol (HTTP) or Hypertext Transfer Protocol Secure (HTTPS) is used for communicating requests to the first container.


9.	Claims 1, 5-11, 15-17 and 21-28 are allowed.


10.	The following is an examiner’s statement of reasons for allowance:
	In interpreting the currently amended claims, in light of the specification, the Examiner finds the claimed invention to be patentably distinct from the prior art of records.
The prior art of records, individually or in combination, fail to explicitly teach or render obvious that a method, apparatus and non-transitory machine-readable media to perform the steps of: identifying one or more containers of a cloud application deployed to a cloud cluster that are exposed external to the cloud cluster; determining a first container of the one or more containers in front of which to instantiate a web application firewall for the cloud application; instantiating a web application firewall in front of the first container with a default configuration, wherein the default configuration comprises one or more protections enabled for the web application firewall; determining if any 

11.	Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should clearly labeled “Comments on Examiner’s Amendment”.

12.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to Quang N. Nguyen whose telephone number is (571) 272-3886.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s SPE, Wing Chan, can be reached at (571) 272-7493.  The fax phone number for the organization is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/QUANG N NGUYEN/Primary Examiner, Art Unit 2441