Google blocked when In Private

I have an odd problem where Google works fine (httpx://www.google.com) when in a regular browser (Edge,FF,Chrome), but as soon as I go In Private or Incognito, I get a webblocker block. This is consistent across browsers and multiple PCs.

The message is:
Request denied by WatchGuard HTTP Proxy.
Reason: Category 'Access denied. This site does not match an allowed WebBlocker exception.' denied by WebBlocker policy 'WebBlocker.xyz'.
Method: GET
Host: www.google.com
Path: /

The traffic monitor shows the application detected, but should no denies, blocks or strips despite this clearly being a proxy error. But again, using the same URL without In Private or Incognito works fine.

Any help is appreciated!
~Jon

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    The log here says that policy webblocker.xyz is working via exceptions. This means the option is set to deny any site unless it's explicitly allowed.

    Is google allowed in either a category -or- exception here in webblocker.xyz.

    If it's just in incognito mode, it might be due to the traffic hitting another policy, or because QUIC (a protocol chrome uses) is disabled this way.

    -James Carson
    WatchGuard Customer Support

  • Hi James. I was doing some reading on QUIC and Im not sure how to deal with this. Is the firewall seeing it as UDP? Or TCP without ACKs? I could not find the traffic on another port but may not have been looking in the right place.

  • One can create a Custom Packet Filter for UDP ports 80 & 443 From: Any To: Any-external, set to Denied.
    Make sure that this policy is above any HTTP and HTTPS policies in your config.
    This will prevent the use of QUIC, and thus will allow the use of the standard HTTP & HTTPS proxy policies in your config for the inspection of web traffic.

    I have one of these policies in my config, and have Logging set to not Log, as I don't need to see denied packets related to denied QUIC.

    Since you did not post a full log message related to your issue, we can't know if QUIC was the cause of this, or not.
    In the future - more info provided, such as a log record(s) in the post, will likely get better/clearer responses to your post.

Sign In to comment.