Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 8078 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Chrome browser facilitates proxy bypass?

DouglasFoster

I have been using Standard Mode Web Proxy for some time, and thought it was working pretty well.  Recently, I began adding Transparent Mode Web to catch the "crumbs" that bypass the standard proxy.   I have been surprised by the amount of non-browser traffic that bypasses the proxy. 

Some of the Transparent-mode traffic has been attributable to known fat-client applications, such as my AntiVirus, Skype, GoToMyPC, Adobe Auto-Update.   Some is traceable to Microsoft stuff by the UserAgent string - Microsoft Office, Microsoft BITS, Microsoft Crypto API.

The biggest surprise is that Google Chrome seems to be allowing traffic to bypass the proxy.  On a representative user, it was 25% of his total web traffic.   Many of the URLs appear to be tracking and advertising sites, none appear to be operating system overhead.

I have not yet repeated the tests for an Internet Explorer user (if there are any left...)

Has anyone else seen similar results?   Does anyone understand why I am seeing this result?



This thread was automatically locked due to age.
  • 0

    Hi Douglas,

    doesn't standard mode require some configuration on the desktop and maybe your configuration is not setting up chrome correctly?

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0

    Google Chrome ueses its own "Quick" UDP based protocol to establish 443 connections.

    A known workarround is to create a firewall rule which blocks UDP traffic for the port 443.

     

    Have a try. [;)]

  • 0 in reply to TheBalmasque

    Thanks, I will pursue blocking UDP 443.   I was excited to see your answer because I knew Sophos Support would not be interested in explaining the odd workings of Google's browser, and attempts to find the answer with Google searches had been unsuccessful.

    It may be awhile before I can confirm your answer as correct.  I have many web filtering lock-down actions in process right now, and I am struggling to know which ones create which problems.

  • 0 in reply to DouglasFoster

    Hi,

    actually Sophos support is interested and from what has been published mr6 will have a fix for the chrome bypass.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to DouglasFoster

    Doug, you can add UDP 443 to 'Allowed Services' so that clients using a Standard mode Profile can use the faster protocol.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML