Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Update Reg Exp to enforce Google Safe Search in DansGuardian

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      adoucette
      last edited by

      What is the latest regular expression to enforce google safe search in DansGuardian?
      This would be under Services –> Dansguardian --> ACLs --> URL Lists --> Modify

      I've tried the following user submitted regular expressions from this forum with no joy:
      This one was supposed to redirect to a non-https version of google, but currently doesn't appear to work

      "^https://www.google.[a-z]{2,6}(.*)"->"https://nosslsearch.google.com\1"
      

      These were to add &safe=vss& to either http or https google search url, but don't work

      #"(^http[s]?://[0-9a-z]+\.google\.[a-z]+[-/%.0-9a-z]*/search\?)"->"\1&safe=vss&"
      "(^http[s]?://[0-9a-z]+\.google\.[a-z]+[-/%.0-9a-z]*/s\?)"->"\1&safe=vss&"
      "(^http[s]?://[0-9a-z]+\.google\.[a-z]+[-/%.0-9a-z]*/images\?)"->"\1&safe=vss&"
      "(^http[s]?://[0-9a-z]+\.google\.[a-z]+[-/%.0-9a-z]*/videos\?)"->"\1&safe=vss&"
      "(^http[s]?://[0-9a-z]+\.google\.[a-z]+[-/%.0-9a-z]*/\?)(.*)(&?)(safe=[^&]*)"->"\1\2\3"
      # ... and add 'safe=vss'
      These do the same, but again, don't work
      [code]"(^https://[0-9a-zA-Z]{0,12}?\.google\.[/0-9a-zA-Z]*\?)(.+)"->"\1\2&safe=vss&"
      "(^http://[0-9a-zA-Z]{0,12}?\.google\.[/0-9a-zA-Z]*\?)(.+)"->"\1\2&safe=vss&"
      [/code]
      And these
      [code]"([a-z]*\.google\..*)(&q=.*)"->"\1&safe=vss\2"
      "([a-z]*\.google\..*)(\?)(q=.*)"->"\1?safe=vss&\3"[/code]
      
      However, the included strings for Bing, Yahoo, Hotbot, etc DO work:
      [code]# BING Add &adlt=strict
      "(^http://.+\.bing\.[a-z]+[-/%.0-9a-z]*/.*$)"->"\1&adlt=strict"
      
      # Singingfish - remove 'ff=...' and add 'ff=1'
      "(^http://search\.singingfish\.com/[-/%.0-9a-z]*\?)(.*)(&?)(ff=[^&]*)"->"\1\2\3"
      
      "(^http://search\.singingfish\.com/[-/%.0-9a-z]*\?)"->"\1ff=1&"
      
      # Ilse - remove 'family=...' and add 'family=yes'
      "(^http://www\.ilse\.nl/searchresults\.dbl\?)(.*)(&?)(family=[^&]*)"->"\1\2\3"
      "(^http://www\.ilse\.nl/searchresults\.dbl\?)"->"\1family=yes&"
      
      # KEL - remove 'Realm%3AErotiek=...'
      "(^http://www\.kel\.nl/search/search.cgi\?)(.*)(&?)(Realm%3AErotiek=[^&]*)"->"\1\2\3"
      
      # Lycos.com - family filter only available in advanced mode.
      # Remove 'adv=...' and 'adf=...' and add 'adv=1&adf=on'
      "(^http://[^/]*search[^/]*\.lycos\.com/[-/%.0-9a-z]*\?)(.*)(&?)(adv=[^&]*)"->"\1\2\3"
      "(^http://[^/]*search[^/]*\.lycos\.com/[-/%.0-9a-z]*\?)(.*)(&?)(xadult\.)(.*)(xadult\.)"->"\1\2\3\5"
      "(^http://[^/]*search[^/]*\.lycos\.com/[-/%.0-9a-z]*\?)"->"\1adv=1&adf=on&"
      
