Support on SonicWall Products, Services and Solutions
Browse Knowledgebase by Category
Blocking Multiple Parallel HTTP Downloads used by Download Accelerators (IDM)
03/26/2020 
12 
11660
DESCRIPTION:
Blocking Multiple Parallel HTTP Downloads used by Download Accelerators (IDM)
RESOLUTION:
Feature/Application:
Applications like Internet Download Manager (IDM), Xunlei and some P2P applications create multiple parallel HTTP connections for the same file to accelerate downloads. This consumes a lot of bandwidth. Each connection requests only a part of the file but the download is faster because there are multiple simultaneous HTTP (TCP Port 80) connections. This is accomplished by Range (Client) and Content-Range (Server) HTTP Headers.
You can see below the HTTP Client Request and HTTP Server Reply for one of the connections. Notice the ‘Range’ and ‘Content-Range’ HTTP Headers as well as the “206 Partial Content” HTTP Status reply.
GET /pub/centos/5.6/isos/i386/CentOS-5.6-i386-LiveCD.iso HTTP/1.1
Accept: */*
Cache-Control: no-cache
Connection: Keep-Alive
Host: mirror.chpc.utah.edu
Pragma: no-cache
Range: bytes=436109500-726630399
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
HTTP/1.1 206 Partial Content
Date: Tue, 16 Aug 2011 18:25:09 GMT
Server: Apache
Last-Modified: Mon, 04 Apr 2011 19:18:58 GMT
ETag: "16036dc-2b4f8000-4a01ca1a02c80"
Accept-Ranges: bytes
Content-Length: 290520900
Content-Range: bytes 436109500-726630399/726630400
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/plain
SonicWall Application Control Advanced has the following signatures to block Range and Content-Range headers in HTTP traffic:
- SID 6872: This SonicWall signature identifies legitimate HTTP response containing the Content-Range HTTP Header.
- SID 6597: This signature identifies legitimate HTTP requests containing the HTTP Range header.
Note: The downside of enabling the above SIDs is that it will also block ‘resumed’ downloading. For example, when a download is interrupted, you will have to start over from the beginning. All normal downloads of a single file are not affected.
Procedure:
- Login to the SonicWall Mangement GUI.
- Navigate to the Firewall > App Control Advanced page. In Gen5 TZ devices this page is under Security Services > App Control
- Check the box under Enable App Control and click on the Accept button at the top to enable App Control.
- Under App Control Advanced > View Style select PROTOCOLS under Category;
- From the drop-down under Application, select HTTP.
- Click on configure under SID 6597 to open the Edit App Control Signature window.
- Select Enable under the Block and Log fields.
- Click on OK to save.
- Click on configure under SID 6872 to open the Edit App Control Signature window.
- Select Enable under the Block and Log fields.
- Click on OK to save.
