Skip to main content
Sign in More Resources

Identifying the QUIC protocol and ensuring it does not interfere with filtering and logging

Joshua Atkinson
  • Updated

Summary:

If you are unable to block a website (or websites) in Google Chrome or Microsoft Edge, it might be because of Google's QUIC protocol.

A telltale sign of this behavior is that you are unable to block certain sites and the traffic to them is not showing up in Reports or Request Logs.

Question:

What is QUIC and how do I block it?

Answer:

QUIC (Quick UDP Internet Connection) is a Google-specific encrypted Transport Layer protocol.  It is TCP traffic encapsulated in a UDP flow, to bypass the normal TCP handshake and speed up delivery of content.

This can wreak havoc on your ability to filter traffic, as filtering is based on the TCP protocol.  If you find yourself unable to block a website with Google Chrome or Microsoft Edge, and you are not seeing the traffic in the Request Logs it is likely being caused by QUIC.

Diagnosing QUIC:

To diagnose if the behaviour you are seeing is being caused by QUIC, open Chrome or Edge and enter chrome://flags  or edge://flags respectively in the URL bar, then type quic into the search tool, as shown in the following screenshot.
quic.jpg

To confirm if this is causing the issue, set the value to Disabled, as shown in the above screenshot, then clear your browser cache and cookies and try to access the website again.

It is important that you do not forget to clear your full browser cache and cookies.

If the site is now blocked and the traffic is being logged, you know that it was QUIC that is causing the issue. 

How do I disable QUIC?

There are several methods for keeping this UDP-encapsulated traffic out of your network.

  1. To disable it for your entire network, block all UDP traffic over ports 80 and 443 with your firewall.
  2. With the Netsweeper 9 Client Filter and above, QUIC can be blocked with the following updates to the Client Filter exception list:
  • For ipv4
udp://0.0.0.0:443 U D
  • For ipv6
udp://[::]:443 U D

If you are using Webadmin Client filter Exception Lists, the List Entries would be as follows:

  1. Navigate to Policies > Lists and click on the list to update.
  2. In the Entries tab, click on New Entry and add the following:

QUIC_2.PNG

 

 

 

Related to

Related articles