I work for a school corp and thus must restrict a lot of "those sites and pictures".
So I figured out the DNS fix to the Google safe search and SSL problem, but now have a different issue. The fix only works for www.google.com. If you go to www.google.ca, www.google.fr, or any other Google region safe search doesn't work.
Is there a way to block or redirect all of the Google domains to the nosslsearch.google.com site or am I stuck entering each countries (202 of them) google.??? info into the rating overrides list?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
From Google safe search support (https://support.google.com/websearch/answer/186669?hl=en:(
SafeSearch VIP will force all users on your network to use SafeSearch on Google Search while still allowing a secure connection via HTTPS. The VIP in SafeSearch VIP refers to a Virtual IP which is an IP address that can be routed internally to multiple Google servers.
When SafeSearch VIP is turned on, teachers and students at your school will see a notification the first time they go to Google; this will let them know that SafeSearch is on.
SafeSearch VIP can be used as part of a comprehensive internet safety policy by schools; this is part of keeping students secure while limiting their access to adult content at school.
Using SafeSearch VIP will not affect other Google services outside of Google Search.
To force SafeSearch for your network, you’ll need to update your DNS configuration. Set the DNS entry for www.google.com (and any other Google ccTLD country subdomains your users may use) to be a CNAME for forcesafesearch.google.com.
We will serve SafeSearch Search and Image Search results for requests that we receive on this VIP.
Bromont wrote:From Google safe search support (https://support.google.com/websearch/answer/186669?hl=en:(
About SafeSearch Virtual IP address (VIP)
SafeSearch VIP will force all users on your network to use SafeSearch on Google Search while still allowing a secure connection via HTTPS. The VIP in SafeSearch VIP refers to a Virtual IP which is an IP address that can be routed internally to multiple Google servers.
When SafeSearch VIP is turned on, teachers and students at your school will see a notification the first time they go to Google; this will let them know that SafeSearch is on.
SafeSearch VIP can be used as part of a comprehensive internet safety policy by schools; this is part of keeping students secure while limiting their access to adult content at school.
Using SafeSearch VIP will not affect other Google services outside of Google Search.
Turn on SafeSearch VIP
To force SafeSearch for your network, you’ll need to update your DNS configuration. Set the DNS entry for www.google.com (and any other Google ccTLD country subdomains your users may use) to be a CNAME for forcesafesearch.google.com.
We will serve SafeSearch Search and Image Search results for requests that we receive on this VIP.
Thats what I followed, but used the A host with IP address as we can't do Cnames on our DNS servers.
Only problem is safesearch doesn't work if the student goes to www.google.fr (france) or www.google.de (Germany).
Thus is there an easy way to block all the other google.?? domains without entering each one individually or entering a DNS domain for everyone of them?
I get paid by the hour so entering each one into the web override is no problem...just don't want to waste my time if there is an easier way.
you tried redirecting to forcesafesearch.google.com?
Bromont wrote:Already done and working.you tried redirecting to forcesafesearch.google.com?
www.google.com is redirected to the forcesafesearch.google.com ip address(216.239.38.120) because server 2008R2 and above won't let you do a cname entry.
This setup works but ONLY if the student goes to www.google.com. Any other country google.com search domain doesn't get the safesearch setting, thus the need to block all the other google.??? search addresses. http://en.wikipedia.org/wiki/List_of_Google_domains
Kids are smart enough to figure out this work around.
Two possible suggestions...
Local/regional google search domains still show up as "Search Engines and portals" under FortiGuard ratings. Just reclassify www.google.com (and any other approved search engine) under another category (that is approved or use custom) then ban the "Search Engines and portals" category.
Google's local/regional search portals also use wildcard security certificate, but they are identifiable from each other. So you should be able to crafts two URL filters (which should also work under HTTPS) -- create a filter that allows www.google.com access then right below this filter, add one that blocks all other variations of the *.google.* domain. I have briefly tested this out and it seems to work well, but haven't tried every scenario. (I do know gmail.com redirects to mail.google.com, which would be blocked under this scenario -- you will need to put in an exemption for that or craft a better reg expression[strike] for [/strike][link=http://www.google.com.)][strike]www.google.com[/strike].)[/link]
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
And what if the students use IP addresses instead??
Content filtering by DNS is a no-brainer for anybody 7+.
Why no use enable safe search which is under Web filter ?
arshadm wrote:Safe search doesn't work on Google since they force you to use HTTPS. Safe search works on Bing. With the redirect of Google to the other address, safe search now works, but only for www.google.com . It doesn't work for all the other google search sites setup for other countries, unless I manually setup a redirect for them also.Why no use enable safe search which is under Web filter ?
Dave, I'll take a look at your suggestion.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1712 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.