03-13-2013 01:34 PM
I have URL filtering configured that blocks pornography, but if I search in Google for pornography and then click on images, pornographic images are accessible. I know that I can block these in Chrome browser, but how do I block them as a policy via the firewall?
03-13-2013 03:25 PM
Thank you, will safesearch 4.1 work with PAN-OS 5.0?
03-14-2013 06:17 AM
Yes it works with 5.0
03-14-2013 01:48 PM
It appears that the safesearch files are working, but... when I go to Google and type a search for something explicit, it does the search via https: and goes through, if I search again by stripping the S off of https: the policy is in affect. If I lock safesearch in chrome the policy still works. The policy also disables the ability to unlock safesearch, but I can bypass that by closing the browser, cleaning out cashed pages and starting all over again, I can again reach explicit images bypassing my URL filter. What am I doing wrong and what else can I do, so that this control is effective. First step is google, next will be Bing and Yahoo, but I first want to understand what I'm doing wrong with Google.
03-16-2013 02:32 PM
Ya, I looking at the same thing, what I notice is if you set your PA as a Cert authority on your network you can set it to decrypt the search traffic only. This should allow you to block that traffic in theory. I have not had a chance to test it out yet. As for Bing I have been looking into that myself and noticed a couple of things. You don’t have to worry about the https with Bing it doesn’t really search that way. As for the filter:
adlt=off is when safesearch is set to off
adlt=moderate is when moderate search is turned on
adlt=strict is for Strict searching
I have not had time to create and application for it to test yet.
04-24-2015 09:34 AM
JeffC, true, google search uses SSL, so you would need also to configure Decryption Policy. Page 361 of PAN-OS 6.1 Admin Guide, has basic information on it.
04-27-2015 06:32 AM
Without ssl decryption the PaloAlto won't be able to see what is traversing in https.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
