Forums

×

Warning

JUser: :_load: Unable to load user with ID: 120551
Resolved
1 votes
Google has recently adjusted the default search behaviour to return results via HTTPS only. Whilst this offers the user greater 'security' it also includes the images and video searches... and means that it can no longer be scanned by the content filter. The content filter when setup in transparent mode for gateway filters only HTTP traffic - this makes it particularly difficult to prevent obscene material from appearing in the image searches.

To see a bit more information on transparent proxying see Dave Lopers posts here
http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,27/func,view/id,57437/#57514

Google offers a work around to this problem with 'safe search' but this requires you to have a Google login, and is set on each browser...not particularly useful.

They do however offer some steps to force Safe Search through your gateway device, see
https://support.google.com/websearch/answer/186669?hl=en

What we are trying to do is create a local DNS filter similar to services such as OpenDNS. This assumes you are in transparent mode, ClearOS is your gateway device, the web proxy and content filter are running and your clients use ClearOS as the DNS server
1 - prevent outgoing DNS requests to external DNS servers from your network so that only your gateway can resolve DNS
2 - force web traffic directed to google.com to be directed to nosslsearch.google.com - a specific host that returns non-SSL results. This in itself gets us half way there as the content filter will be able to scan the results, but may let some images through
3 - to go one step further we want to dynamically amend the URL requested so that safe mode is always activated
4 - optionally block other HTTPS sites which would have bypassed the content filter with a simple change to the DNS server

NOTE! as always these sorts of things can be circumvented if you are determined enough, and DNS blocks can be worked around by using direct IP address URL requests. However this is intended to be difficult enough to prevent inadvertent browsing of objectionable material by children.

Step 1 - create an iptables entry to block all forward DNS traffic (affects only traffic originating from your LAN). DNS traffic will have to go via your ClearOS gateway and be forwarded by Dnsmasq. Add this rule to /etc/clearos/firewall.d/dnsblock
iptables -I FORWARD -p udp --dport 53 -j DROP

Restart the firewall with 'service firewall restart'

Step 2 - create a file at /etc/dnsmasq.d/nosslsearch.conf which redirects traffic to the nosslsearch.google.com IP address. Ideally you would add all used google subdomains so that users can't just skip to an international version of google, or better still just block all other domains
address=/http://www.google.com/216.239.32.20" target="_blank">www.google.com/216.239.32.20
address=/www.google.co.uk/216.239.32.20

Restart the service 'service dnsmasq restart'

Step 3 - Assuming you have only one default filter group edit /etc/dansguardian-av/lists/urlregexplist and add the following lines which append "safe=vss" (undocumented 'very safe search') you can also use "safe=active"
"(^http://[0-9a-z]+\.google\.[a-z]+[-/%.0-9a-z]*/images\?)"->"\1safe=vss&"
"(^http://[0-9a-z]+\.google\.[a-z]+[-/%.0-9a-z]*/search\?)"->"\1safe=vss&"
"(^http://[0-9a-z]+\.google\.[a-z]+[-/%.0-9a-z]*/s\?)"->"\1safe=vss&"

Then restart the service 'service dansguardian-av restart'

You should now find that if you navigate to https://www.google.com it will redirect to http://www.google.com, and you will get a small warning when searching on the right hand side to confirm the SSL has been disabled.

You should also find that all URLs are now appended with "&safe=vss" (undocumented 'very safe mode') and with Safe Search forced on.

Step 4 - optional blocking of other HTTPS websites
One of the nice 'side effects' of forcing DNS through your gateway is that you can now easily control which HTTPS sites can be accessed. Previously the content filter would not have been able to block them and setting up specific iptables rules required many addresses and subnets. But now all it takes is an entry in /etc/dnsmasq.d/blockdomains.conf. The beauty of using dnsmasq for this purpose rather than editing the hosts file directly is that it accepts wildcards. Blocking social networking sites becomes a simple one line...
address=/encrypted.google.com/127.0.0.1
address=/facebook.com/127.0.0.1
address=/twitter.com/127.0.0.1
address=/plus.google.com/127.0.0.1
address=/youtube.com/127.0.0.1

Note you could also redirect the request to an internal site explaining why said site is blocked... for another day ;)
Sunday, November 24 2013, 08:21 PM
Share this post:
Responses (29)
  • Accepted Answer

    Thursday, September 08 2016, 01:37 PM - #Permalink
    Resolved
    0 votes
    Thanks for the update Alonso!
    The reply is currently minimized Show
  • Accepted Answer

