Force SafeSearch and turn OFF Google SSL queries

This entry was posted in Web filtering on by

Google, Yahoo and other search engines offer a SafeSearch™ feature which blocks most adult images.
This option enforce the safesearch policies of the search engines.
The safesearch feature enforces safe searches for the following search engines:
AOL search, Bing, Excite, Foxnews, Google, Infospace, Live, Lycos, MSN,Yahoo and other less popular search engine.

By default, this option is enabled but your must pay attention about the HTTPS.

The web filtering is in charge to add tokens in each search request in order to enforce Safe Search.
When browsing to an SSL search engine (such as google) , the web filtering cannot see requests and is not able to add Safe search policy.
There is a tip when using Google search engine in order to disable the automatic Google SSL switch.

  • Go to the the Web filtering section.

05-09-2014 01-16-54

Ensure that the Safe Search option is enabled.

05-09-2014 01-41-09

 

  • Click on the “Turn OFF Google SSL searchs” link
  • Turn to green the “Turn OFF Google SSL searchs” option and click on apply.

05-09-2014 01-49-34

 

This feature will add to the proxy host file the ip address of nosslsearch.google.com for all google websites.
In most cases it should be working.

Especially when using Artica in transparent mode, it is better to mody your local DNS server in order to enforce the nosslsearch.google.com resolution.

More informations on Google Web site.

Adding nosslsearch.google.com in Windows DNS server

  • Create a new Primary DNS Zone on your DNS server for www.google.com.
  • Add a single CNAME record with a blank alias name and “nosslsearch.google.com.” for the FQDN for target host.
    The trailing dot after “com” is important.

googlenosslClear your DNS server cache by right-clicking on your server in DNS manager and selecting Clear Cache.
When your clients request www.google.com, your DNS server will direct the client to nosslsearch.google.com instead of www.l.google.com.
Sample output from NSLOOKUP after configuring this DNS zone:

C:\Windows\system32>nslookup www.google.com
Server: dns.domain.local
Address: 172.16.1.2
Name: nosslsearch.google.com
Address: 216.239.32.20
Aliases: www.google.com

 

Leave a comment