What is QUIC?

Article #:

Product:

Version:

 

All

All

Summary:

QUIC (Quick UDP Internet Connection) is a new type of protocol used to make connections to the internet with the goal to speed up these connections and reduce bandwidth congestion. This is a protocol developed by Google and is now enabled by default on Chrome browsers version 52 onwards for most of Google’s sites.

Problem:

As QUIC works over UDP and not TCP, connections over QUIC bypass the proxy. Blocking this traffic will make the connection fall back to TCP, ensuring that all web traffic traverses through the proxy and filtering cannot be bypassed.

Solution:

2 approaches can be taken to solve this issue.

  1. Blocking outbound traffic on UDP ports 80 and 443 on your firewall:

It is recommended that outbound UDP traffic on ports 80 and 443 is blocked. This means that the request will fail back to TCP and will be redirected to the proxy. If your firewall is the Smoothwall, go to Network > Outgoing > Ports on the administration user interface:

Add UDP ports 80 and 443 to the Reject all port rule

For a detailed description of how to do this, see https://help.smoothwall.net/Hearst/Content/ui/rule/portrules.htm or https://help.smoothwall.net/Inverness/Content/ui/admin/ipfilter/forward.htm.

  1. Use the filtering engine’s content modification feature:
a. Create a Decrypt and inspect policy for Everything (Guardian > HTTPS inspection > Policy wizard in the Smoothwall administration user interface page) — see https://help.smoothwall.net/Latest/Content/modules/guardian3/cgi-bin/guardian/https.htm.
b. Create a content modification policy in Guardian > Content modification > Policy wizard, with the following:
Who — Everyone
What — Everything
Where — Everywhere
Action — Apply; Remove QUIC header

For a detailed description of how to do this, go to https://help.smoothwall.net/Latest/Content/modules/guardian3/cgi-bin/guardian/contentmod.htm.

Attribution:

Last updated:

Author:

Contributions by:

24th October 2016

Tanja Ehrhardt

Samantha Nair

 

Copyright © 2000-2016 Smoothwall All rights reserved.