Web Protection: Selectively allow range requests (AKA improve iPhone media streaming)
Mobile devices like the iPhone/iPad use HTTP range requests when accessing media content. Range requests allow a client to request a specific range of bytes from a file on the server, rather than downloading the whole file in one go.
Unfortunately downloading a file in small chunks makes it impossible to scan that file for malware. Indeed, it could provide a handy way for a malicious program or actor to circumvent gateway security measures and deliberately download malicious code.
For this reason the UTM will block range requests. The only way around this at present is to exclude the site or URL from all antivirus scanning, which potentially exposes users to malware that could have been caught if not provided in response to range requests.
It would be great to provide a way to allow range requests without exempting all HTTP traffic from a location from malware scanning. If this could be done by device type (non-mobile media players seem much less likely to use range requests) that would be super awesome.