+ Post New Thread
Results 1 to 7 of 7
Internet Related/Filtering/Firewall Thread, Chrome HTTPS in Technical; Hi we have hit a small hitch with our testing of Google chrome. It seems chrome can completely bypass both ...
  1. #1
    ellsandell's Avatar
    Join Date
    Jan 2014
    Location
    Cumbria
    Posts
    65
    Thank Post
    13
    Thanked 11 Times in 10 Posts
    Rep Power
    3

    Chrome HTTPS

    Hi we have hit a small hitch with our testing of Google chrome.
    It seems chrome can completely bypass both internal and external filtering and access sites, like Facebook/ yahoo answers etc, simply buy changing the URL to 'https'.
    This doesn't happen on all sites - just a few like yahoo answers, youtube etc.

    We use TMG 2010 internally and a upstream proxy server configured by county.

    We have also tested it on our Lightspeed system provided by our ISP and it is the same.


    Any Ideas?

  2. #2

    Oaktech's Avatar
    Join Date
    Jul 2011
    Location
    Bournemouth
    Posts
    2,840
    Thank Post
    784
    Thanked 552 Times in 432 Posts
    Rep Power
    261
    we have the youtube URL entered into the GPO for chrome.

    Our Palo Catches urls in both HTTPS/HTTP except youtube as https youtube does not report as being youtube, just a bunch of 1e100.net servers, which is why we have it in the GPO.

  3. #3
    zag
    zag is offline
    zag's Avatar
    Join Date
    Mar 2007
    Posts
    3,829
    Thank Post
    918
    Thanked 422 Times in 355 Posts
    Blog Entries
    12
    Rep Power
    88
    Sounds like your filter is to blame.

    Our smoothwall blocks HTTPS as well as HTTP

  4. #4
    ellsandell's Avatar
    Join Date
    Jan 2014
    Location
    Cumbria
    Posts
    65
    Thank Post
    13
    Thanked 11 Times in 10 Posts
    Rep Power
    3
    Blocks fine in Internet Explorer, just in Chrome. Happening on both standalone installs and GPO installs (with chromes GPO configured).
    Last edited by ellsandell; 8th May 2014 at 01:09 PM.

  5. #5
    nikaso's Avatar
    Join Date
    May 2010
    Location
    The Death Star
    Posts
    312
    Thank Post
    20
    Thanked 52 Times in 28 Posts
    Rep Power
    17
    Strangely we have the opposite issue at the moment, Internet Explorer allows HTTPS but Chrome doesn't. Lightspeed have told us it's due to a backup IP service IE uses and they are working on a fix.

  6. #6
    nikaso's Avatar
    Join Date
    May 2010
    Location
    The Death Star
    Posts
    312
    Thank Post
    20
    Thanked 52 Times in 28 Posts
    Rep Power
    17
    Quote Originally Posted by nikaso View Post
    Strangely we have the opposite issue at the moment, Internet Explorer allows HTTPS but Chrome doesn't. Lightspeed have told us it's due to a backup IP service IE uses and they are working on a fix.
    Scratch that, I think we have a filtering issue generally, Chrome intermittently allows https sites like encrypted google (which means image searches without safe search).

  7. #7

    Join Date
    Nov 2009
    Posts
    17
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    We have had major issues with the Google changing to SSL search last year as the Bluecoat Proxy / Filter is unable by default to inspect the SSL search string and then rewrite the URL to force safe search.
    So we ended up approaching it two ways. With Google Apps for Education we force safe search through their options - when the kids are signed into Google as the school accounts then safe search is enforced.
    If they don't bother to sign in we have had to do SSL interception on ALL Google domains so that we can intercept / decrypt and then force safe search. This of course caused https errors to fire off everywhere on initial testing as effectively we are doing man in the middle SSL - - so we push the Bluecoat SSL cert out to our desktops via GPO as a trusted Cert and then place the cert on the LMS and ask the kids on mobile devices to install manually.
    Bit of brute force but we now can enforce safe search.

    Also - interested to see how other products / schools do youtube SSL filtering as the problem we have is that without SSL interception - Bluecoat can only see the IP being returned to the client not the requested URL - and all traffic from Google, whether from Youtube, Google, Google Video etc can all come from a very similar but random IP range. That is sometimes simple search traffic (google.com) is coming from the same IP range as Youtube traffic - hence Bluecoat categorises this SSL traffic as simply Google. Hence we can't block it otherwise we end up blocking all Google traffic. So we have to use SSL interception.

    Interested to hear how other vendors or school are tackling https://youtube or safe search. Note - https://www.facebook.com etc is fine as the IP range being returned is known and classified by bluecoat correctly as Facebook..it is only Google / Youtube that gives us this issue.

    Of course - we have now discovered that SSL interception on Google apparently breaks Google Chrome syncing - so now looking into that...sigh...
    Wally

SHARE:
+ Post New Thread

Similar Threads

  1. http://www.lightproxy.com/
    By Simcfc73 in forum Wireless Networks
    Replies: 6
    Last Post: 17th September 2006, 09:39 AM
  2. http://www.shambles.net/pages/staff/ITlabs/
    By NetworkGeezer in forum Links
    Replies: 0
    Last Post: 21st March 2006, 08:43 PM
  3. Getting Moodle to logon using a different https port
    By p.simmons in forum Web Development
    Replies: 9
    Last Post: 8th March 2006, 02:35 PM
  4. Getting HTTP traffic from a IP alias (i think)
    By tarquel in forum Wireless Networks
    Replies: 6
    Last Post: 14th November 2005, 07:31 PM
  5. http://www.iloveim.com
    By Rozzer in forum Windows
    Replies: 7
    Last Post: 20th September 2005, 12:45 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •