Blocking Multiple Parallel HTTP Downloads used by Download Accelerators (IDM)
03/26/2020 
12 
13300
DESCRIPTION:
Blocking Multiple Parallel HTTP Downloads used by Download Accelerators (IDM)
RESOLUTION:
Feature/Application:
Applications like Internet Download Manager (IDM), Xunlei and some P2P applications create multiple parallel HTTP connections for the same file to accelerate downloads. This consumes a lot of bandwidth. Each connection requests only a part of the file but the download is faster because there are multiple simultaneous HTTP (TCP Port 80) connections. This is accomplished by Range (Client) and Content-Range (Server) HTTP Headers.
You can see below the HTTP Client Request and HTTP Server Reply for one of the connections. Notice the ‘Range’ and ‘Content-Range’ HTTP Headers as well as the “206 Partial Content” HTTP Status reply.
GET /pub/centos/5.6/isos/i386/CentOS-5.6-i386-LiveCD.iso HTTP/1.1
Accept: */*
Cache-Control: no-cache
Connection: Keep-Alive
Host: mirror.chpc.utah.edu
Pragma: no-cache
Range: bytes=436109500-726630399
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
HTTP/1.1 206 Partial Content
Date: Tue, 16 Aug 2011 18:25:09 GMT
Server: Apache
Last-Modified: Mon, 04 Apr 2011 19:18:58 GMT
ETag: "16036dc-2b4f8000-4a01ca1a02c80"
Accept-Ranges: bytes
Content-Length: 290520900
Content-Range: bytes 436109500-726630399/726630400
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/plain
SonicWall Application Control Advanced has the following signatures to block Range and Content-Range headers in HTTP traffic:
- SID 6872: This SonicWall signature identifies legitimate HTTP response containing the Content-Range HTTP Header.
- SID 6597: This signature identifies legitimate HTTP requests containing the HTTP Range header.
Note: The downside of enabling the above SIDs is that it will also block ‘resumed’ downloading. For example, when a download is interrupted, you will have to start over from the beginning. All normal downloads of a single file are not affected.
Procedure:
- Login to the SonicWall Mangement GUI.
- Navigate to the Firewall > App Control Advanced page. In Gen5 TZ devices this page is under Security Services > App Control
- Check the box under Enable App Control and click on the Accept button at the top to enable App Control.
- Under App Control Advanced > View Style select PROTOCOLS under Category;
- From the drop-down under Application, select HTTP.
- Click on configure under SID 6597 to open the Edit App Control Signature window.
- Select Enable under the Block and Log fields.
- Click on OK to save.
- Click on configure under SID 6872 to open the Edit App Control Signature window.
- Select Enable under the Block and Log fields.
- Click on OK to save.
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Capture Security applianceAdvanced Threat Protection for modern threat landscape
Network Security ManagerModern Security Management for today’s security landscape
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
