Blocking Multiple Parallel HTTP Downloads used by Download Accelerators (IDM)
03/26/2020 12 14623
DESCRIPTION: Blocking Multiple Parallel HTTP Downloads used by Download Accelerators (IDM)
Applications like Internet Download Manager (IDM), Xunlei and some P2P applications create multiple parallel HTTP connections for the same file to accelerate downloads. This consumes a lot of bandwidth. Each connection requests only a part of the file but the download is faster because there are multiple simultaneous HTTP (TCP Port 80) connections. This is accomplished by Range (Client) and Content-Range (Server) HTTP Headers.
You can see below the HTTP Client Request and HTTP Server Reply for one of the connections. Notice the ‘Range’ and ‘Content-Range’ HTTP Headers as well as the “206 Partial Content” HTTP Status reply.
GET /pub/centos/5.6/isos/i386/CentOS-5.6-i386-LiveCD.iso HTTP/1.1 Accept: */* Cache-Control: no-cache Connection: Keep-Alive Host: mirror.chpc.utah.edu Pragma: no-cache Range: bytes=436109500-726630399 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
SonicWall Application Control Advanced has the following signatures to block Range and Content-Range headers in HTTP traffic:
SID 6872: This SonicWall signature identifies legitimate HTTP response containing the Content-Range HTTP Header.
SID 6597: This signature identifies legitimate HTTP requests containing the HTTP Range header.
Note: The downside of enabling the above SIDs is that it will also block ‘resumed’ downloading. For example, when a download is interrupted, you will have to start over from the beginning. All normal downloads of a single file are not affected.
Login to the SonicWall Mangement GUI.
Navigate to the Firewall > App Control Advanced page. In Gen5 TZ devices this page is under Security Services > App Control
Check the box under Enable App Control and click on the Accept button at the top to enable App Control.
Under App Control Advanced > View Style select PROTOCOLS under Category;
From the drop-down under Application, select HTTP.
Click on configure under SID 6597 to open the Edit App Control Signature window.
Select Enable under the Block and Log fields.
Click on OK to save.
Click on configure under SID 6872 to open the Edit App Control Signature window.