Disabling the QUIC protocol
This topic provides steps on how to disable the QUIC protocol in Google Chrome and Opera browsers.
QUIC is the name for an experimental protocol, and it stands for Quick UDP Internet Connection. The protocol supports a set multiplexed connections over UDP, and was designed to provide security protection equivalent to TLS/SSL, along with reduced connection and transport latency.
Some websites are not being filtered because they use the QUIC protocol. QUIC is not a standard SSL protocol, and it is not filtered by MITM (certificate is not signed by MITM).
To check if a website is using the QUIC protocol in Google Chrome, install the spdy http2 indicator extension.
To check if a website is using the QUIC protocol in Opera, install the HTTP Headers extension.
Disabling QUIC protocol in Google Chrome
To disable the QUIC protocol in Google Chrome, choose one of the following methods:
Using the Chrome browser settings:
In the browser address bar, type
chrome://flags
.Search for Experimental QUIC protocol and disable it.
Using a GravityZone Firewall rule:
To create a Firewall Application rule blocking Chrome:
Open the policy currently running on the affected machines.
Go to Firewall > Rules.
Under the Rules section, click Add and select Application.
Configure the rule as follows:
Add a rule name and an application path for
chrome.exe
.Under Settings, select the Any check box next to Local Address.
Select the Any check box next to Remote Address and add port 443 next to Port or port range.
Select UDP for Protocol, Both for Direction, and Any for IP.
Under Network, select the Home/Office and Public check boxes. For Permission, select Deny.
Click the Save button.
Apply the modified policy on the endpoints.
Disabling QUIC protocol via Group Policy
To disable the QUIC protocol using the Group Policy (GPO), follow these steps:
Open the Group Policy editor console.
Under User Configuration, select Policies > Administrative Templates > Classic Administrative Templates > Google > Google Chrome.
Find the setting Allows QUIC protocol and set to Disabled.
Click Ok.
Disabling QUIC protocol in Opera
To solve this issue, you need to disable the QUIC protocol using one of the following procedures:
Disable the QUIC protocol in Opera:
In the URL field, type:
opera://flags
Search for Experimental QUIC protocol and disable it.
Disable the QUIC protocol by using a firewall rule for Opera.
In the GravityZone console, open the policy currently running on the affected machines.
Go to Firewall > Rules > Add and select Application.
In the configuration window, enter the path for
opera.exe
.The path should be:
C:\Program Files\Opera\XX.X.XXX.XXX\opera.exe
, where the folderXX.X.XXX.XXX
is the current installed version of Opera.Under the Local Address section, select the Any check box.
Under the Remote Address section, select the Any check box and add
443
for Port or port range.Save the changes and the policy.
Disabling QUIC protocol in Microsoft Edge
To disable the QUIC protocol in To in Microsoft Edge, follow these steps:
Open the Microsoft Edge browser.
In the browser address bar, type
edge://flags/
.Search for the Experimental QUIC protocol.
Set it to Disabled from the drop-down menu.