Kerio Control does not block YouTube when users access the site using Google Chrome. This article explains why this issue occurs and how you can work around it.
The QUIC functionality can be disabled directly in Google Chrome, but it works successfully at the individual level only. At the group level, disabling QUIC functionality may or may not work.
Please follow the steps below if you wish to do so.
Open a new tab and type
Look for QUIC and disable Experimental QUIC protocol.
- Click Relaunch Now.
- Kerio Control versions 9.2.6 and below
- Google Chrome
Kerio Control's TLS (Transport Layer Security) recognizer only detects TCP protocol. YouTube uses the QUIC protocol, which is operating on UDP port 443 on Google Chrome. Therefore, the TLS recognizer does not block the YouTube URL.
The application awareness for YouTube also checks for TCP connections, and this does not work for the QUIC protocol operating on UDP port 443.
Kerio Control 9.2.8 release has enhanced our TLS protocol recognizer to detect hostnames from QUIC traffic. You need to upgrade to this version to permanently resolve this issue.
If it is not feasible to do an upgrade at this time, you can create a traffic rule that blocks UDP port 443 and adding
www.youtube.com to the content filter as per the following steps:
In the Kerio Control web console, go to Configuration (Gear Icon) > Content Filter.
Create a new content rule by clicking on the Add button. Detected content type should be Any.
Enter the rule name in the Name field.
Click on the URL Hostname under the Detected Content section, and enter the
Tick Also apply to secured connections (HTTPS) checkbox.
Enter the Username or IP address Group in the Source field.
Select Drop or Deny in the Action field.
Note: If you are not blocking the UDP port 443, make sure you clear the cache within the web browser after adding the YouTube URL in the content filter for blocking.
If there are any issues with allowing traffic, you can try resolving them by enabling Skip Antivirus scanning and Do not require authentication options in the Content Rule - Action window.
- Refer to the article on Configuring the Content Filter in Kerio Control for more information about content filters.
- Refer to this Google Chrome Help discussion on Mass disable QUIC in Chrome.