How to Lock down Search Engines to Safe Searches

u2913 — Thu, 13 May 2010 15:08:43 GMT

Here are some custom vulnerabilities and one custom application I wrote to block unfiltered (Bad) searches on the big search engine sites.

These were written in 3.1.0 software.

UPDATE: See attached for 4.0 version of these vulnerabilities and custom application.

Here is what they do:

Bing:

· Blocks all explicit content in images and videos

Google:

· Users can’t change their search settings to Unfiltered or Moderate. They can change them to strict.

· Google cached pages are blocked

· Blocks google completely for users who have set their search settings to unfiltered via another connection (like a laptop from home). If they clear there cookies they will go back to moderate and be fine again.

· Block users who manually enter a google url that has safe search off in the URL string.

Yahoo

· Users can’t change their search settings to Safe Off.

· Yahoo cached pages are blocked

Altavista

· Users can’t change their search settings to Safe Off.

Here is how to implement these:

1.0 Vulnerabilities

Just go to Objects, vulnerabilities, then import these threat definitions in one at a time.

They have a default action on each of block so all you need to do is make sure that your web-browsing and any any permit rules have vulnerability checking set to default under the profile section on each policy.

2.0 Custom Unfiltered Google Application

Go to objects, applications, then click import. Import the appid google-unfiltered.xml custom application definition.

Add a new policy trust to untrust any any any application=google-unfiltered deny application-default (no profile needed)

Move this rule to the top, it will block any google traffic when the user has somehow set their search setting to completely unfiltered. They can’t do that through the Palo Alto so it would have to be a laptop from home or something.

3.0 Add Google cache to blocked URL list

The last step is to add webcache.googleusercontent.com and *.explicit.bing.net to the black list in the URL filtering policy under objects and then use that URL filter policy on the Policy for the web-browsing traffic.

See attached files.

Good Luck!

Re: How to Lock down Search Engines to Safe Searches

Billy_G — Fri, 14 May 2010 14:11:13 GMT

Hi,

Great article and thanks for this. Is there any way to set google to strict search?

Regards.

Re: How to Lock down Search Engines to Safe Searches

u2913 — Mon, 22 Aug 2011 19:51:59 GMT

Sorry for the delay.....

The problem with forcing only strict google searches, is that the default google setting is moderate. So if you block moderate then you can block google completely and not be able to change your settings to strict from moderate even if you want to comply.

If yo create a new vulnerability signature with the following two lines then it will block everything but strict. Watch out in case you lock yourself out of google however.

pattern-match http-req-headers google/.com

pattern-match http-req-headers safeui=images

Or just download the attached signature.

Re: How to Lock down Search Engines to Safe Searches

cdamore — Thu, 17 Jan 2013 22:51:43 GMT

Do this work when someone uses Yahoo as well?

topic Re: How to Lock down Search Engines to Safe Searches in General Topics

How to Lock down Search Engines to Safe Searches

Re: How to Lock down Search Engines to Safe Searches

Re: How to Lock down Search Engines to Safe Searches

Re: How to Lock down Search Engines to Safe Searches