Sorry for the delay..... The problem with forcing only strict google searches, is that the default google setting is moderate. So if you block moderate then you can block google completely and not be able to change your settings to strict from moderate even if you want to comply. If yo create a new vulnerability signature with the following two lines then it will block everything but strict. Watch out in case you lock yourself out of google however. pattern-match http-req-headers google/.com pattern-match http-req-headers safeui=images Or just download the attached signature.
... View more
Here are some custom vulnerabilities and one custom application I wrote to block unfiltered (Bad) searches on the big search engine sites. These were written in 3.1.0 software. UPDATE: See attached for 4.0 version of these vulnerabilities and custom application. Here is what they do: Bing: · Blocks all explicit content in images and videos Google: · Users can’t change their search settings to Unfiltered or Moderate. They can change them to strict. · Google cached pages are blocked · Blocks google completely for users who have set their search settings to unfiltered via another connection (like a laptop from home). If they clear there cookies they will go back to moderate and be fine again. · Block users who manually enter a google url that has safe search off in the URL string. Yahoo · Users can’t change their search settings to Safe Off. · Yahoo cached pages are blocked Altavista · Users can’t change their search settings to Safe Off. Here is how to implement these: 1.0 Vulnerabilities Just go to Objects, vulnerabilities, then import these threat definitions in one at a time. They have a default action on each of block so all you need to do is make sure that your web-browsing and any any permit rules have vulnerability checking set to default under the profile section on each policy. 2.0 Custom U nfiltered Google Applicati on Go to objects, applications, then click import. Import the appid google-unfiltered.xml custom application definition. Add a new policy trust to untrust any any any application=google-unfiltered deny application-default (no profile needed) Move this rule to the top, it will block any google traffic when the user has somehow set their search setting to completely unfiltered. They can’t do that through the Palo Alto so it would have to be a laptop from home or something. 3.0 Add Google cache to blocked URL list The last step is to add webcache.googleusercontent.com and *.explicit.bing.net to the black list in the URL filtering policy under objects and then use that URL filter policy on the Policy for the web-browsing traffic. See attached files. Good Luck!
... View more