Enforcing Youtube Safety Mode
-
I was playing with safesearch last night with Squid3. After configuring it, I went to Google and tried to do some image searches for loaded terms like 'hot teen nudes' (research & development reasons only, of course). No matter what I did, I could not get around safesearch. If you try to disable it, you will be forwarded to the main Google page. I'm sure there are clever ways around it, but I doubt my users will think of them.
-
Hi networkinggeek,
Here is a link to the 8.3 package archive files:
https://forum.pfsense.org/index.php?topic=78935.msg431084#msg431084
-
@KOM:
I was playing with safesearch last night with Squid3. After configuring it, I went to Google and tried to do some image searches for loaded terms like 'hot teen nudes' (research & development reasons only, of course). No matter what I did, I could not get around safesearch. If you try to disable it, you will be forwarded to the main Google page. I'm sure there are clever ways around it, but I doubt my users will think of them.
Well I have got success with google safesearch and yes you are right if we try to disable the safesearch it'll be redirected to the main page.
I am stuck in the YouTube edufilter. I want it to be enforced via Pfsense itself. I don't want to login into each PC or Laptop and enforce it. So, it has to be done via Pfsense so that the school kids can access YouTube edu content videos even via Tablets.
-
Another good google trick is to force the "nosslsafesearch" …
Host Domain IP Description
www google.com 216.239.32.20 nosslsearch.google.com
-
…sorry ...fat fingered that last post....
..under your DNS forwarder, add www.google.com, and send it to 216.239.32.20
It looks like youtube issues cookies rather than adding a string to the url, so doing a rewrite will probably not work.
If you are an education institution, you could / should sign up for edufilter. -
It looks like youtube issues cookies rather than adding a string to the url, so doing a rewrite will probably not work.
If you are an education institution, you could / should sign up for edufilter.Is it possible to redirect using HTTP header rule? Because the link which you haven given mention about editing header rules.
I don't know how to edit header rules in Pfsense. So if you are aware about this then, kindly explain the procedure to do so. -
Well…yes, no and maybe....
the header rewrite
$rewrite_item[] = array(F_TARGETURL => '(http://www.youtube.com/watch?v=.*)', F_REPLACETO => '\1&edufilter=XXXXXXXXXXXXXXXXXXXXXXXX', F_MODE => 'i');
Forces the users to use your specific educational channel, which you can then control.
However, I do not know how to rewrite the header to force all proxy users to use "safety mode".
YouTube Safety Mode is enforced by rewriting a specific cookie in client request headers, while SafeSearch (for google etc...) is enforced by simply adding a string to the request URL (which is what the edufilter filtering does).
a quick google of "rewrite youtube header to use safety mode" brings up some info, but most of it is at least a couple years old and I'm not sure how (or if) it could be implemented in pfSense / squidguard.
Youtube Safe Search
RewriteCond URL .youtube.com.
RewriteHeader Cookie: (.*) PREF=f2=8000000RewriteRule (.)?youtube.com(.?.*) $1youtube.com$2&safety_mode=true [I,L]
; === Safety Mode for YouTube ===
<proxy bc_safesearch_youtube_cookies="">url.domain=youtube.com
request.header.cookie="PREF=" action.BC_SafeSearch_YouTube_Cookie_Rewrite(yes)
action.BC_SafeSearch_YouTube_Cookie_append(yes)
define action BC_SafeSearch_YouTube_Cookie_Rewrite
rewrite( request.header.Cookie, "(PREF=[^,]+)", "$(1)&f2=8000000" )
end
define action BC_SafeSearch_YouTube_Cookie_append
append( request.header.Cookie, "PREF=f2=8000000" )
end
; === End of Safety Mode for YouTube ===
***********************</proxy> -
This can be done with the NSFilter package by simply entering your Youtube for Schools code into the desired policy.
-
This can be done with the NSFilter package by simply entering your Youtube for Schools code into the desired policy.
I have tried NSFilter and its not working. When you follow the steps provided by them to configure all the websites get blocked.
I have raised this issue with the NSFilter and they have not even cared to respond to the error. So as of now NSFilter is not going to work -
Well…yes, no and maybe....
the header rewrite
$rewrite_item[] = array(F_TARGETURL => '(http://www.youtube.com/watch?v=.*)', F_REPLACETO => '\1&edufilter=XXXXXXXXXXXXXXXXXXXXXXXX', F_MODE => 'i');
Forces the users to use your specific educational channel, which you can then control.
However, I do not know how to rewrite the header to force all proxy users to use "safety mode".
YouTube Safety Mode is enforced by rewriting a specific cookie in client request headers, while SafeSearch (for google etc...) is enforced by simply adding a string to the request URL (which is what the edufilter filtering does).
a quick google of "rewrite youtube header to use safety mode" brings up some info, but most of it is at least a couple years old and I'm not sure how (or if) it could be implemented in pfSense / squidguard.
Youtube Safe Search
RewriteCond URL .youtube.com.
RewriteHeader Cookie: (.*) PREF=f2=8000000RewriteRule (.)?youtube.com(.?.*) $1youtube.com$2&safety_mode=true [I,L]
; === Safety Mode for YouTube ===
<proxy bc_safesearch_youtube_cookies="">url.domain=youtube.com
request.header.cookie="PREF=" action.BC_SafeSearch_YouTube_Cookie_Rewrite(yes)
action.BC_SafeSearch_YouTube_Cookie_append(yes)
define action BC_SafeSearch_YouTube_Cookie_Rewrite
rewrite( request.header.Cookie, "(PREF=[^,]+)", "$(1)&f2=8000000" )
end
define action BC_SafeSearch_YouTube_Cookie_append
append( request.header.Cookie, "PREF=f2=8000000" )
end
; === End of Safety Mode for YouTube ===
***********************</proxy>Do I need edit cookies in the individual browser? If so, then its not an feasible option because cookies will erased if we clear the history.
Somehow SquidGuard has to come up with the solution for this.