    Monday, August 29 2016, 01:24 PM - #Permalink
    Resolved
    0 votes
    I just need to add: for youtube safe search you could create a file named something like safeyotube.conf at at /etc/dnsmasq.d/ ("touch /etc/dnsmasq.d/safeyotube.conf") with this IP address:
    address=/www.youtube.com/216.239.38.120
    address=/m.youtube.com/216.239.38.120
    address=/youtubei.googleapis.com/216.239.38.120
    address=/youtube.googleapis.com/216.239.38.120
    address=/www.youtube-nocookie.com/216.239.38.120

    and then "service dnsmasq restart"

    so now youtube just show appropiated content.
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, April 12 2015, 07:31 PM - #Permalink
    Resolved
    1 votes
    Tim Burgess wrote:
    Just to update on this post. Google has changed their approach...again. You can now force SafeSearch by just redirecting DNS requests to a special virtual IP address at forcesafesearch.google.com (216.239.38.120). If enabled properly your browser will give a little warning to say that SafeSearch has been enabled on the network
    Note that this still uses an HTTPS connection so you can no longer refine your filtering using the ClearOS content filter... for now nosslsearch.google.com still works which prevents HTTPS

    So instead at Step 2 - create a file at /etc/dnsmasq.d/nosslsearch.conf with the new IP address
    address=/www.google.com/216.239.38.120
    address=/www.google.co.uk/216.239.38.120

    And then you no longer need Step 3 - Dansguardian-AV to rewrite the URL request to force SafeSearch.

    If you want to block all Google domains (http://en.wikipedia.org/wiki/List_of_Google_domains) then you'll need something like:-

