cancel
Showing results for 
Search instead for 
Did you mean: 
Regis
Level 12

Chrome now sending tons of traffic to clients1.google.com/tbproxy/af/query?

We're seeing a huge uptick in these 403ing in an environment I manage where the application/x-gzip file type is restricted from being POSTed  except to certain sites.

"POST https://clients1.google.com/tbproxy/af/query?client=Google%20Chrome HTTP/1.1"

Looks like 49.0.2623.75 m  is the latest version of Chrome now.

We went from reasonable volumes of this to dozens a second on some users machines for some reason.    When I login to gmail myself in Chrome, I see a handful of these requests, but we have some users pushing dozens a second for some reason.

Something changed in the most recent verion of Chrome is the best I can tell.  Makes me have PTSD twitches from when Google Talk had a bug that was sending tons of traffic and filling up our logs on the web gateways. 

Anyone seen anything similar?   I've searched a bit for some sort of bug bug nothing just yet.

0 Kudos
5 Replies
McAfee Employee

Re: Chrome now sending tons of traffic to clients1.google.com/tbproxy/af/query?

Hi Regis,

A bit of digging seems to show that this is related to the autofill functionality:

Autofill your info in forms on Chrome - Chrome Help

https://code.google.com/p/chromium/codesearch#chromium/src/components/autofill/core/browser/autofill...

Perhaps its prepopulating your contacts to autofill?

I havent seen it yet.

Best Regards,

Jon

Regis
Level 12

Re: Chrome now sending tons of traffic to clients1.google.com/tbproxy/af/query?

Not sure.   Can you point me to the procedure for getting a dump of the unencrypted https traffic?  I guess that'd tell me what these clients are sending.

However, I just tested with a coworker who was hitting the proxy HARD to that site about a dozen per second and had them turn off autocomplete.  Nothing chnaged until he restarted the browser then things were clean.     Had he reenable autocomplete and restart the browser with the same tab set and ... presto, the 403's were back in force.  So, your theory appears to be dead on.

To replicate it make an upload media types rule that denies application/x-gzip as a MIME ensured type on requests and embedded objects. (mine's in a rule called global media type filtering that's old enough I have no idea if it's a library rule or not).   And login to gmail from Chrome on Windows. In my case in sparse throwaway gmail account I only saw a few such 403 blocks.  Other users are just killin it with lots of requests per second.   I wonder if that implies more google contacts?      *shrug*   I coudln't isolate the requests to any given site making them happen.

0 Kudos
msiemens
Level 9

Re: Chrome now sending tons of traffic to clients1.google.com/tbproxy/af/query?

We've encountered this issue as well. Two PCs were crushing our two 5500 MWG servers. Disabling 'autofill' has mitigated the issue...for now.

I say "mitigated" because the issue isn't resolved. I'm concerned that all of the sudden we'll have 1,000 PCs doing this. Does anyone know if this is related to a specific version of Chrome? Is there any other information on the cause? Is there a permanent fix?

Mike

0 Kudos
Regis
Level 12

Re: Chrome now sending tons of traffic to clients1.google.com/tbproxy/af/query?

Greetings,

I'm the original poster and Jon was quite correct as turning off autofill functionality in the affected version of Chrome did alleviate the pain (but we didn't do it company wide). 

Our problem went away with an ensuing Chrome update.   Are you still seeing the issue in the latest Chrome or is it some slightly back level Chrome that's plaguing you?

0 Kudos
msiemens
Level 9

Re: Chrome now sending tons of traffic to clients1.google.com/tbproxy/af/query?

We're using version 49.0.2623.75 m. Was your issue resolved in a previous release? Have re-enabled autofill?

0 Kudos