This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Bypass policy because Youtube is Cached in Chrome?

Hi All, 

My problem is regarding Youtube being cached in chrome browser and bypass my policy.

 

Breaking it down further:

I have a policy for working hours (8:00AM to 11:45 AM and 1:00PM to 5:00PM) and non-working hours.

The Policy for working hours is working properly as configured (Youtube is blocked), but the problem occurs when they gain access with Youtube (via non-working hours, because it's configured to open access). When working hours resumes, the policy should take effect but that's not the case. Yes, the policy will work if Youtube is accessed via INCOGNITO but somehow it will bypass the policy if not. 

 

Youtube accessed during working hours (resumed after break)

Normal 

Web Filtering Live Logs:

name="web request blocked, forbidden application detected" action="block" url="https://play.google.com/" 

but somehow the YOUTUBE url didn't show up in live logs unlike in INCOGNITO

 

Incognito Mode

Web Filtering Live Logs:

name="web request blocked, forbidden category detected" action="block" url="https://www.youtube.com/"  

 

Your help are very much appreciated guys..thanks.

 

Regards,

Ian

 



This thread was automatically locked due to age.
  • Hi Ian and welcome to the UTM Community!

    Why do you think that YouTube is not being blocked?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob, 

    Youtube is blocked within the policy rules, but somehow i can access it with Chrome browser not in INCOGNITO MODE (browsing history is not cached).

    Note: policy is lifted during noon break.

    Normal

    Incognito Mode

     

    But if i will access it via Chrome browser using Incognito mode..the policy will work, that is why i'm kinda confused. 

    Is it because it was cached in the browser that is why i can accessed it? or am i missing something?

     

    Regards, 

    Ian

  • My guess is that you're using a Web Filtering Profile in Transparent mode.  Chrome will attempt to use QUIC (UDP 443 instead of TCP 443) and then fall back to TCP 443 in there's no response to the QUIC message.  To force Chrome traffic through web filtering, create a firewall rule like 'Any -> {UDP 443} -> Internet IPv4 : Drop'.

    You can add UDP 443 to 'Allowed Target Services' on the 'Misc' tab and then Standard mode users will be able to use QUIC.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA