How does firewall differentiate between browsing and downloading?

Question

The firewall installed at my college's router allows me to surf the internet but never allows me to download any package that has a size more than 100mb. I wonder how exactly does it differentiate between the two. According to my concept, they're both a flow of http packets so they should not be differentiable.

Furthermore, If I start downloading from proxysite.com (it encrypts all the traffic), the firewall couldn't differentiate and allows me to download even tens of GBs of data. Can you explain what exactly is going on here?

Answer 1

The firewall installed at my college's router allows me to surf the internet but never allows me to download any package that has a size more than 100mb. I wonder how exactly does it differentiate between the two. According to my concept, they're both a flow of http packets so they should not be differentiable.

I presume they are intercepting your traffic and basing this filtering off the HTTP header Content-Length or dropping the connection after so many bytes.

Furthermore, If I start downloading from proxysite.com (it encrypts all the traffic), the firewall couldn't differentiate and allows me to download even tens of GBs of data. Can you explain what exactly is going on here?

This would seem to reinforce my very-likely theory. If a site were using HTTPS, they would not be able to intercept the header or otherwise see what you are doing with a server without first installing a root certificate on your machine to MITM the HTTPS traffic.