05-13-2010 08:08 AM
Here are some custom vulnerabilities and one custom application I wrote to block unfiltered (Bad) searches on the big search engine sites.
These were written in 3.1.0 software.
UPDATE: See attached for 4.0 version of these vulnerabilities and custom application.
Here is what they do:
Bing:
· Blocks all explicit content in images and videos
Google:
· Users can’t change their search settings to Unfiltered or Moderate. They can change them to strict.
· Google cached pages are blocked
· Blocks google completely for users who have set their search settings to unfiltered via another connection (like a laptop from home). If they clear there cookies they will go back to moderate and be fine again.
· Block users who manually enter a google url that has safe search off in the URL string.
Yahoo
· Users can’t change their search settings to Safe Off.
· Yahoo cached pages are blocked
Altavista
· Users can’t change their search settings to Safe Off.
Here is how to implement these:
1.0 Vulnerabilities
Just go to Objects, vulnerabilities, then import these threat definitions in one at a time.
They have a default action on each of block so all you need to do is make sure that your web-browsing and any any permit rules have vulnerability checking set to default under the profile section on each policy.
2.0 Custom Unfiltered Google Application
Go to objects, applications, then click import. Import the appid google-unfiltered.xml custom application definition.
Add a new policy trust to untrust any any any application=google-unfiltered deny application-default (no profile needed)
Move this rule to the top, it will block any google traffic when the user has somehow set their search setting to completely unfiltered. They can’t do that through the Palo Alto so it would have to be a laptop from home or something.
3.0 Add Google cache to blocked URL list
The last step is to add webcache.googleusercontent.com and *.explicit.bing.net to the black list in the URL filtering policy under objects and then use that URL filter policy on the Policy for the web-browsing traffic.
See attached files.
Good Luck!
08-22-2011 12:51 PM
Sorry for the delay.....
The problem with forcing only strict google searches, is that the default google setting is moderate. So if you block moderate then you can block google completely and not be able to change your settings to strict from moderate even if you want to comply.
If yo create a new vulnerability signature with the following two lines then it will block everything but strict. Watch out in case you lock yourself out of google however.
pattern-match http-req-headers google/.com
pattern-match http-req-headers safeui=images
Or just download the attached signature.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
