Blocking Multiple Parallel HTTP Downloads used by Download Accelerators (IDM)

03/26/2020 12 People found this article helpful 480,633 Views

Description

Resolution

Feature/Application:

Applications like Internet Download Manager (IDM), Xunlei and some P2P applications create multiple parallel HTTP connections for the same file to accelerate downloads. This consumes a lot of bandwidth. Each connection requests only a part of the file but the download is faster because there are multiple simultaneous HTTP (TCP Port 80) connections. This is accomplished by Range (Client) and Content-Range (Server) HTTP Headers.

You can see below the HTTP Client Request and HTTP Server Reply for one of the connections. Notice the ‘Range’ and ‘Content-Range’ HTTP Headers as well as the “206 Partial Content” HTTP Status reply.

GET /pub/centos/5.6/isos/i386/CentOS-5.6-i386-LiveCD.iso HTTP/1.1
Accept: */*
Cache-Control: no-cache
Connection: Keep-Alive
Host: mirror.chpc.utah.edu
Pragma: no-cache
Range: bytes=436109500-726630399
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)

HTTP/1.1 206 Partial Content
Date: Tue, 16 Aug 2011 18:25:09 GMT
Server: Apache
Last-Modified: Mon, 04 Apr 2011 19:18:58 GMT
ETag: "16036dc-2b4f8000-4a01ca1a02c80"
Accept-Ranges: bytes
Content-Length: 290520900
Content-Range: bytes 436109500-726630399/726630400
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/plain

SonicWall Application Control Advanced has the following signatures to block Range and Content-Range headers in HTTP traffic:

SID 6872: This SonicWall signature identifies legitimate HTTP response containing the Content-Range HTTP Header.
SID 6597: This signature identifies legitimate HTTP requests containing the HTTP Range header.

Note: The downside of enabling the above SIDs is that it will also block ‘resumed’ downloading. For example, when a download is interrupted, you will have to start over from the beginning. All normal downloads of a single file are not affected.

Procedure:

Login to the SonicWall Mangement GUI.
Navigate to the Firewall > App Control Advanced page. In Gen5 TZ devices this page is under Security Services > App Control
Check the box under Enable App Control and click on the Accept button at the top to enable App Control.
Under App Control Advanced > View Style select PROTOCOLS under Category;
From the drop-down under Application, select HTTP.

Click on configure under SID 6597 to open the Edit App Control Signature window.
Select Enable under the Block and Log fields.
Click on OK to save.

Click on configure under SID 6872 to open the Edit App Control Signature window.
Select Enable under the Block and Log fields.
Click on OK to save.

Not Finding Your Answers?

ASK THE COMMUNITY

Was This Article Helpful?

YES NO

Blocking Multiple Parallel HTTP Downloads used by Download Accelerators (IDM)

Description

Resolution

Related Articles

Categories

Not Finding Your Answers?

Was This Article Helpful?

Article Helpful Form

Article Not Helpful Form

Follow Us

Subscribe to newsletter

Stay In Touch