This document describes how to configure the Palo Alto Networks firewall to block multi-threaded HTTP downloads from the CLI.
Run the following CLI commands:
# set deviceconfig setting ctd skip-block-http-range no
When skip-block-http-range is set to no, any time the Palo Alto Networks firewall sees an HTTP client request for a file with a range request in the header (for example, when resuming a file download), the firewall intercepts it and mimics a server rejecting the range request feature. This tells the client to start from the beginning of the file.
Note: This is global feature to turn on and off and that it's going to disable more than concurrent downloads of same files, but any kind of HTTP resuming operations which can impact legitimate applications.