Some clients like to use Download Managers & Accelerators in an attempt to complete file downloads faster.
These download managers/accelerators work by creating dozens to hundreds (and sometimes thousands) of independent concurrent and sequential connections, with each connection downloading a different part (byte range) of the same file (with the server returning that part of the file using HTTP’s 206 “Partial Content” Response).
This connection abuse can easily overload your server’s connection limits and resources, and also get around any per-connection bandwidth restrictions you might have set.
Here is how to stop these Download Managers dead in their tracks by using mod_headers and mod_rewrite under Apache (or a WAMP Server such as WampDeveloper Pro).
This example will abort all partial requests for content located within URL:
http://www.example.com/files/
Unset Accept-Ranges Header
Indicate to the clients that the server will not attempt to honor Range requests (partial content requests), by changing Response Header “Accept-Ranges” from “bytes” to “none“.
<IfModule !mod_headers.c>
LoadModule headers_module modules/mod_headers.so
</IfModule>
<Location /files/>
<IfModule mod_headers.c>
Header set Accept-Ranges none
</IfModule>
</Location>
But this is only a superficial message to the client (that his download manager/accelerator software can easily ignore). The client can still make Request Header “Range” requests (partial content requests), and Apache will still return the specified byte range from the file. So let’s remove that option once and for all…
Abort All Range (Partial Content) Requests
<IfModule !mod_rewrite.c>
LoadModule rewrite_module modules/mod_rewrite.so
</IfModule>
<IfModule mod_rewrite.c>
RewriteEngine On
# Detect URL /files/...
RewriteCond %{REQUEST_URI} ^files/
# Detect "Range" request header
RewriteCond %{HTTP:Range} !^$
# Stop and Return HTTP FORBIDDEN (403) response header
RewriteRule .* - [F,L]
</IfModule>
* If instead of placing this inside a VirtualHost block, you place it in an .htaccess file, then “AllowOverride FileInfo” (or “AllowOverride All“) and “Options +FollowSymLinks” (or “Options All“) have to be set (in the VirtualHost) for the directory the .htaccess file is in (otherwise neither mod_rewrite, nor working with the Header data, will work).
* Don’t use “RequestHeader unset Range” as this will get around the mod_rewrite configuration while turning all partial content downloads into full size downloads.
Problems
Incomplete downloads are not resumable… A client will not be able to pause or stop a download, and later resume it.
Downloads started with download accelerators will stop at whatever % of full file size the first connection retrieves.
May also break some -
- Clients that do streaming of video and audio
- Clients that do reading/loading of meta-data from large files
- e-Readers
- Client-side bandwidth throttling
Notes on using mod_rewrite
Per-directory Rewrites
http://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewriterule
For mod_rewrite, “Options FollowSymLinks” must be enabled for anything related to directories to work…
To enable the rewrite engine in this context, you need to set “RewriteEngine On” and “Options FollowSymLinks” must be enabled. If your administrator has disabled override of FollowSymLinks for a user’s directory, then you cannot use the rewrite engine. This restriction is required for security reasons.
Behavior of mod_rewrite in <Location> sections can be unpredictable…
Although rewrite rules are syntactically permitted in <Location> and <Files> sections, this should never be necessary and is unsupported.