1. Home
  2. pfSense® Software
  3. General pfSense Questions
  4. Update Reg Exp to enforce Google Safe Search in DansGuardian

Update Reg Exp to enforce Google Safe Search in DansGuardian

  • A

    What is the latest regular expression to enforce google safe search in DansGuardian?
    This would be under Services –> Dansguardian --> ACLs --> URL Lists --> Modify

    I've tried the following user submitted regular expressions from this forum with no joy:
    This one was supposed to redirect to a non-https version of google, but currently doesn't appear to work

    "^https://www.google.[a-z]{2,6}(.*)"->"https://nosslsearch.google.com\1"

    These were to add &safe=vss& to either http or https google search url, but don't work

    #"(^http[s]?://[0-9a-z]+\.google\.[a-z]+[-/%.0-9a-z]*/search\?)"->"\1&safe=vss&"
"(^http[s]?://[0-9a-z]+\.google\.[a-z]+[-/%.0-9a-z]*/s\?)"->"\1&safe=vss&"
"(^http[s]?://[0-9a-z]+\.google\.[a-z]+[-/%.0-9a-z]*/images\?)"->"\1&safe=vss&"
"(^http[s]?://[0-9a-z]+\.google\.[a-z]+[-/%.0-9a-z]*/videos\?)"->"\1&safe=vss&"
"(^http[s]?://[0-9a-z]+\.google\.[a-z]+[-/%.0-9a-z]*/\?)(.*)(&?)(safe=[^&]*)"->"\1\2\3"
# ... and add 'safe=vss'
These do the same, but again, don't work
[code]"(^https://[0-9a-zA-Z]{0,12}?\.google\.[/0-9a-zA-Z]*\?)(.+)"->"\1\2&safe=vss&"
"(^http://[0-9a-zA-Z]{0,12}?\.google\.[/0-9a-zA-Z]*\?)(.+)"->"\1\2&safe=vss&"
[/code]
And these
[code]"([a-z]*\.google\..*)(&q=.*)"->"\1&safe=vss\2"
"([a-z]*\.google\..*)(\?)(q=.*)"->"\1?safe=vss&\3"[/code]

However, the included strings for Bing, Yahoo, Hotbot, etc DO work:
[code]# BING Add &adlt=strict
"(^http://.+\.bing\.[a-z]+[-/%.0-9a-z]*/.*$)"->"\1&adlt=strict"

# Singingfish - remove 'ff=...' and add 'ff=1'
"(^http://search\.singingfish\.com/[-/%.0-9a-z]*\?)(.*)(&?)(ff=[^&]*)"->"\1\2\3"

"(^http://search\.singingfish\.com/[-/%.0-9a-z]*\?)"->"\1ff=1&"

# Ilse - remove 'family=...' and add 'family=yes'
"(^http://www\.ilse\.nl/searchresults\.dbl\?)(.*)(&?)(family=[^&]*)"->"\1\2\3"
"(^http://www\.ilse\.nl/searchresults\.dbl\?)"->"\1family=yes&"

# KEL - remove 'Realm%3AErotiek=...'
"(^http://www\.kel\.nl/search/search.cgi\?)(.*)(&?)(Realm%3AErotiek=[^&]*)"->"\1\2\3"

# Lycos.com - family filter only available in advanced mode.
# Remove 'adv=...' and 'adf=...' and add 'adv=1&adf=on'
"(^http://[^/]*search[^/]*\.lycos\.com/[-/%.0-9a-z]*\?)(.*)(&?)(adv=[^&]*)"->"\1\2\3"
"(^http://[^/]*search[^/]*\.lycos\.com/[-/%.0-9a-z]*\?)(.*)(&?)(xadult\.)(.*)(xadult\.)"->"\1\2\3\5"
"(^http://[^/]*search[^/]*\.lycos\.com/[-/%.0-9a-z]*\?)"->"\1adv=1&adf=on&"

# Lycos.nl - remove 'family=...' and add 'family=on'
"(^http://zoek\.lycos\.nl/[-/%.0-9a-z]*\?)(.*)(&?)(family=[^&]*)"->"\1\2\3"
"(^http://zoek\.lycos\.nl/[-/%.0-9a-z]*\?)"->"\1family=on&"

# Alltheweb - change the customize url so that 'offensive' cannot be turned off
"(^http://www\.alltheweb\.com/customize\?)(.*)(&?)(copt_offensive=[^&]*)"->"\1\2\3copt_offensive=on"

# Yahoo - remove 'vm=...' and add 'vm=r'
"(^http://[.0-9a-z]+\.yahoo\.[a-z]+[-/%.0-9a-z]*/search)(.*)(&?)(vm=[^&]*)"->"\1\2\3"
"(^http://[.0-9a-z]+\.yahoo\.[a-z]+[-/%.0-9a-z]*/search+.*\?)"->"\1vm=r&"

# Hotbot - remove 'adf=...' and add 'adf=on'
"(^http://[0-9a-z]+\.hotbot\.[a-z]+/default\.asp\?)(.*)(&?)(adf=[^&]*)"->"\1\2\3"
"(^http://[0-9a-z]+\.hotbot\.[a-z]+/default\.asp\?)"->"\1adf=on&"

# Wisenut - change the customize url so that 'wisepatrol' cannot be turned off
"(^http://www\.wisenut\.com/preferences/savePreferences\.[^?]*\?)(.*)(&?)(wisepatrol=[^&]*)"->"\1\2\3wisepatrol=1"

# Metacrawler - remove 'familyfilter=...' and add 'familyfilter=1'
"(^http://www\.metacrawler\.com/info\.metac/search/[-/%.0-9a-z]*\?)(.*)(&?)(familyfilter=[^&]*)"->"\1\2\3"
"(^http://www\.metacrawler\.com/info\.metac/search/[-/%.0-9a-z]*\?)"->"\1familyfilter=1&"[/code]

Thanks for any help.
Ari[/s][/s][/s][/s][/s]
    0
  • R

    I've had mixed luck on the forcing of safe search. I haven't played with it in a while, but I believe the following is adding the safe = vss (at least is shows on the address line).

    # Google, Go etc. - remove 'safe=...'
"(^http://[0-9a-z]+\.google\.[a-z]+[-/%.0-9a-z]*/\?)(.*)(&?)(safe=[^&]*)"->"\1\2\3"
# ... and add 'safe=vss'
"(^http://[0-9a-z]+\.google\.[a-z]+[-/%.0-9a-z]*/\?)"->"\1safe=vss&"
"([a-z]*\.google\..*)(&q=.*)"->"\1&safe=vss\2"
"([a-z]*\.google\..*)(\?)(q=.*)"->"\1?safe=vss&\3"

    The best way to redirect to the non SSL site - which is necessary to filter content with Dans (unless you want to do SSL man in the middle) - is to override the DNS. You will need to create entries under the "Host Overrides" section of the DNS forwarder to resolve:
      www.google.com
      google.co.uk
      google.com
    to the address of nosslsearch.google.com. You may also want to block other SSL search engines.

    For the integrity install, I created a little daemon that runs via cron to automatically update the IP address of the override (since google could change the resolution of it). The daemon looks for "ip=some.url" in the description and then updates the IP address. I've attached a screenshot of my host overrides.

    ![Screenshot from 2015-01-04 15:17:30.png](/public/imported_attachments/1/Screenshot from 2015-01-04 15:17:30.png)
    ![Screenshot from 2015-01-04 15:17:30.png_thumb](/public/imported_attachments/1/Screenshot from 2015-01-04 15:17:30.png_thumb)

    0
  • A

    Thanks, that seems to be working.
    Google now locks no ssl, and safesearch.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy