Crude SSL limiter not working on Win 7/64 and Chrome



  • Howdy!

    Fairly new to pfSense, and I've set-up a crude limiter to reduce the bandwidth available to HTTPS connections to act as a way to "discourage" YouTube use (not "block"), but not effect games, non-HTTPS web browsing, etc.

    Basically, I limit all port 443 traffic on the LAN side to 128kb/s, it works on the Google search page and other HTTPS connections (syrupy ISDN speed!), but games, etc. work fine.

    YouTube-wise, it seems to work fine on Win 7/32 but on a Win 7/64 machine with Chrome, YouTube videos stream/cache at the full bandwidth of the link!

    Any ideas how Chrome/YouTube can circumvent a limited HTTPS connection?



  • @pFbubba:

    Howdy!

    Fairly new to pfSense, and I've set-up a crude limiter to reduce the bandwidth available to HTTPS connections to act as a way to "discourage" YouTube use (not "block"), but not effect games, non-HTTPS web browsing, etc.

    Basically, I limit all port 443 traffic on the LAN side to 128kb/s, it works on the Google search page and other HTTPS connections (syrupy ISDN speed!), but games, etc. work fine.

    YouTube-wise, it seems to work fine on Win 7/32 but on a Win 7/64 machine with Chrome, YouTube videos stream/cache at the full bandwidth of the link!

    Any ideas how Chrome/YouTube can circumvent a limited HTTPS connection?

    Chrome might be using QUIC: https://en.wikipedia.org/wiki/QUIC



  • @Nullity:

    Chrome might be using QUIC: https://en.wikipedia.org/wiki/QUIC

    Give this man a cookie!  :)  Yup, that was it…

    You can limit UDP on ports 443 and that'll do it, or in the Chrome advanced settings there's a toggle for QUIC.

    Thanks!



  • I find limiting undesirable traffic is more difficult than prioritizing (loose term) desirable traffic.