      # Lycos.nl - remove 'family=...' and add 'family=on'
      "(^http://zoek\.lycos\.nl/[-/%.0-9a-z]*\?)(.*)(&?)(family=[^&]*)"->"\1\2\3"
      "(^http://zoek\.lycos\.nl/[-/%.0-9a-z]*\?)"->"\1family=on&"
      
      # Alltheweb - change the customize url so that 'offensive' cannot be turned off
      "(^http://www\.alltheweb\.com/customize\?)(.*)(&?)(copt_offensive=[^&]*)"->"\1\2\3copt_offensive=on"
      
      # Yahoo - remove 'vm=...' and add 'vm=r'
      "(^http://[.0-9a-z]+\.yahoo\.[a-z]+[-/%.0-9a-z]*/search)(.*)(&?)(vm=[^&]*)"->"\1\2\3"
      "(^http://[.0-9a-z]+\.yahoo\.[a-z]+[-/%.0-9a-z]*/search+.*\?)"->"\1vm=r&"
      
      # Hotbot - remove 'adf=...' and add 'adf=on'
      "(^http://[0-9a-z]+\.hotbot\.[a-z]+/default\.asp\?)(.*)(&?)(adf=[^&]*)"->"\1\2\3"
      "(^http://[0-9a-z]+\.hotbot\.[a-z]+/default\.asp\?)"->"\1adf=on&"
      
      # Wisenut - change the customize url so that 'wisepatrol' cannot be turned off
      "(^http://www\.wisenut\.com/preferences/savePreferences\.[^?]*\?)(.*)(&?)(wisepatrol=[^&]*)"->"\1\2\3wisepatrol=1"
      
      # Metacrawler - remove 'familyfilter=...' and add 'familyfilter=1'
      "(^http://www\.metacrawler\.com/info\.metac/search/[-/%.0-9a-z]*\?)(.*)(&?)(familyfilter=[^&]*)"->"\1\2\3"
      "(^http://www\.metacrawler\.com/info\.metac/search/[-/%.0-9a-z]*\?)"->"\1familyfilter=1&"[/code]
      
      Thanks for any help.
      Ari[/s][/s][/s][/s][/s]
      
      1 Reply Last reply Reply Quote 0
      • R
        rjcrowder
        last edited by

        I've had mixed luck on the forcing of safe search. I haven't played with it in a while, but I believe the following is adding the safe = vss (at least is shows on the address line).

        # Google, Go etc. - remove 'safe=...'
        "(^http://[0-9a-z]+\.google\.[a-z]+[-/%.0-9a-z]*/\?)(.*)(&?)(safe=[^&]*)"->"\1\2\3"
        # ... and add 'safe=vss'
        "(^http://[0-9a-z]+\.google\.[a-z]+[-/%.0-9a-z]*/\?)"->"\1safe=vss&"
        "([a-z]*\.google\..*)(&q=.*)"->"\1&safe=vss\2"
        "([a-z]*\.google\..*)(\?)(q=.*)"->"\1?safe=vss&\3"
        
        

        The best way to redirect to the non SSL site - which is necessary to filter content with Dans (unless you want to do SSL man in the middle) - is to override the DNS. You will need to create entries under the "Host Overrides" section of the DNS forwarder to resolve:
          www.google.com
          google.co.uk
          google.com
        to the address of nosslsearch.google.com. You may also want to block other SSL search engines.

        For the integrity install, I created a little daemon that runs via cron to automatically update the IP address of the override (since google could change the resolution of it). The daemon looks for "ip=some.url" in the description and then updates the IP address. I've attached a screenshot of my host overrides.

        ![Screenshot from 2015-01-04 15:17:30.png](/public/imported_attachments/1/Screenshot from 2015-01-04 15:17:30.png)
        ![Screenshot from 2015-01-04 15:17:30.png_thumb](/public/imported_attachments/1/Screenshot from 2015-01-04 15:17:30.png_thumb)

        1 Reply Last reply Reply Quote 0
        • A
          adoucette
          last edited by

          Thanks, that seems to be working.
          Google now locks no ssl, and safesearch.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.