    address=/www.google.com/216.239.38.120
    address=/www.google.ac/216.239.38.120
    address=/www.google.ad/216.239.38.120
    address=/www.google.ae/216.239.38.120
    address=/www.google.com.af/216.239.38.120
    address=/www.google.com.ag/216.239.38.120
    address=/www.google.com.ai/216.239.38.120
    address=/www.google.al/216.239.38.120
    address=/www.google.am/216.239.38.120
    address=/www.google.co.ao/216.239.38.120
    address=/www.google.com.ar/216.239.38.120
    address=/www.google.as/216.239.38.120
    address=/www.google.at/216.239.38.120
    address=/www.google.com.au/216.239.38.120
    address=/www.google.az/216.239.38.120
    address=/www.google.ba/216.239.38.120
    address=/www.google.com.bd/216.239.38.120
    address=/www.google.be/216.239.38.120
    address=/www.google.bf/216.239.38.120
    address=/www.google.bg/216.239.38.120
    address=/www.google.com.bh/216.239.38.120
    address=/www.google.bi/216.239.38.120
    address=/www.google.bj/216.239.38.120
    address=/www.google.com.bn/216.239.38.120
    address=/www.google.com.bo/216.239.38.120
    address=/www.google.com.br/216.239.38.120
    address=/www.google.bs/216.239.38.120
    address=/www.google.bt/216.239.38.120
    address=/www.google.co.bw/216.239.38.120
    address=/www.google.by/216.239.38.120
    address=/www.google.com.bz/216.239.38.120
    address=/www.google.ca/216.239.38.120
    address=/www.google.com.kh/216.239.38.120
    address=/www.google.cc/216.239.38.120
    address=/www.google.cd/216.239.38.120
    address=/www.google.cf/216.239.38.120
    address=/www.google.cat/216.239.38.120
    address=/www.google.cg/216.239.38.120
    address=/www.google.ch/216.239.38.120
    address=/www.google.ci/216.239.38.120
    address=/www.google.co.ck/216.239.38.120
    address=/www.google.cl/216.239.38.120
    address=/www.google.cm/216.239.38.120
    address=/www.google.cn/216.239.38.120
    address=/www.g.cn/216.239.38.120
    address=/www.google.com.co/216.239.38.120
    address=/www.google.co.cr/216.239.38.120
    address=/www.google.com.cu/216.239.38.120
    address=/www.google.cv/216.239.38.120
    address=/www.google.com.cy/216.239.38.120
    address=/www.google.cz/216.239.38.120
    address=/www.google.de/216.239.38.120
    address=/www.google.dj/216.239.38.120
    address=/www.google.dk/216.239.38.120
    address=/www.google.dm/216.239.38.120
    address=/www.google.com.do/216.239.38.120
    address=/www.google.dz/216.239.38.120
    address=/www.google.com.ec/216.239.38.120
    address=/www.google.ee/216.239.38.120
    address=/www.google.com.eg/216.239.38.120
    address=/www.google.es/216.239.38.120
    address=/www.google.com.et/216.239.38.120
    address=/www.google.fi/216.239.38.120
    address=/www.google.com.fj/216.239.38.120
    address=/www.google.fm/216.239.38.120
    address=/www.google.fr/216.239.38.120
    address=/www.google.ga/216.239.38.120
    address=/www.google.ge/216.239.38.120
    address=/www.google.gf/216.239.38.120
    address=/www.google.gg/216.239.38.120
    address=/www.google.com.gh/216.239.38.120
    address=/www.google.com.gi/216.239.38.120
    address=/www.google.gl/216.239.38.120
    address=/www.google.gm/216.239.38.120
    address=/www.google.gp/216.239.38.120
    address=/www.google.gr/216.239.38.120
    address=/www.google.com.gt/216.239.38.120
    address=/www.google.gy/216.239.38.120
    address=/www.google.com.hk/216.239.38.120
    address=/www.google.hn/216.239.38.120
    address=/www.google.hr/216.239.38.120
    address=/www.google.ht/216.239.38.120
    address=/www.google.hu/216.239.38.120
    address=/www.google.co.id/216.239.38.120
    address=/www.google.ir/216.239.38.120
    address=/www.google.iq/216.239.38.120
    address=/www.google.ie/216.239.38.120
    address=/www.google.co.il/216.239.38.120
    address=/www.google.im/216.239.38.120
    address=/www.google.co.in/216.239.38.120
    address=/www.google.io/216.239.38.120
    address=/www.google.is/216.239.38.120
    address=/www.google.it/216.239.38.120
    address=/www.google.je/216.239.38.120
    address=/www.google.com.jm/216.239.38.120
    address=/www.google.jo/216.239.38.120
    address=/www.google.co.jp/216.239.38.120
    address=/www.google.co.ke/216.239.38.120
    address=/www.google.ki/216.239.38.120
    address=/www.google.kg/216.239.38.120
    address=/www.google.co.kr/216.239.38.120
    address=/www.google.com.kw/216.239.38.120
    address=/www.google.kz/216.239.38.120
    address=/www.google.la/216.239.38.120
    address=/www.google.com.lb/216.239.38.120
    address=/www.google.com.lc/216.239.38.120
    address=/www.google.li/216.239.38.120
    address=/www.google.lk/216.239.38.120
    address=/www.google.co.ls/216.239.38.120
    address=/www.google.lt/216.239.38.120
    address=/www.google.lu/216.239.38.120
    address=/www.google.lv/216.239.38.120
    address=/www.google.com.ly/216.239.38.120
    address=/www.google.co.ma/216.239.38.120
    address=/www.google.md/216.239.38.120
    address=/www.google.me/216.239.38.120
    address=/www.google.mg/216.239.38.120
    address=/www.google.mk/216.239.38.120
    address=/www.google.ml/216.239.38.120
    address=/www.google.com.mm/216.239.38.120
    address=/www.google.mn/216.239.38.120
    address=/www.google.ms/216.239.38.120
    address=/www.google.com.mt/216.239.38.120
    address=/www.google.mu/216.239.38.120
    address=/www.google.mv/216.239.38.120
    address=/www.google.mw/216.239.38.120
    address=/www.google.com.mx/216.239.38.120
    address=/www.google.com.my/216.239.38.120
    address=/www.google.co.mz/216.239.38.120
    address=/www.google.com.na/216.239.38.120
    address=/www.google.ne/216.239.38.120
    address=/www.google.com.nf/216.239.38.120
    address=/www.google.com.ng/216.239.38.120
    address=/www.google.com.ni/216.239.38.120
    address=/www.google.nl/216.239.38.120
    address=/www.google.no/216.239.38.120
    address=/www.google.com.np/216.239.38.120
    address=/www.google.nr/216.239.38.120
    address=/www.google.nu/216.239.38.120
    address=/www.google.co.nz/216.239.38.120
    address=/www.google.com.om/216.239.38.120
    address=/www.google.com.pa/216.239.38.120
    address=/www.google.com.pe/216.239.38.120
    address=/www.google.com.ph/216.239.38.120
    address=/www.google.com.pk/216.239.38.120
    address=/www.google.pl/216.239.38.120
    address=/www.google.com.pg/216.239.38.120
    address=/www.google.pn/216.239.38.120
    address=/www.google.com.pr/216.239.38.120
    address=/www.google.ps/216.239.38.120
    address=/www.google.pt/216.239.38.120
    address=/www.google.com.py/216.239.38.120
    address=/www.google.com.qa/216.239.38.120
    address=/www.google.ro/216.239.38.120
    address=/www.google.rs/216.239.38.120
    address=/www.google.ru/216.239.38.120
    address=/www.google.rw/216.239.38.120
    address=/www.google.com.sa/216.239.38.120
    address=/www.google.com.sb/216.239.38.120
    address=/www.google.sc/216.239.38.120
    address=/www.google.se/216.239.38.120
    address=/www.google.com.sg/216.239.38.120
    address=/www.google.sh/216.239.38.120
    address=/www.google.si/216.239.38.120
    address=/www.google.sk/216.239.38.120
    address=/www.google.com.sl/216.239.38.120
    address=/www.google.sn/216.239.38.120
    address=/www.google.sm/216.239.38.120
    address=/www.google.so/216.239.38.120
    address=/www.google.st/216.239.38.120
    address=/www.google.com.sv/216.239.38.120
    address=/www.google.td/216.239.38.120
    address=/www.google.tg/216.239.38.120
    address=/www.google.co.th/216.239.38.120
    address=/www.google.com.tj/216.239.38.120
    address=/www.google.tk/216.239.38.120
    address=/www.google.tl/216.239.38.120
    address=/www.google.tm/216.239.38.120
    address=/www.google.to/216.239.38.120
    address=/www.google.tn/216.239.38.120
    address=/www.google.com.tn/216.239.38.120
    address=/www.google.com.tr/216.239.38.120
    address=/www.google.tt/216.239.38.120
    address=/www.google.com.tw/216.239.38.120
    address=/www.google.co.tz/216.239.38.120
    address=/www.google.com.ua/216.239.38.120
    address=/www.google.co.ug/216.239.38.120
    address=/www.google.co.uk/216.239.38.120
    address=/www.google.us/216.239.38.120
    address=/www.google.com.uy/216.239.38.120
    address=/www.google.co.uz/216.239.38.120
    address=/www.google.com.vc/216.239.38.120
    address=/www.google.co.ve/216.239.38.120
    address=/www.google.vg/216.239.38.120
    address=/www.google.co.vi/216.239.38.120
    address=/www.google.com.vn/216.239.38.120
    address=/www.google.vu/216.239.38.120
    address=/www.google.ws/216.239.38.120
    address=/www.google.co.za/216.239.38.120
    address=/www.google.co.zm/216.239.38.120
    address=/www.google.co.zw/216.239.38.120

