+ Post New Thread
Results 1 to 6 of 6
Internet Related/Filtering/Firewall Thread, [Squid] Google SafeSearch and SSL Search in Technical; The problem: Cannot filter queries as Google search is using SSL https://support.google.com/websearch...r/186669?hl=en Google say: "To utilize the no SSL option ...
  1. #1

    jinnantonnixx's Avatar
    Join Date
    Mar 2011
    Location
    In the Calamatorium.
    Posts
    2,028
    Thank Post
    120
    Thanked 513 Times in 347 Posts
    Blog Entries
    2
    Rep Power
    288

    [Squid] Google SafeSearch and SSL Search

    The problem: Cannot filter queries as Google search is using SSL

    https://support.google.com/websearch...r/186669?hl=en

    Google say: "To utilize the no SSL option for your network, configure the DNS entry for Google to be a CNAME for nosslsearch.google.com." Which is brilliant advice, but doesn't work on MS Server 2008R2 DNS.

    So, here's my kludge if it's of use to anyone. I'm using Squid on Centos servers, by the way.
    I wrote a bash script which runs daily and looks up the IP address for "nosslsearch.google.com" and adds these entries to the Squid server's hosts file.
    You must remove any 'dns_nameservers' from your squid.conf

    Here's the bash file which should live in /etc/cron.daily

    Code:
    # rebuilds host file with google's non-ssl seach address
    
    # rename the existing hosts file
    mv /etc/hosts /etc/hosts.bak
    
    # copy the old hosts file to a new hosts file, minus any lines containing 'google'
    grep -v google /etc/hosts.bak > /etc/hosts
    
    # get the latest IP address
    IP_RESULT=`nslookup nosslsearch.google.com | tail -n 2 | cut -f 2 -d ":" | cut -f2 -d " "`
    
    #if IP_RESULT is not NXDOMAIN, add the new IP records, otherwise do nothing
    
    if [ "$IP_RESULT" !=  "NXDOMAIN" ]
    then
    	echo $IP_RESULT www.google.co.uk >> /etc/hosts
    	echo $IP_RESULT www.google.com >> /etc/hosts
    fi

  2. #2

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,157
    Thank Post
    522
    Thanked 2,552 Times in 1,981 Posts
    Blog Entries
    24
    Rep Power
    877
    Can I just ask what you mean by the DNS advice doesn't work in 2k8R2 DNS? I do various DNS spoofing things here and they're running in 2k8 r2 and 2012 just fine?

  3. #3

    jinnantonnixx's Avatar
    Join Date
    Mar 2011
    Location
    In the Calamatorium.
    Posts
    2,028
    Thank Post
    120
    Thanked 513 Times in 347 Posts
    Blog Entries
    2
    Rep Power
    288
    I take it you're making a stub zone plus an 'A' record for www.google.com? We didn't want to do that.

    You can make an alias if you have a 2003 or 2008 server, but not 2008R2. Before 2008R2, it was possible to create a zone for www.google.com and add a single CNAME record which would successfully alias the name.

    The problem is fully covered here:
    http://social.technet.microsoft.com/...um=winserverDS

    I'm very late to this party so the above kludge to the server's hosts will have do for now, unless there's a better solution.
    Last edited by jinnantonnixx; 5th December 2013 at 10:53 AM.

  4. #4

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,157
    Thank Post
    522
    Thanked 2,552 Times in 1,981 Posts
    Blog Entries
    24
    Rep Power
    877
    Yeah, that's how we do it. Works well.

  5. #5

    jinnantonnixx's Avatar
    Join Date
    Mar 2011
    Location
    In the Calamatorium.
    Posts
    2,028
    Thank Post
    120
    Thanked 513 Times in 347 Posts
    Blog Entries
    2
    Rep Power
    288
    Quote Originally Posted by localzuk View Post
    Can I just ask what you mean by the DNS advice doesn't work in 2k8R2 DNS? I do various DNS spoofing things here and they're running in 2k8 r2 and 2012 just fine?
    I'm guessing you've done this:
    How to be Authoritative for a Single Host Name in DNS | ITGeared.com

    Does it work for this problem - i.e. are your google searches using regular http (with the google bubble hinting at content filtering)?
    Last edited by jinnantonnixx; 5th December 2013 at 11:03 AM.

  6. #6

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,157
    Thank Post
    522
    Thanked 2,552 Times in 1,981 Posts
    Blog Entries
    24
    Rep Power
    877
    Yeah, that's it. We don't do it for Google - our ISP does the SSL thing for us at their end. But for other site redirections it works well.

  7. Thanks to localzuk from:

    jinnantonnixx (5th December 2013)

SHARE:
+ Post New Thread

Similar Threads

  1. Blocking Google SSL Search for Schools
    By purkle_turkle in forum Internet Related/Filtering/Firewall
    Replies: 3
    Last Post: 11th August 2012, 04:10 AM
  2. Replies: 4
    Last Post: 29th June 2011, 08:54 AM
  3. Google autocomplete off and safe search
    By chrbb in forum Internet Related/Filtering/Firewall
    Replies: 2
    Last Post: 6th February 2011, 10:56 PM
  4. google safesearch and terminal services
    By acaunter in forum Thin Client and Virtual Machines
    Replies: 4
    Last Post: 18th June 2010, 10:19 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •