How to Block Multi-thread HTTP Downloads

How to Block Multi-thread HTTP Downloads

10766
Created On 09/25/18 17:50 PM - Last Updated 02/07/19 23:56 PM
Resolution

Overview

This document describes how to configure the Palo Alto Networks firewall to block multi-threaded HTTP downloads from the CLI.

 

Details

Run the following CLI commands:

>  configure

#  set deviceconfig setting ctd skip-block-http-range no

#  commit

 

When skip-block-http-range is set to no, any time the Palo Alto Networks firewall sees an HTTP client request for a file with a range request in the header (for example, when resuming a file download), the firewall intercepts it and mimics a server rejecting the range request feature. This tells the client to start from the beginning of the file.

Note: This is global feature to turn on and off and that it's going to disable more than concurrent downloads of same files, but any kind of HTTP resuming operations which can impact legitimate applications.

 

owner: gcapuno



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClJsCAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language