7. Procedure – Disabling HTTP byteranges and download managers

Purpose: 

Downloading byteranges (used also by download managers) can confuse antivirus applications, or often make it impossible to perform virus filtering on the downloaded file. Therefore, you might want to forbid the use of byteranges. Disabling byteranges has the following effects:

  • Virus filtering becomes possible in the downloaded data.

  • Download managers will not work. (The security policy of many organizations forbids using download managers anyway.)

  • The clients cannot resume incomplete downloads.

To disable byteranges, you have to configure your HTTP proxy (for example, HttpVirusProxy) to forbid the use of certain HTTP headers. Complete the following steps.

Steps: 

  1. Select Application-level Gateway > Proxies, then select the HttpVirusProxy proxy class.

  2. Add the self.response_header attribute to the Changed config attributes panel.

  3. Select this new attribute, then click Edit > New.

  4. Enter Accept-Ranges, then click OK.

  5. The server sends the Accept-Ranges: bytes HTTP header to inform the client about the type of range requests it accepts (RFC 2616 14.5). If the server does not support range requests, it sends the following header to explicitly deny the use of byte-ranges: Accept-Ranges: none.

    • To delete every Accept-Ranges header from the HTTP traffic, click on the text in the Type field, then select const_http_hdr_drop.

      Python:

      self.response_header["Accept-Ranges"] = (HTTP_HDR_DROP)
      Note

      The client can send byterange requests to the server, because the absence of the header does not mean that the server does not support downloading byteranges.

    • To explicitly state that the server does not support byteranges, click on the text in the Type field, then select type_http_hdr_replace. Click Edit > qstring > Edit, then enter NONE.

      Python:

      self.response_header["Accept-Ranges"] = (HTTP_HDR_REPLACE, "NONE")
      Note

      That still does not mean that the client cannot send byterange requests.

    • To ensure that the clients cannot use byteranges, you can delete the Range header from the client requests, or even reject the entre request.

      • To delete only the Range header and leave the rest of the request unchanged, add the Range key to the self.request_header attribute, it to type const_http_hdr_drop.

        Python:

        self.request_header["Range"] = (HTTP_HDR_DROP)
      • To reject the entire request, add the Range key to the self.request_header attribute, it to type const_http_hdr_abort.

        Python:

        self.request_header["Range"] = (HTTP_HDR_ABORT)