    I use Tomato firmware on my Linksys E2000 router.
    Thanks for the code..this is what I have been looking for.. but, right now I have been putting some of this code in my dnsmasq text section, but I can only input so many..if I try to input all of them, I get an error saying It needs to be under 2058.. I guess I don't have enough memory in my router

    But where do I input this code?
    is there a script or iptable I can use so I don't run out of memory?
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, April 12 2015, 07:28 PM - #Permalink
    Resolved
    0 votes
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, April 12 2015, 07:26 PM - #Permalink
    Resolved
    0 votes
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, November 26 2014, 11:10 PM - #Permalink
    Resolved
    0 votes
    This is so much easier! I was able to go back, change the address in nosslsearch.conf, comment out the lines I added to urlregexplist, and all is working well. Thanks, Tim, for updating us on the info and what to do.
    The reply is currently minimized Show
  • Accepted Answer

    PeterB
    PeterB
    Offline
    Wednesday, November 26 2014, 03:33 PM - #Permalink
    Resolved
    0 votes
    That's much cleaner to implement and it allows SSL too! The feature is queued up to be done in ClearOS 7.0 (tracker)
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, November 25 2014, 09:52 PM - #Permalink
    Resolved
    0 votes
    Just to update on this post. Google has changed their approach...again. You can now force SafeSearch by just redirecting DNS requests to a special virtual IP address at forcesafesearch.google.com (216.239.38.120). If enabled properly your browser will give a little warning to say that SafeSearch has been enabled on the network
    Note that this still uses an HTTPS connection so you can no longer refine your filtering using the ClearOS content filter... for now nosslsearch.google.com still works which prevents HTTPS

    So instead at Step 2 - create a file at /etc/dnsmasq.d/nosslsearch.conf with the new IP address
    address=/www.google.com/216.239.38.120
    address=/www.google.co.uk/216.239.38.120

    And then you no longer need Step 3 - Dansguardian-AV to rewrite the URL request to force SafeSearch.

    If you want to block all Google domains (http://en.wikipedia.org/wiki/List_of_Google_domains) then you'll need something like:-

