- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
04-19-2024 03:37 AM
I have found a few short discussions about how to block range requests, and an article: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClJsCAK.
My question is whether we should be blocking them because they present a threat.
My understanding is that an HTTP response is scanned in a single pass as it streams through the firewall, and that the most fundamental operation is looking for patterns within the content which indicate a problem with the content. Is it therefore possible for a pattern to be split across the boundary between two HTTP range requests, and not detected? Particularly since the range requests could be submitted multi-threaded, and therefore the later part of the file is actually processed before the earlier part?
Essentially: if a file is downloaded by a series of HTTP range requests, possibly not in the natural order, then are we guaranteed the same level of protection as if the file were downloaded using a single request?
Any links to definitive product documentation on this would be very welcome.
04-23-2024 07:46 PM
Hi @jonpmoore ,
Here is a relevant KB regarding HTTP range requests. In my opinion, if you aren't experiencing specific issues then it should be set to block.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!