+ Post New Thread
Results 1 to 6 of 6
Internet Related/Filtering/Firewall Thread, [Squid] Google SafeSearch and SSL Search in Technical; The problem: Cannot filter queries as Google search is using SSL https://support.google.com/websearch...r/186669?hl=en Google say: "To utilize the no SSL option ...
  1. #1

    jinnantonnixx's Avatar
    Join Date
    Mar 2011
    Location
    In the Calamatorium.
    Posts
    2,049
    Thank Post
    121
    Thanked 525 Times in 352 Posts
    Blog Entries
    2
    Rep Power
    295

    [Squid] Google SafeSearch and SSL Search

    The problem: Cannot filter queries as Google search is using SSL

    https://support.google.com/websearch...r/186669?hl=en

    Google say: "To utilize the no SSL option for your network, configure the DNS entry for Google to be a CNAME for nosslsearch.google.com." Which is brilliant advice, but doesn't work on MS Server 2008R2 DNS.

    So, here's my kludge if it's of use to anyone. I'm using Squid on Centos servers, by the way.
    I wrote a bash script which runs daily and looks up the IP address for "nosslsearch.google.com" and adds these entries to the Squid server's hosts file.
    You must remove any 'dns_nameservers' from your squid.conf

    Here's the bash file which should live in /etc/cron.daily

    Code:
    # rebuilds host file with google's non-ssl seach address
    
    # rename the existing hosts file
    mv /etc/hosts /etc/hosts.bak
    
    # copy the old hosts file to a new hosts file, minus any lines containing 'google'
    grep -v google /etc/hosts.bak > /etc/hosts
    
    # get the latest IP address
    IP_RESULT=`nslookup nosslsearch.google.com | tail -n 2 | cut -f 2 -d ":" | cut -f2 -d " "`
    
    #if IP_RESULT is not NXDOMAIN, add the new IP records, otherwise do nothing
    
    if [ "$IP_RESULT" !=  "NXDOMAIN" ]
    then
    	echo $IP_RESULT www.google.co.uk >> /etc/hosts
    	echo $IP_RESULT www.google.com >> /etc/hosts
    fi

  2. #2

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,338
    Thank Post
    525
    Thanked 2,597 Times in 2,015 Posts
    Blog Entries
    24
    Rep Power
    888
    Can I just ask what you mean by the DNS advice doesn't work in 2k8R2 DNS? I do various DNS spoofing things here and they're running in 2k8 r2 and 2012 just fine?

  3. #3

    jinnantonnixx's Avatar
    Join Date
    Mar 2011
    Location
    In the Calamatorium.
    Posts
    2,049
    Thank Post
    121
    Thanked 525 Times in 352 Posts
    Blog Entries
    2
    Rep Power
    295
    I take it you're making a stub zone plus an 'A' record for www.google.com? We didn't want to do that.

    You can make an alias if you have a 2003 or 2008 server, but not 2008R2. Before 2008R2, it was possible to create a zone for www.google.com and add a single CNAME record which would successfully alias the name.

    The problem is fully covered here:
    http://social.technet.microsoft.com/...um=winserverDS

    I'm very late to this party so the above kludge to the server's hosts will have do for now, unless there's a better solution.
    Last edited by jinnantonnixx; 5th December 2013 at 11:53 AM.

  4. #4

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,338
    Thank Post
    525
    Thanked 2,597 Times in 2,015 Posts
    Blog Entries
    24
    Rep Power
    888
    Yeah, that's how we do it. Works well.

  5. #5

    jinnantonnixx's Avatar
    Join Date
    Mar 2011
    Location
    In the Calamatorium.
    Posts
    2,049
    Thank Post
    121
    Thanked 525 Times in 352 Posts
    Blog Entries
    2
    Rep Power
    295
    Quote Originally Posted by localzuk View Post
    Can I just ask what you mean by the DNS advice doesn't work in 2k8R2 DNS? I do various DNS spoofing things here and they're running in 2k8 r2 and 2012 just fine?
    I'm guessing you've done this:
    How to be Authoritative for a Single Host Name in DNS | ITGeared.com

    Does it work for this problem - i.e. are your google searches using regular http (with the google bubble hinting at content filtering)?
    Last edited by jinnantonnixx; 5th December 2013 at 12:03 PM.

  6. #6

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    18,338
    Thank Post
    525
    Thanked 2,597 Times in 2,015 Posts
    Blog Entries
    24
    Rep Power
    888
    Yeah, that's it. We don't do it for Google - our ISP does the SSL thing for us at their end. But for other site redirections it works well.

  7. Thanks to localzuk from:

    jinnantonnixx (5th December 2013)



SHARE:
+ Post New Thread

Similar Threads

  1. Blocking Google SSL Search for Schools
    By purkle_turkle in forum Internet Related/Filtering/Firewall
    Replies: 3
    Last Post: 11th August 2012, 05:10 AM
  2. Replies: 4
    Last Post: 29th June 2011, 09:54 AM
  3. Google autocomplete off and safe search
    By chrbb in forum Internet Related/Filtering/Firewall
    Replies: 2
    Last Post: 6th February 2011, 11:56 PM
  4. google safesearch and terminal services
    By acaunter in forum Thin Client and Virtual Machines
    Replies: 4
    Last Post: 18th June 2010, 11:19 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •