Google Safe Search does not appear to work

October 13, 2012 • Administrator       
Synopsis

You have enabled Google SafeSearch in your policy but the user is still able to browse without safe search being enforced.

Article
This article is out of date. Please check the new Documentation Portal for CensorNet Professional.
This article is out of date. Please check the new Documentation Portal for Hybrid Web Security.

Google has the option to use SSL for searches and if this is enabled it prevents the automatic safe search enforcement from working. Google SSL searches are used by a number of browser plug ins and also if you visit https://www.google.com in your web browser. Google provides a mechanism to disable SSL searches on your network, which is highly recommended for education environments. For Google hosted documentation please see https://support.google.com/websearch/answer/186669?hl=en

To utilise the "no SSL search" option for your network, there are 2 methods you can implement.

 

Method 1 - Add a record to your DNS Server

 

  1. For Cloudwebfiltering.com customers, please click here. For CensorNet Professional customers, add encrypted.google.com:443 to a Custom URL category and ensure it is set to BLOCK in your active policies.
  2. Create a new Primary DNS Zone on your DNS server for www.google.com. Repeat for www.google.co.uk as well.
  3. If using Windows Server 2008r2 create an A record that points to 216.239.32.20 with a blank alias name in both of the new zones. If using previous versions of Windows Server, add a single CNAME record in each of the new zones with blank alias name and “nosslsearch.google.com.” for the target host. The trailing dot after “com” is important for the CNAME. 
  4. Clear your DNS server cache by right-clicking on your server in DNS manager and selecting Clear Cache. Optionally clear the browser web cache.
  5. Verify the change with nslookup on a command prompt. The output should look similar to the below:

 

C:\Windows\system32>nslookup www.google.com
Server:  dc02.domain.local
Address:  10.254.1.2
Name:    nosslsearch.google.com
Address:  216.239.32.20
Aliases: www.google.com

NOTE: Ensure that the CensorNet Professional or Cloud Gateway server is configured to use the DNS server that you have made the above modifications on. For CensorNet Professional, log in to the command line as root and type setup and verify the setting. For Cloud Gateway, go to Network button and then Gateway and DNS Settings.

 

Method 2 - Manually edit the HOSTS file on your computer

On Windows PC's, open the file C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS in notepad as administrator.

NOTE: Some virus scanners will make this file read-only so you will have to temporarily change it to read/write whilst you make the changes. Remember to switch it back afterwards.

Add the following new entries:

216.239.32.20 www.google.com
216.239.32.20 www.google.co.uk

On other operating systems please refer to this article for the location of the hosts file.

 

Related articles


Last modified on Thu, February 06, 2014 « Back