How to Lock down Search Engines to Safe Searches

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to Lock down Search Engines to Safe Searches

Not applicable

Here are some custom vulnerabilities and one custom application I wrote to block unfiltered (Bad) searches on the big search engine sites.

These were written in 3.1.0 software.

UPDATE: See attached for 4.0 version of these vulnerabilities and custom application.

Here is what they do:

Bing:

·        Blocks all explicit content in images and videos

Google:

·        Users can’t change their search settings to Unfiltered or Moderate. They can change them to strict.

·        Google cached pages are blocked

·        Blocks google completely for users who have set their search settings to unfiltered via another connection (like a laptop from home). If they clear there cookies they will go back to moderate and be fine again.

·        Block users who manually enter a google url that has safe search off in the URL string.

Yahoo

·        Users can’t change their search settings to Safe Off.

·        Yahoo cached pages are blocked

Altavista

·        Users can’t change their search settings to Safe Off.

Here is how to implement these:


1.0   Vulnerabilities

Just go to Objects, vulnerabilities, then import these threat definitions in one at a time.

They have a default action on each of block so all you need to do is make sure that your web-browsing and any any  permit rules have vulnerability checking set to default under the profile section on each policy.

2.0   Custom Unfiltered Google Application

Go to objects, applications, then click import. Import the  appid google-unfiltered.xml custom application definition.

Add a new policy trust to untrust any any any application=google-unfiltered deny application-default  (no profile needed)

Move this rule to the top, it will block any google traffic when the user has somehow set their search setting to completely unfiltered. They can’t do that through the Palo Alto so it would have to be a laptop from home or something.

3.0   Add Google cache to blocked URL list

The last step is to add webcache.googleusercontent.com and *.explicit.bing.net to the black list in the URL filtering policy under objects and then use that URL filter policy on the Policy for the web-browsing traffic.

See attached files.

Good Luck!

3 REPLIES 3

L1 Bithead

Hi,

Great article and thanks for this. Is there any way to set google to strict search?

Regards.

Sorry for the delay.....

The problem with forcing only strict google searches, is that the default google setting is moderate. So if you block moderate then you can block google completely and not be able to change your settings to strict from moderate even if you want to comply.

If yo create a new vulnerability signature with the following two lines then it will block everything but strict. Watch out in case you lock yourself out of google however.

pattern-match       http-req-headers     google/.com

pattern-match     http-req-headers   safeui=images

Or just download the attached signature.

L1 Bithead

Do this work when someone uses Yahoo as well?

  • 6971 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!