    address=/www.google.com/216.239.38.120
    address=/www.google.ac/216.239.38.120
    address=/www.google.ad/216.239.38.120
    address=/www.google.ae/216.239.38.120
    address=/www.google.com.af/216.239.38.120
    address=/www.google.com.ag/216.239.38.120
    address=/www.google.com.ai/216.239.38.120
    address=/www.google.al/216.239.38.120
    address=/www.google.am/216.239.38.120
    address=/www.google.co.ao/216.239.38.120
    address=/www.google.com.ar/216.239.38.120
    address=/www.google.as/216.239.38.120
    address=/www.google.at/216.239.38.120
    address=/www.google.com.au/216.239.38.120
    address=/www.google.az/216.239.38.120
    address=/www.google.ba/216.239.38.120
    address=/www.google.com.bd/216.239.38.120
    address=/www.google.be/216.239.38.120
    address=/www.google.bf/216.239.38.120
    address=/www.google.bg/216.239.38.120
    address=/www.google.com.bh/216.239.38.120
    address=/www.google.bi/216.239.38.120
    address=/www.google.bj/216.239.38.120
    address=/www.google.com.bn/216.239.38.120
    address=/www.google.com.bo/216.239.38.120
    address=/www.google.com.br/216.239.38.120
    address=/www.google.bs/216.239.38.120
    address=/www.google.bt/216.239.38.120
    address=/www.google.co.bw/216.239.38.120
    address=/www.google.by/216.239.38.120
    address=/www.google.com.bz/216.239.38.120
    address=/www.google.ca/216.239.38.120
    address=/www.google.com.kh/216.239.38.120
    address=/www.google.cc/216.239.38.120
    address=/www.google.cd/216.239.38.120
    address=/www.google.cf/216.239.38.120
    address=/www.google.cat/216.239.38.120
    address=/www.google.cg/216.239.38.120
    address=/www.google.ch/216.239.38.120
    address=/www.google.ci/216.239.38.120
    address=/www.google.co.ck/216.239.38.120
    address=/www.google.cl/216.239.38.120
    address=/www.google.cm/216.239.38.120
    address=/www.google.cn/216.239.38.120
    address=/www.g.cn/216.239.38.120
    address=/www.google.com.co/216.239.38.120
    address=/www.google.co.cr/216.239.38.120
    address=/www.google.com.cu/216.239.38.120
    address=/www.google.cv/216.239.38.120
    address=/www.google.com.cy/216.239.38.120
    address=/www.google.cz/216.239.38.120
    address=/www.google.de/216.239.38.120
    address=/www.google.dj/216.239.38.120
    address=/www.google.dk/216.239.38.120
    address=/www.google.dm/216.239.38.120
    address=/www.google.com.do/216.239.38.120
    address=/www.google.dz/216.239.38.120
    address=/www.google.com.ec/216.239.38.120
    address=/www.google.ee/216.239.38.120
    address=/www.google.com.eg/216.239.38.120
    address=/www.google.es/216.239.38.120
    address=/www.google.com.et/216.239.38.120
    address=/www.google.fi/216.239.38.120
    address=/www.google.com.fj/216.239.38.120
    address=/www.google.fm/216.239.38.120
    address=/www.google.fr/216.239.38.120
    address=/www.google.ga/216.239.38.120
    address=/www.google.ge/216.239.38.120
    address=/www.google.gf/216.239.38.120
    address=/www.google.gg/216.239.38.120
    address=/www.google.com.gh/216.239.38.120
    address=/www.google.com.gi/216.239.38.120
    address=/www.google.gl/216.239.38.120
    address=/www.google.gm/216.239.38.120
    address=/www.google.gp/216.239.38.120
    address=/www.google.gr/216.239.38.120
    address=/www.google.com.gt/216.239.38.120
    address=/www.google.gy/216.239.38.120
    address=/www.google.com.hk/216.239.38.120
    address=/www.google.hn/216.239.38.120
    address=/www.google.hr/216.239.38.120
    address=/www.google.ht/216.239.38.120
    address=/www.google.hu/216.239.38.120
    address=/www.google.co.id/216.239.38.120
    address=/www.google.ir/216.239.38.120
    address=/www.google.iq/216.239.38.120
    address=/www.google.ie/216.239.38.120
    address=/www.google.co.il/216.239.38.120
    address=/www.google.im/216.239.38.120
    address=/www.google.co.in/216.239.38.120
    address=/www.google.io/216.239.38.120
    address=/www.google.is/216.239.38.120
    address=/www.google.it/216.239.38.120
    address=/www.google.je/216.239.38.120
    address=/www.google.com.jm/216.239.38.120
    address=/www.google.jo/216.239.38.120
    address=/www.google.co.jp/216.239.38.120
    address=/www.google.co.ke/216.239.38.120
    address=/www.google.ki/216.239.38.120
    address=/www.google.kg/216.239.38.120
    address=/www.google.co.kr/216.239.38.120
    address=/www.google.com.kw/216.239.38.120
    address=/www.google.kz/216.239.38.120
    address=/www.google.la/216.239.38.120
    address=/www.google.com.lb/216.239.38.120
    address=/www.google.com.lc/216.239.38.120
    address=/www.google.li/216.239.38.120
    address=/www.google.lk/216.239.38.120
    address=/www.google.co.ls/216.239.38.120
    address=/www.google.lt/216.239.38.120
    address=/www.google.lu/216.239.38.120
    address=/www.google.lv/216.239.38.120
    address=/www.google.com.ly/216.239.38.120
    address=/www.google.co.ma/216.239.38.120
    address=/www.google.md/216.239.38.120
    address=/www.google.me/216.239.38.120
    address=/www.google.mg/216.239.38.120
    address=/www.google.mk/216.239.38.120
    address=/www.google.ml/216.239.38.120
    address=/www.google.com.mm/216.239.38.120
    address=/www.google.mn/216.239.38.120
    address=/www.google.ms/216.239.38.120
    address=/www.google.com.mt/216.239.38.120
    address=/www.google.mu/216.239.38.120
    address=/www.google.mv/216.239.38.120
    address=/www.google.mw/216.239.38.120
    address=/www.google.com.mx/216.239.38.120
    address=/www.google.com.my/216.239.38.120
    address=/www.google.co.mz/216.239.38.120
    address=/www.google.com.na/216.239.38.120
    address=/www.google.ne/216.239.38.120
    address=/www.google.com.nf/216.239.38.120
    address=/www.google.com.ng/216.239.38.120
    address=/www.google.com.ni/216.239.38.120
    address=/www.google.nl/216.239.38.120
    address=/www.google.no/216.239.38.120
    address=/www.google.com.np/216.239.38.120
    address=/www.google.nr/216.239.38.120
    address=/www.google.nu/216.239.38.120
    address=/www.google.co.nz/216.239.38.120
    address=/www.google.com.om/216.239.38.120
    address=/www.google.com.pa/216.239.38.120
    address=/www.google.com.pe/216.239.38.120
    address=/www.google.com.ph/216.239.38.120
    address=/www.google.com.pk/216.239.38.120
    address=/www.google.pl/216.239.38.120
    address=/www.google.com.pg/216.239.38.120
    address=/www.google.pn/216.239.38.120
    address=/www.google.com.pr/216.239.38.120
    address=/www.google.ps/216.239.38.120
    address=/www.google.pt/216.239.38.120
    address=/www.google.com.py/216.239.38.120
    address=/www.google.com.qa/216.239.38.120
    address=/www.google.ro/216.239.38.120
    address=/www.google.rs/216.239.38.120
    address=/www.google.ru/216.239.38.120
    address=/www.google.rw/216.239.38.120
    address=/www.google.com.sa/216.239.38.120
    address=/www.google.com.sb/216.239.38.120
    address=/www.google.sc/216.239.38.120
    address=/www.google.se/216.239.38.120
    address=/www.google.com.sg/216.239.38.120
    address=/www.google.sh/216.239.38.120
    address=/www.google.si/216.239.38.120
    address=/www.google.sk/216.239.38.120
    address=/www.google.com.sl/216.239.38.120
    address=/www.google.sn/216.239.38.120
    address=/www.google.sm/216.239.38.120
    address=/www.google.so/216.239.38.120
    address=/www.google.st/216.239.38.120
    address=/www.google.com.sv/216.239.38.120
    address=/www.google.td/216.239.38.120
    address=/www.google.tg/216.239.38.120
    address=/www.google.co.th/216.239.38.120
    address=/www.google.com.tj/216.239.38.120
    address=/www.google.tk/216.239.38.120
    address=/www.google.tl/216.239.38.120
    address=/www.google.tm/216.239.38.120
    address=/www.google.to/216.239.38.120
    address=/www.google.tn/216.239.38.120
    address=/www.google.com.tn/216.239.38.120
    address=/www.google.com.tr/216.239.38.120
    address=/www.google.tt/216.239.38.120
    address=/www.google.com.tw/216.239.38.120
    address=/www.google.co.tz/216.239.38.120
    address=/www.google.com.ua/216.239.38.120
    address=/www.google.co.ug/216.239.38.120
    address=/www.google.co.uk/216.239.38.120
    address=/www.google.us/216.239.38.120
    address=/www.google.com.uy/216.239.38.120
    address=/www.google.co.uz/216.239.38.120
    address=/www.google.com.vc/216.239.38.120
    address=/www.google.co.ve/216.239.38.120
    address=/www.google.vg/216.239.38.120
    address=/www.google.co.vi/216.239.38.120
    address=/www.google.com.vn/216.239.38.120
    address=/www.google.vu/216.239.38.120
    address=/www.google.ws/216.239.38.120
    address=/www.google.co.za/216.239.38.120
    address=/www.google.co.zm/216.239.38.120
    address=/www.google.co.zw/216.239.38.120
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, August 05 2014, 10:38 PM - #Permalink
    Resolved
    0 votes
    The ping test from a client returns the nossl ip address from the nosslsearch.conf (216.239.32.20), so that portion is working as expected.

