Summary:
If you are unable to block a website (or websites) in Google Chrome or Microsoft Edge, it might be because of Google's QUIC protocol.
Question:
What is QUIC and how do I block it?
Answer:
QUIC (Quick UDP Internet Connection) is a Google-specific encrypted Transport Layer protocol. It is TCP traffic encapsulated in a UDP flow, to bypass the normal TCP handshake and speed up delivery of content.
This can wreak havoc on your ability to filter traffic, as filtering is based on the TCP protocol. If you find yourself unable to block a website with Google Chrome or Microsoft Edge, and you are not seeing the traffic in the Request Logs it is likely being caused by QUIC.
To diagnose it, open Chrome or Edge and enter chrome://flags or edge://flags respectively in the URL bar, then type quic into the search tool, as shown in the following screenshot.
To confirm if this is causing the issue, set the value to Disabled, as shown in the above screenshot, then clear your browser cache and cookies and try to access the website again.
If the site now blocks, you know that it was QUIC that is causing the issue. To disable it for your entire network, block all UDP traffic over ports 80 and 443 with your firewall.
With the Netsweeper 9 Client Filter and above, QUIC can be blocked with the following updates to the Client Filter exception list:
For ipv4
udp://0.0.0.0:443 U D
For ipv6
udp://[::]:443 U D
Also in Netsweeper 7.2 and above, with the Webadmin Client filter exception list capabilities, the list entries would be as follows:
Navigate to Policies > Lists and click on the list to update.
In the Entries tab, click on New Entry and add the following: