Crude SSL limiter not working on Win 7/64 and Chrome
-
Howdy!
Fairly new to pfSense, and I've set-up a crude limiter to reduce the bandwidth available to HTTPS connections to act as a way to "discourage" YouTube use (not "block"), but not effect games, non-HTTPS web browsing, etc.
Basically, I limit all port 443 traffic on the LAN side to 128kb/s, it works on the Google search page and other HTTPS connections (syrupy ISDN speed!), but games, etc. work fine.
YouTube-wise, it seems to work fine on Win 7/32 but on a Win 7/64 machine with Chrome, YouTube videos stream/cache at the full bandwidth of the link!
Any ideas how Chrome/YouTube can circumvent a limited HTTPS connection?
-
Howdy!
Fairly new to pfSense, and I've set-up a crude limiter to reduce the bandwidth available to HTTPS connections to act as a way to "discourage" YouTube use (not "block"), but not effect games, non-HTTPS web browsing, etc.
Basically, I limit all port 443 traffic on the LAN side to 128kb/s, it works on the Google search page and other HTTPS connections (syrupy ISDN speed!), but games, etc. work fine.
YouTube-wise, it seems to work fine on Win 7/32 but on a Win 7/64 machine with Chrome, YouTube videos stream/cache at the full bandwidth of the link!
Any ideas how Chrome/YouTube can circumvent a limited HTTPS connection?
Chrome might be using QUIC: https://en.wikipedia.org/wiki/QUIC
-
Chrome might be using QUIC: https://en.wikipedia.org/wiki/QUIC
Give this man a cookie! :) Yup, that was it…
You can limit UDP on ports 443 and that'll do it, or in the Chrome advanced settings there's a toggle for QUIC.
Thanks!
-
I find limiting undesirable traffic is more difficult than prioritizing (loose term) desirable traffic.