Google Chrome search is not blocked by policy in transparent deployment
Article ID: 168626
Updated On:
Products
ProxySG Software - SGOS
Issue/Introduction
Policy is configured to block access to the entire Google domain. When an internal user tries to search using Microsoft Internet Explorer or Mozilla Firefox, the search is blocked, but when the user types a search string in the address bar in Google Chrome, the browser displays search results.
Cause
QUIC (Quick UDP Internet Connections, pronounced "quick") is an experimental transport layer network protocol developed by Google that supports a set of multiplexed connections between two endpoints over User Datagram Protocol (UDP).
When a search string is provided in the browser address bar, Chrome tries to send the request through UDP. The client side/proxy side PCAP shows UDP traffic and lines such as the following:
1 0.002262 192.168.158.102 64.233.167.94 UDP Source port: 55705 Destination port: https
2 0.050983 64.233.167.94 192.168.158.102 UDP Source port: https Destination port: 55705
When a search string is provided in the browser address bar, Chrome tries to send the request through UDP. The client side/proxy side PCAP shows UDP traffic and lines such as the following:
1 0.002262 192.168.158.102 64.233.167.94 UDP Source port: 55705 Destination port: https
2 0.050983 64.233.167.94 192.168.158.102 UDP Source port: https Destination port: 55705
Resolution
The appliance does not intercept UDP traffic in a transparent deployment, so the firewall must either allow or deny it; the appliance has no control over this connection.
For more information about QUIC protocol, refer to http://en.wikipedia.org/wiki/QUIC.
For more information about QUIC protocol, refer to http://en.wikipedia.org/wiki/QUIC.
Feedback
Powered by
