Enabling SafeSearch for Google search
search cancel

Enabling SafeSearch for Google search

book

Article ID: 168154

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

Enabling SafeSearch for Google search to force users to use the Google search engine safe search features.
 

Environment

Disclaimer: When Safe-Search CPL is used and enabled for turning on restricted mode on Google search, Google decides what to deem inappropriate. It not part of the Proxy decision. ProxySG is simply turning on the restricted mode for Google, for it to make the decisions based on the approved points set by Google.

Resolution

ProxySG and ASG SafeSearch Policy only applies to Google search. This was tested and working since December 2019.
 
Broadcom does not support SafeSearch Policy for other search engines.
 
What is SafeSearch for Search Engines?
 
Many search engine users prefer not to have adult sites included in their image search results. SafeSearch is a function that filters out inappropriate content when you search for images on Google search engine.
 
SafeSearch filters screen for sites that contain pornography and other explicit sexual content and eliminate them from search results. Google and Yahoo filters check keywords and phrases, URLs and Open Directory categories to screen out potentially offensive material.
 
There are three levels when you use Google’s SafeSearch mode.
  • Use strict filtering. (Filter both explicit text and explicit images)
  • Use moderate filtering. (Filter explicit images only - default behavior)
  • Do not filter my search results.

 

Using a ProxySG or Advanced Secure Gateway (ASG), a security administrator can configure a policy on the proxy to always enable the SafeSearch (strict filtering) when a user accesses Google web sites and searches for images.
 
Popular content filtering databases may not help block certain searches made by users who use Google.  SmartFilter, for example, does not list the search results as part of its database, so a ProxySG or ASG filter can be used to block (or reduce) offensive search results.
 
Using a URL rewrite, a network administrator can force the SafeSearch feature to be enabled for all Google image searches. This is true even for users who try to change these settings from their desktop.
 
After you implement this policy, the images that come up in any search for material on images.google.com are much less offensive.
 
How is this feature implemented?
 
You enable SafeSearch by adding &safe=active and &vm=r to the Google query strings, respectively—by following the steps in the next section. 

Since many search engines are now SSL, this policy will not work without enabling SSL interception.
 
Implementing a SafeSearch Policy
 
The SafeSearch policy can be implemented to help safeguard users from searching Google with SafeSearch turned off.
 
There are four simple steps to deploy this policy:
  1. Download and save the pre-defined SafeSearch Policy.
  2. Modify the policy to meet your requirements.
  3. Open the ProxySG or ASG management console to the policy page.
  4. Install the policy and review the results.
Step 1 Downloading the SafeSearch Policy
 
Copy the SafeSearch policy to your local PC. The policy is attached at the bottom of this knowledge base article.
 
Step 2 Modifying Parameters
 
You may need to modify some parameters in the copied policy to customize the desired effect for your environment.  For example, you may need to modify the policy for only Google.
 
Step 3 Installing the local policy
 
Using the ProxySG Management Console, open the VPM
In the VPM you create a new CPL layer, name it "SafeSearch".
Open the safe search CPL file (Safesearch.txt), copy the text to the new CPL layer
Install Policy, verify that the policy installed without any errors.
 
Step 4 Test Policy
 
Access Google images and try to change the SafeSearch mode to “off.” The policy will reset SafeSearch to “on” each time the request goes out.
 
Conclusion
 
The ProxySG or ASG lets a security administrator create a policy that will enable SafeSearch. This policy filters inappropriate content for all users who access Google.
The SafeSearch feature helps your company to maintain greater control over the type of information accessed during company hours and when using company resources.
 
Note! If you are using an option to block search engines without safe search patterns defined then please check this article Images in Google Search, business.google.com and other google domains are not being displayed when SafeSearch policy is enabled on the ProxySG

Additional Information

Note! If you are implementing this feature for a Cloud SWG UPE tenant the policy as-is will fail when pushed to Cloud SWG.

To avoid this issue you simply need to rename the highlighted items here:

define SSL-Intercept policy BC_SafeSearch_SSL_Google_Rules
  <SSL-Intercept BC_SafeSearch_Google>
    condition=BC_SafeSearch_Google_cert_intercept_exempt OK
    policy.Intercept
end

define ssl-intercept policy Intercept
<SSL-Intercept policy_Intercept>
    ssl.forward_proxy(https) \ 
        ssl.forward_proxy.splash_text("$(x-rs-certificate-serial-number)$(x-rs-certificate-valid-from)$(x-rs-certificate-valid-to)")
end

Here is a simple working example:

define SSL-Intercept policy BC_SafeSearch_SSL_Google_Rules
  <SSL-Intercept BC_SafeSearch_Google>
    condition=BC_SafeSearch_Google_cert_intercept_exempt OK
  policy.SafeSearch_Intercept
end

define ssl-intercept policy SafeSearch_Intercept
<SSL-Intercept policy_Intercept>
    ssl.forward_proxy(https) \ 
        ssl.forward_proxy.splash_text("$(x-rs-certificate-serial-number)$(x-rs-certificate-valid-from)$(x-rs-certificate-valid-to)")
end

Attachments

1594660173867__policy-google-safe-search.cpl.txt get_app