Blocking Multiple Parallel HTTP Downloads used by Download Accelerators (IDM)

Description

Blocking Multiple Parallel HTTP Downloads used by Download Accelerators (IDM)

Resolution

 

Feature/Application:

Applications like Internet Download Manager (IDM), Xunlei and some P2P applications create multiple parallel HTTP connections for the same file to accelerate downloads. This consumes a lot of bandwidth. Each connection requests only a part of the file but the download is faster because there are multiple simultaneous HTTP (TCP Port 80) connections. This is accomplished by Range (Client) and Content-Range (Server) HTTP Headers.  

You can see below the HTTP Client Request and HTTP Server Reply for one of the connections.  Notice the ‘Range’ and ‘Content-Range’ HTTP Headers as well as the “206 Partial Content” HTTP Status reply. 

GET /pub/centos/5.6/isos/i386/CentOS-5.6-i386-LiveCD.iso HTTP/1.1
Accept: */*
Cache-Control: no-cache
Connection: Keep-Alive
Host: mirror.chpc.utah.edu
Pragma: no-cache
Range: bytes=436109500-726630399
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)

HTTP/1.1 206 Partial Content
Date: Tue, 16 Aug 2011 18:25:09 GMT
Server: Apache
Last-Modified: Mon, 04 Apr 2011 19:18:58 GMT
ETag: "16036dc-2b4f8000-4a01ca1a02c80"
Accept-Ranges: bytes
Content-Length: 290520900
Content-Range: bytes 436109500-726630399/726630400
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/plain

SonicWall Application Control Advanced has the following signatures to block Range and Content-Range headers in HTTP traffic:

  • SID 6872:   This SonicWall signature identifies legitimate HTTP response containing the Content-Range HTTP Header.
  • SID 6597:   This signature identifies legitimate HTTP requests containing the HTTP Range header.

Note: The downside of enabling the above SIDs is that it will also block ‘resumed’ downloading. For example, when a download is interrupted, you will have to start over from the beginning.  All normal downloads of a single file are not affected.

Procedure: 

  • Login to the SonicWall Mangement GUI.
  • Navigate to the Firewall > App Control Advanced page. In Gen5 TZ devices this page is under Security Services > App Control
  • Check the box under Enable App Control  and click on the Accept button at the top to enable App Control.
  • Under App Control Advanced > View Style select PROTOCOLS under Category
  • From the drop-down under Application, select HTTP.

Image

  • Click on configure under SID 6597 to open the Edit App Control Signature window.
  • Select Enable under the Block and Log fields.
  • Click on OK to save.

Image

  • Click on configure under SID 6872 to open the Edit App Control Signature window.
  • Select Enable under the Block and Log fields.
  • Click on OK to save.

Image

Related Articles

  • SonicWall UTM throws an error : " Invalid Authentication " Error: SN and EPAID Do Not Match
    Read More
  • Firewall logs show frequent probe status changes after upgrade
    Read More
  • SSO Agent 4.0: Installation, Configurations, and troubleshooting
    Read More

Categories

Firewalls
TZ Series
Firewalls
SonicWall SuperMassive E10000 Series
Firewalls
SonicWall SuperMassive 9000 Series
Firewalls
SonicWall NSA Series
not finding your answers?
Ask the Community
was this article helpful?
YesNo