Thread Info
  • State Not Answered
  • Replies 2 replies
  • Subscribers 2 subscribers
  • Views 122 views
  • Users 0 members are here
Options
Suggested

Chrome umgeht Web Protection Filter

Sophos@Home

I've recently noticed that I'm frequently seeing ads again in Chrome on Android. During a test, I used Chrome to access websites that were actually blocked (waffen.de, playboy.com). This usually didn't work the first time, as expected, “Content blocked” was displayed by Web Protection, but after reloading the page several times, the respective (actually blocked) page was displayed. I have the same behavior with Edge and Chrome under Windows 10.

A policy test in the UTM interface also clearly shows that the pages are normaly blocked. With the Brave Browser under Android it also works as expected and the “Content blocked” page of the UTM is always displayed.

QUIC and the ports for http and https are blocked in the firewall, so it cannot run over them. A first recording using Wireshark did not enlighten me either, except that QUIC is definitely not going out. Web Protection is in transparent mode and only URL filtering is active. It is a Sophos UTM 9.720 Home Version.

Could someone with a similar configuration test the behavior and report back here?

Thank you!

Parents
  • 0

    The problem is probably more with the Sophos UTM, apparently it does not handle the “TLS 1.3 hybridized Kyber support feature” from Chrome/Edge 124. If TLS is broken, there are probably problems with many firewalls when accessing websites.

    See also: support.sophos.com/.../KBA-000009276 or community.fortinet.com/.../357555

    With the Sophos UTM without TLS inspection, the page is apparently simply displayed at some point, so I would prefer an error in the connection.
    In Chrome and Edge, setting the value for “TLS 1.3 post-quantum key agreement” to disable gives the desired result and the websites are blocked.

    It is bad, that after enabling this value, you can again access pages that are actually blocked.

    It would be nice if Sophos could take another look at this!

Reply
  • 0

    The problem is probably more with the Sophos UTM, apparently it does not handle the “TLS 1.3 hybridized Kyber support feature” from Chrome/Edge 124. If TLS is broken, there are probably problems with many firewalls when accessing websites.

    See also: support.sophos.com/.../KBA-000009276 or community.fortinet.com/.../357555

    With the Sophos UTM without TLS inspection, the page is apparently simply displayed at some point, so I would prefer an error in the connection.
    In Chrome and Edge, setting the value for “TLS 1.3 post-quantum key agreement” to disable gives the desired result and the websites are blocked.

    It is bad, that after enabling this value, you can again access pages that are actually blocked.

    It would be nice if Sophos could take another look at this!

Children
No Data
Unfiltered HTML