- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
Blocking Multiple Parallel HTTP Downloads used by Download Accelerators (IDM)
03/26/2020 
12 People found this article helpful
45,878 Views
Description
Blocking Multiple Parallel HTTP Downloads used by Download Accelerators (IDM)
Resolution
Feature/Application:
Applications like Internet Download Manager (IDM), Xunlei and some P2P applications create multiple parallel HTTP connections for the same file to accelerate downloads. This consumes a lot of bandwidth. Each connection requests only a part of the file but the download is faster because there are multiple simultaneous HTTP (TCP Port 80) connections. This is accomplished by Range (Client) and Content-Range (Server) HTTP Headers.
You can see below the HTTP Client Request and HTTP Server Reply for one of the connections. Notice the ‘Range’ and ‘Content-Range’ HTTP Headers as well as the “206 Partial Content” HTTP Status reply.
GET /pub/centos/5.6/isos/i386/CentOS-5.6-i386-LiveCD.iso HTTP/1.1
Accept: */*
Cache-Control: no-cache
Connection: Keep-Alive
Host: mirror.chpc.utah.edu
Pragma: no-cache
Range: bytes=436109500-726630399
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
HTTP/1.1 206 Partial Content
Date: Tue, 16 Aug 2011 18:25:09 GMT
Server: Apache
Last-Modified: Mon, 04 Apr 2011 19:18:58 GMT
ETag: "16036dc-2b4f8000-4a01ca1a02c80"
Accept-Ranges: bytes
Content-Length: 290520900
Content-Range: bytes 436109500-726630399/726630400
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/plain
SonicWall Application Control Advanced has the following signatures to block Range and Content-Range headers in HTTP traffic:
- SID 6872: This SonicWall signature identifies legitimate HTTP response containing the Content-Range HTTP Header.
- SID 6597: This signature identifies legitimate HTTP requests containing the HTTP Range header.
Note: The downside of enabling the above SIDs is that it will also block ‘resumed’ downloading. For example, when a download is interrupted, you will have to start over from the beginning. All normal downloads of a single file are not affected.
Procedure:
- Login to the SonicWall Mangement GUI.
- Navigate to the Firewall > App Control Advanced page. In Gen5 TZ devices this page is under Security Services > App Control
- Check the box under Enable App Control and click on the Accept button at the top to enable App Control.
- Under App Control Advanced > View Style select PROTOCOLS under Category;
- From the drop-down under Application, select HTTP.
- Click on configure under SID 6597 to open the Edit App Control Signature window.
- Select Enable under the Block and Log fields.
- Click on OK to save.
- Click on configure under SID 6872 to open the Edit App Control Signature window.
- Select Enable under the Block and Log fields.
- Click on OK to save.
Related Articles
- How to Create Gen 7 Settings File by Using the Online Migration Tool
- DNS Resolution of Wildcard FQDN Address Objects
- All associated wildcard FQDN IP addresses do not display in the web browser
Categories
- Firewalls > TZ Series
- Firewalls > SonicWall SuperMassive E10000 Series
- Firewalls > SonicWall SuperMassive 9000 Series
- Firewalls > SonicWall NSA Series
YES
NO