    I did the following next...not sure why, but it seems to have made the difference.

    First, I opened up Chrome and browsed to "www.google.com"; and noticed in the top right hand corner that I was "signed in" to my Google account. I signed out of the account and then opened a new tab in Chrome to try the scenario again where I browse to "www.google.com"; and then enter the search containing the bad terms. Same result as before; I get the results that should be blocked because the URL in the browser has "&safe=vss". I then closed Chrome completely and tried Firefox and IE...both were already installed. Browsing to the search page on those browsers and entering in the bad search term acted properly...saying that it did not search for all of the terms because safe search was enabled. Hmm...opened up Chrome again (previously closed it), and now I am not getting the bad search results when searching from the "www.google.com"; web form!

    So, I must have needed to sign out of Google and then close/open Chrome for everything to work right. I will try the same on another client once I mosey back upstairs.
    The reply is currently minimized Show
  • Accepted Answer

    Monday, August 04 2014, 04:51 PM - #Permalink
    Resolved
    0 votes
    hmm if you ping www.google.com from a client PC does it return the nosslsearch IP address? if not then Step 2 (DNS) isn't configured quite right, and the Safe Search rewrite rules will not work with SSL queries

    It's likely that Chrome is initiating a SSL search query first before you refresh the page - I'll try and replicate it here
    The reply is currently minimized Show
  • Accepted Answer

    Friday, August 01 2014, 10:56 PM - #Permalink
    Resolved
    0 votes
    Sorry to drag up an old post, but I'm having some difficulty getting this to work 100% of the time. :huh:

    I have 6.5.0 (final) setup and running here at home. Content filter and transparent proxy are running fine, but wanted to block inappropriate google search results...which led me to this thread. I followed the steps, but have one odd behavior going on.

    If I open up a Chrome window and do a search from the address bar (just type in what I'm searching for in the address bar) it behaves as what I believe is "normal"...meaning if I search for porn it will tell me that safe search is active and did not search for my terms...even though I have safe search turned off in the browser's settings. Yes! This is what I want to have happen.

