Forcing users to use Google search via HTTP (instead of using SSL) without SSL-Interception
Last Updated October 04, 2017
Your organization has a requirement to log all traffic, including searches to Google. By default Google redirects users to an SSL-encrypted page, so the proxy can't see the actual search query and results.
According to Google, you can use a different host which will NOT redirect to HTTPS - nosslsearch.google.com. They mention that you need to create a DNS CNAME on the DNS server(s) configured on the SG.
There is an easier way. You can forward traffic that was originally destined to www.google.com to their nosslsearch server. This is achieved by following these steps:
1. Create a forwarding host as follows (Configuration -> Forwarding -> Forwarding Hosts -> New
2. Open VPM, create a Forwarding layer with a rule like this:
The elements break out like this:
3. Install policy and browse to www.google.com. You'll notice that you are now using an HTTP connection instead of HTTPS (you can tell by the fact that there is a globe instead of a lock icon in front of the URL):
As you can also see, this even works with country redirects.
Keep in mind that this only works for Google web searches (which Google automatically redirect to HTTPS) - image, video and other searches do not use SSL by default. Google Plus and Google mail (googlemail, Gmail) will need full SSL-Interception, as do Google Drive and other services that use SSL by default.
You can force Google image search to use https by manually browsing to https://images.google.com/.
If you want to redirect this search as well, you can add another rule (as described in #2), but instead of using "www.google." as the host field entry, use "images.google." - make sure you select "At beginning" for the host field.
Original Google post here: https://support.google.com/websearch/answer/186669?hl=en
Alternatively, you can also setup a static A record for www.google.com to point to 18.104.22.168 (which is what nosslsearch.google.com currently resolves to). But if you choose this option, you will probably need to do the same for localized Google domains (.co.uk, .de, .fr etc).
Imported Document ID: 000009472
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe