Google force to safe search with ssl



  • Good Afternoon.
    I have pfsense installed on a school site that primarily has wifi users so no way of enforcing a group policy.

    As we know google searches return under ssl (https)

    regardless of what url we use for google .com or .co.uk google forces us to use ssl.

    I need to force google to use safe search on this school site.

    I have tried the following

    installed suiq3 and squid guard which seem to be working and filtering correctly under http, however how can i filter requests to https://google.com or .co.uk etc.

    I have tried adding host override entries to the dns forwarder for each domain to point to the ip for 216.239.32.20.

    I am still getting the normal google search engine and not safe search.

    Am i missing something? is there a rule i need to set for this in the firewall.

    Any help would be most appreciated.

    running pfs 2.2.4

    Many Thanks



  • sorted.



  • What did you do to fix it? I am going to a school, and I was testing all sorts of methods, but I haven't been back there for a while.
    Help would be appreciated. :)



  • Use the DNS Forwarder, and direct www.google.com to the safesearch address that google has setup for this exact thing…

    https://support.google.com/websearch/answer/186669

    It will also help if you have PFSense use a DNS provider that will let you select "Porn" as a filtration setting (I rather like the Norton DNS due to the ISP and other DNS services conflicting), to help prevent students from accessing porn if you have having difficulties, then block DNS in the firewall so that students are forced to use the local DNS server instead of sneakily using something like a Google DNS entry.


  • Rebel Alliance Developer Netgate

    You can take that one step farther and have pfSense grab all DNS so people who think they are being tricky will, themselves, be tricked:

    https://doc.pfsense.org/index.php/Redirecting_all_DNS_Requests_to_pfSense

    Also cuts down on support time for people with unknowingly broken DNS settings…