Bromont wrote:

From Google safe search support (https://support.google.com/websearch/answer/186669?hl=en:(

 

About SafeSearch Virtual IP address (VIP)

SafeSearch VIP will force all users on your network to use SafeSearch on Google Search while still allowing a secure connection via HTTPS. The VIP in SafeSearch VIP refers to a Virtual IP which is an IP address that can be routed internally to multiple Google servers.

When SafeSearch VIP is turned on, teachers and students at your school will see a notification the first time they go to Google; this will let them know that SafeSearch is on.

SafeSearch VIP can be used as part of a comprehensive internet safety policy by schools; this is part of keeping students secure while limiting their access to adult content at school.

Using SafeSearch VIP will not affect other Google services outside of Google Search.

Turn on SafeSearch VIP

To force SafeSearch for your network, you’ll need to update your DNS configuration. Set the DNS entry for www.google.com (and any other Google ccTLD country subdomains your users may use) to be a CNAME for forcesafesearch.google.com.

We will serve SafeSearch Search and Image Search results for requests that we receive on this VIP.

Thats what I followed, but used the A host with IP address as we can't do Cnames on our DNS servers.

 

Only problem is safesearch doesn't work if the student goes to www.google.fr (france) or www.google.de (Germany).

Thus is there an easy way to block all the other google.?? domains without entering each one individually or entering a DNS domain for everyone of them?

 

I get paid by the hour so entering each one into the web override is no problem...just don't want to waste my time if there is an easier way.

 

you tried redirecting to forcesafesearch.google.com?

Bromont wrote:

you tried redirecting to forcesafesearch.google.com?

Already done and working.

 

 www.google.com is redirected to the forcesafesearch.google.com ip address(216.239.38.120) because server 2008R2 and above won't let you do a cname entry.

This setup works but ONLY if the student goes to www.google.com.  Any other country google.com search domain doesn't get the safesearch setting, thus the need to block all the other google.??? search addresses.  http://en.wikipedia.org/wiki/List_of_Google_domains

 

Kids are smart enough to figure out this work around.

Two possible suggestions...

 

Local/regional google search domains still show up as "Search Engines and portals" under FortiGuard ratings.  Just reclassify www.google.com (and any other approved search engine) under another category (that is approved or use custom) then ban the "Search Engines and portals" category.

 

Google's local/regional search portals also use wildcard security certificate, but they are identifiable from each other.  So you should be able to crafts two URL filters (which should also work under HTTPS) -- create a filter that allows www.google.com access then right below this filter, add one that blocks all other variations of the *.google.* domain.  I have briefly tested this out and it seems to work well, but haven't tried every scenario.  (I do know gmail.com redirects to mail.google.com, which would be blocked under this scenario -- you will need to put in an exemption for that or craft a better reg expression[strike] for [/strike][link=http://www.google.com.)][strike]www.google.com[/strike].)[/link]

 

arshadm wrote:

Why no use enable safe search which is under Web filter ?

Safe search doesn't work on Google since they force you to use HTTPS.  Safe search works on Bing.  With the redirect of Google to the other address, safe search now works, but only for www.google.com .  It doesn't work for all the other google search sites setup for other countries, unless I manually setup a redirect for them also.

 

Dave, I'll take a look at your suggestion.