Blocking Multiple Parallel HTTP Downloads used by Download Accelerators (IDM)

03/26/2020 12 14985

DESCRIPTION:
Blocking Multiple Parallel HTTP Downloads used by Download Accelerators (IDM)

RESOLUTION:

Feature/Application:

Applications like Internet Download Manager (IDM), Xunlei and some P2P applications create multiple parallel HTTP connections for the same file to accelerate downloads. This consumes a lot of bandwidth. Each connection requests only a part of the file but the download is faster because there are multiple simultaneous HTTP (TCP Port 80) connections. This is accomplished by Range (Client) and Content-Range (Server) HTTP Headers.  

You can see below the HTTP Client Request and HTTP Server Reply for one of the connections.  Notice the ‘Range’ and ‘Content-Range’ HTTP Headers as well as the “206 Partial Content” HTTP Status reply. 

GET /pub/centos/5.6/isos/i386/CentOS-5.6-i386-LiveCD.iso HTTP/1.1
Accept: */*
Cache-Control: no-cache
Connection: Keep-Alive
Host: mirror.chpc.utah.edu
Pragma: no-cache
Range: bytes=436109500-726630399
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)

HTTP/1.1 206 Partial Content
Date: Tue, 16 Aug 2011 18:25:09 GMT
Server: Apache
Last-Modified: Mon, 04 Apr 2011 19:18:58 GMT
ETag: "16036dc-2b4f8000-4a01ca1a02c80"
Accept-Ranges: bytes
Content-Length: 290520900
Content-Range: bytes 436109500-726630399/726630400
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/plain

SonicWall Application Control Advanced has the following signatures to block Range and Content-Range headers in HTTP traffic:

• SID 6872:   This SonicWall signature identifies legitimate HTTP response containing the Content-Range HTTP Header.
• SID 6597:   This signature identifies legitimate HTTP requests containing the HTTP Range header.

Note: The downside of enabling the above SIDs is that it will also block ‘resumed’ downloading. For example, when a download is interrupted, you will have to start over from the beginning.  All normal downloads of a single file are not affected.

Procedure: 

• Login to the SonicWall Mangement GUI.
• Navigate to the Firewall > App Control Advanced page. In Gen5 TZ devices this page is under Security Services > App Control
• Check the box under Enable App Control  and click on the Accept button at the top to enable App Control.
• Under App Control Advanced > View Style select PROTOCOLS under Category; 
• From the drop-down under Application, select HTTP.

• Click on configure under SID 6597 to open the Edit App Control Signature window.
• Select Enable under the Block and Log fields.
• Click on OK to save.

• Click on configure under SID 6872 to open the Edit App Control Signature window.
• Select Enable under the Block and Log fields.
• Click on OK to save.