Blocking Searches in Google by KeyWords

r0utevv3 · Nov 1, 2016, 6:40 AM

Hello, I have noticed that when you make a search in Google, like "anime", you get an URL like this: https://www.google.com.mx/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=anime (Notice the word anime at the end). I was thinking if is it possible to block pages if they have a certain keyword in its URL. Some content Filters like Blue Coast K9 have that characteristic, the problem is that they cannot be implemented in a Router. Is this possible with pfSense?

johnpoz · Nov 1, 2016, 12:07 PM

If your using a proxy then you can do whatever the the proxy supports. Out of the box know a router/firewall does not do such filtering. Such filtering is done with a proxy.

r0utevv3 · Nov 1, 2016, 7:59 PM

Squid is a Proxy, How can I do that with Squid? I am using it at the moment with Squidguard, as this post says https://forum.pfsense.org/index.php?topic=112335.0

KOM · Nov 1, 2016, 8:50 PM

Create a Target Category for your bad words. Edit it and add your words to the Regular Expression section. Link your target category with the ACL you created for the users you want this to apply to.

r0utevv3 · Nov 2, 2016, 8:16 PM

Hello, it works! but for a strange reason in google, youtube, wikipedia, bing it doesn't work. I thought that it was because they are https pages, but then I noticed that https pages like https://www.cars.com/bad-word are blocked. What am I doing wrong? There are other categories like advertisement that are successfully blocked in youtube (I don't see any ads anymore), but my bad-words category is not.

KOM · Nov 2, 2016, 8:21 PM

No idea. I've never needed to use that functionality. Perhaps check squid & squidguard logs? That's assuming you have those ACLs set to log. Can you provide an exact example of what is failing?

r0utevv3 · Nov 2, 2016, 10:20 PM

I think I was wrong, is only blocking http pages, and I still see ads in youtube:

02.11.2016 22:11:56 192.168.1.104/192.168.1.104 http://www.cars.com/anime Request(default/Bad-Words/-) - GET REDIRECT
02.11.2016 22:08:47 192.168.1.104/192.168.1.104 http://www.auto.com/anime Request(default/Bad-Words/-) - GET REDIRECT
02.11.2016 22:06:06 192.168.1.104/192.168.1.104 http://googleads.g.doubleclick.net/pagead/gen_204?id=wfocus&gqid=&qqid=CKO7kqGKi9ACFZRIAQodj0UMHA&fg=1 Request(default/blk_BL_adv/-) - GET REDIRECT
02.11.2016 22:06:06 192.168.1.104/192.168.1.104 http://googleads.g.doubleclick.net/pagead/gen_204?id=wfocus&gqid=&qqid=CKG7kqGKi9ACFZRIAQodj0UMHA&fg=1 Request(default/blk_BL_adv/-) - GET REDIRECT
02.11.2016 22:06:06 192.168.1.104/192.168.1.104 http://googleads.g.doubleclick.net/pagead/gen_204?id=wfocus&gqid=&qqid=CKC7kqGKi9ACFZRIAQodj0UMHA&fg=1 Request(default/blk_BL_adv/-) - GET REDIRECT

I followed this tutorial: https://forum.pfsense.org/index.php?topic=112335.0

I am not sure if what he does about WPAD is for filter https .
I follow the tutorial until: "To stop users from bypassing your proxy setup a new firewall lan rule and block port 80 and 443"
I think what is next of that is optional, isn't?

KOM · Nov 3, 2016, 2:14 PM

I think what is next of that is optional, isn't?

Yes and no. If you don't want your users going around the proxy just by disabling it in their LAN connection settings then this step is mandatory.

I haven't worked through aGH's guide. I use squid in explicit mode with WPAD. I only use it as a platform for URL filtering, not caching at all. Everything works for me.

Do you see any evidence that https is being processed by squid?