    However, if I browse first to www.google.com (no http or https, just the www) and then enter the same search phrase on the web page's form it will return all kinds of nasty stuff. Here is where things get interesting...the URL displayed in the browser's address bar at this point does in fact show "&safe=vss" along with all of the trash terms I put into my search. If I simply refresh the page it acts like it should and gives me the google results page saying it could not find anything because it did not search for the nasty terms I entered.

    Of course, if I do try to follow one of the links or if I click on "images" or "videos" at this point the content filter does block me, which is great, but I really don't want to get all those bad search results in the first place when someone searches from www.google.com itself.

    Any ideas what to check? I have gone through the steps several times that Tim laid out. The only doubt I had during the whole process was in Step one. I did not have a file called /etc/clearos/firewall.d/dnsblock so I created it as root then added the iptables line Tim mentions.
    The reply is currently minimized Show
  • Accepted Answer

    Geffroy
    Geffroy
    Offline
    Monday, May 26 2014, 09:55 AM - #Permalink
    Resolved
    0 votes
    It works now. I had a second look and just realised I did trap myself like a rookie :ohmy:

    The idea was 1st to filter all searchengine and allow only google in safe mode.
    So I enabled the 'websearch' option in the fitler list which blocked all search website.
    So I added google in white list which bypassed the filtering and url rewriting :(

    Lesson learned... Now works fine !
    The reply is currently minimized Show
  • Accepted Answer

    H.323
    H.323
    Offline
    Thursday, May 22 2014, 02:03 PM - #Permalink
    Resolved
    0 votes
    I can't give your the details between 5.2 and 6.2. I can tell you however that no ssl google works fine on 5.2 with the urlexpression without any DNS entries.
    The reply is currently minimized Show
  • Accepted Answer

    Geffroy
    Geffroy
    Offline
    Tuesday, May 20 2014, 03:17 PM - #Permalink
    Resolved
    0 votes
    Hi,
    The school where I installed Clearos 5.2 called me because the filtering was not working anymore and I found this post.
    I have been trying to adapt this solution to cc5.2 but this does not work.

    Came back home , just used this on my Clearos 6.2 and it works straight.
    on 5.2 , I have put some entries in the local DNS to force the nossl trick.
    But playing with the urlregexp is apparently not chnaging anything on 5.2
    Any known differences between the 2 dansguardian-av version ?

    I would like to avoid installing 6.2 at school because they love Tim's plugin to allow grey/white list on the fly for which I have never had time to try to adapt for 6.2 :(
    The reply is currently minimized Show
  • Accepted Answer

    H.323
    H.323
    Offline
    Wednesday, January 22 2014, 02:32 PM - #Permalink
    Resolved
    0 votes
    No. If you've messed with DNS--put that back to normal. Cannot be using transparent proxy.
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, January 22 2014, 02:19 PM - #Permalink
    Resolved
    0 votes
    That doesn't work for me - you have to implement the redirect to host nosslsearch via the DNS record advised in my post?

    You can't access https://nosslsearch directly...
    The reply is currently minimized Show
  • Accepted Answer

    H.323
    H.323
    Offline
    Wednesday, January 22 2014, 03:01 AM - #Permalink
    Resolved
    0 votes
    Also consider adding the following in file urlregexplist

    "^https://www(.google.com.*$)"->"https://nosslsearch\1"
    The reply is currently minimized Show
  • Accepted Answer

     Theokrat
    Theokrat
    Offline
    Monday, January 13 2014, 04:28 PM - #Permalink
    Resolved
    0 votes
    Peter,

    Interesting ... that probably explains why even after making the dnsmasq changes (mentioned in a prevoius post in another thread) that I'm still seeing some unwanted stuff getting through.

    It may be fighting a losing battle to try and use some box in the middle for web filtering? With various type of things driving more and more connections to be encrypted a significant portion of the usefulness of Dansguardian is being eliminated.

    I don't understand the reason behind Google enforcing encryption on all connections (or at least all connections of a certain type). It makes things difficult for the home user, or a school, to setup proper boundaries. But if a nation wanted to control the population it would still have the ability to force everything through a proxy (I believe) and thus the potential for the nation to continue monitoring the activity of its citizens? Sure, your web browser will complain that the far end of the connection cannot be verified. But the citizen won't be able to do anything about that. So how does what Google has done do any real good?

    Peter Baldwin wrote:
    Watching network traffic when doing a Google Search is interesting. First, every new letter typed into the search bar generates a web request. That's how the Google "instant predictions" feature works of course. When you hit enter, it's all Ajax/Javascript in the background and about a dozen individual web requests are made to Google. The search results are not sent back as plain HTML, but a mostly unreadable payload. I'm guessing Google is compressing stuff and doing other tricks to be efficient. Since most of the payload is unreadable, the usual phrase list filtering used by the content filter is not effective. Nor is the deep URL analysis.
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, January 01 2014, 03:38 PM - #Permalink
    Resolved
    0 votes
    Anyone have any regular expressions I can use for Yahoo and Bing? I'm no good with them and I'd rather not spend forever trying to create ones that work on their search engines.

