This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[solved] www.googleadservices.com hidden from proxy (unable to filter)

Hello everybody,
I watch some incomprehensible things.
On some PCs (home PCs) www.googleadservices.com Pages that pass through my proxy (should be blocked) when using Google Chrome. issuing CA is from google.
When using FireFox the page is blocked and i see my Proxy-CA as issuing CA.
I can't see a single line from the passed googleadservices traffic in the proxy log.
This not occur, if i use my corporate device with google chrome.

Is there a new way to pass proxy or simple an encryption where SG is unable to decrypt?



This thread was automatically locked due to age.
Parents
  • Have you blocked UDP 443 with a firewall rule?   If not, please do.  It is probably the solution your problem.

    Google's normal behavior tries to use their QUIC protocol (UDP 443) first, which has the effect of bypassing the proxy:

    This is there connection sequence, which I determined through experimentation:

    1. Try UDP 443 through the Standard proxy (Standard Mode will block it as a non-allowed target)
    2. Try UDP 443 bypassing the Standard proxy (Transparent Mode only examines TCP 80 and 443, so the packet is allowed unless a firewall block is in place.)
    3. Try TCP 443 through the Standard proxy (Standard Mode will filter the packet)
    4. Try TCP 443 bypassing the standard proxy  (Transparent Mode will filter the packet.)

    If you are not using Standard Mode, then only steps 2 and 4 apply, but the issue is the same.  You have to block UDP 443 as a firewall rule.

    Note:  Do not configure UDP 443 as a standard mode allowed target, as this not an appropriate workaround.  This configuration will cause the Standard Mode proxy to handle the traffic, but Sophos has told me that traffic will not be properly filtered.

Reply
  • Have you blocked UDP 443 with a firewall rule?   If not, please do.  It is probably the solution your problem.

    Google's normal behavior tries to use their QUIC protocol (UDP 443) first, which has the effect of bypassing the proxy:

    This is there connection sequence, which I determined through experimentation:

    1. Try UDP 443 through the Standard proxy (Standard Mode will block it as a non-allowed target)
    2. Try UDP 443 bypassing the Standard proxy (Transparent Mode only examines TCP 80 and 443, so the packet is allowed unless a firewall block is in place.)
    3. Try TCP 443 through the Standard proxy (Standard Mode will filter the packet)
    4. Try TCP 443 bypassing the standard proxy  (Transparent Mode will filter the packet.)

    If you are not using Standard Mode, then only steps 2 and 4 apply, but the issue is the same.  You have to block UDP 443 as a firewall rule.

    Note:  Do not configure UDP 443 as a standard mode allowed target, as this not an appropriate workaround.  This configuration will cause the Standard Mode proxy to handle the traffic, but Sophos has told me that traffic will not be properly filtered.

Children