Description
This article describes how to block keywords using a Content Filter.
Scope
FortiGate.
Solution
In Security Profiles -> Web filter, enable the Web Content Filter and select 'Create New'.
The user is prompted to enter a keyword or a regular expression which will be blocked by the search engines. Enable the filter by toggling Status and selecting OK.
After performing the above, the activity will be blocked in all search engines except Google search. Execute the commands below in order to block keywords in the Google search engine:
config web-proxy profile
edit "web_profile"
set strip-encoding enable
next
end
config web-proxy global
set proxy-fqdn "default.fqdn"
set webproxy-profile "web_profile"
end
These commands should be used in a proxy inspection-based profile only. The above options in the CLI are not available in FortiOS 5.4.
To do the troubleshooting, use the commands below:
diag debug reset
diagnose debug urlfilter src-addr x.x.x.x <- The source IP.
diag debug appl urlfilter -1
diag debug console timestamp enable
diag debug enable
As seen above, both the Google and Bing search engines block the search query containing a blocked keyword.
Note that this solution does not work for HTTPS/3 because this protocol uses Quic to establish the connection. Block udp port 443 or block the Quic protocol in the application to force the clients to use HTTPS/2 over TCP.
See this article for assistance with blocking Google searches for particular words. might help to block google search for a particular word.
Related article:
Technical Tip: Blocking web pages bypassed using Google Translate.