    Thanks.
    The reply is currently minimized Show
  • Accepted Answer

    PeterB
    PeterB
    Offline
    Tuesday, December 10 2013, 03:55 PM - #Permalink
    Resolved
    0 votes
    Watching network traffic when doing a Google Search is interesting. First, every new letter typed into the search bar generates a web request. That's how the Google "instant predictions" feature works of course. When you hit enter, it's all Ajax/Javascript in the background and about a dozen individual web requests are made to Google. The search results are not sent back as plain HTML, but a mostly unreadable payload. I'm guessing Google is compressing stuff and doing other tricks to be efficient. Since most of the payload is unreadable, the usual phrase list filtering used by the content filter is not effective. Nor is the deep URL analysis.
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, December 10 2013, 02:11 AM - #Permalink
    Resolved
    0 votes
    That would be great Peter.

    I have a related, but unrelated question someone may be able to answer for me.
    And, this may just be specific to my set-up for some reason.
    It seems the weighted phrase limits don't apply to google search result listings (even when using non-ssl search.)
    For example, if I search for 'sex' in google, with very aggressive weighted phrase limits enabled, and the vss string added, non-ssl search, I still get some results listed in the google search results I'm not too interested in the kids seeing (ever in their lives!)
    However, the same search on bing.com DOES trigger the weighted phrase limit right away and no search results display.

    For example, after gooing sex, the list of books that appear at the top of the results look very interesting... for myself. :)
    And once you click through, the pages are blocked, but the actual google search result listing never seems to get blocked.
    I'm just wondering if this is the how google works or possibly something on my end.
    Maybe I'm being too overprotective :)

    I had noticed this behavior in the past, and have switched the kids over to bing because weighted phrases seem to work better.
    Just wonder if anyone has any insight on this.
    Thanks...
    The reply is currently minimized Show
  • Accepted Answer

    PeterB
    PeterB
    Offline
    Monday, December 09 2013, 10:44 PM - #Permalink
    Resolved
    0 votes
    Wow -- this must get integrated into ClearOS! I'll ping the product guys to see if we can sneak this into the high priority bucket.
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, December 03 2013, 12:33 PM - #Permalink
    Resolved
    0 votes
    Thanks Bryan I was following the Google technical post and hadn't noticed the additional search query format. Because the search results are returned unencrypted the content filter should remove anything obscene based on the word categories, but enabling safe search for this is a nice touch :)

    Hi Shauib, you can enable / disable internet access on a time basis using the web access control app
    http://www.clearcenter.com/support/documentation/user_guide/web_access_control
    or the principles in the following post to create and modify scripts with cron.
    http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,27/func,view/id,44245/
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, December 03 2013, 04:01 AM - #Permalink
    Resolved
    0 votes
    Does anyone know how to make social networking sites be accessed on a timed basis? For example - Let the kids access only from 7 PM to 8 PM.
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, November 27 2013, 02:03 AM - #Permalink
    Resolved
    0 votes
    Thanks for this Tim.
    Working here, but had to add the last line to:
    /etc/dansguardian-av/lists/urlregexplist


    #Tim's VSS setting
    "(^http://[0-9a-z]+\.google\.[a-z]+[-/%.0-9a-z]*/images\?)"->"\1safe=vss&"
    "(^http://[0-9a-z]+\.google\.[a-z]+[-/%.0-9a-z]*/search\?)"->"\1safe=vss&"
    "(^http://[0-9a-z]+\.google\.[a-z]+[-/%.0-9a-z]*/s\?)"->"\1safe=vss&"
    "(^http://[0-9a-z]+\.google\.[a-z]+[-/%.0-9a-z]*/q\?)"->"\1safe=vss&"


    If, for example, I search for snakes, the url becomes:
    http://www.google.com/#q=snakes
    Adding that last line, in my case, changed the url to:
    http://www.google.com/#q=snakes&safe=vss

    Thanks again!
    This is wonderful!
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, November 24 2013, 09:28 PM - #Permalink
    Resolved
    0 votes
    That's the point - every device should be configured via DHCP or static IP to use the ClearOS gateway, but either way it achieves the same thing
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, November 24 2013, 09:21 PM - #Permalink
    Resolved
    0 votes
    ...... it just kills every non-compliant device on the LAN.
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, November 24 2013, 08:37 PM - #Permalink
    Resolved
    0 votes
    Hi Nick, I wanted to avoid transparently redirecting DNS requests to the ClearOS box, as it will give the impression that it's working - rather my entry in the FORWARD chain just drops DNS request originating from the LAN and doesn't require modification for LAN interface or IP address.
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, November 24 2013, 08:32 PM - #Permalink
    Resolved
    0 votes
    Remember my trick to force DNS lookups through the server:
    iptables -t nat -I PREROUTING -p tcp --dport 53 -d ! 172.17.2.1 -i eth1 -j DNAT --to-destination 172.17.2.1
    iptables -t nat -I PREROUTING -p udp --dport 53 -d ! 172.17.2.1 -i eth1 -j DNAT --to-destination 172.17.2.1
    Change 172.17.2.1 to your ClearOS LAN IP.
    The reply is currently minimized Show
Your Reply