1

I'm running the DansGuardian web filter (2.10.1.1) and the Squid web proxy (2.7.STABLE9) on Debian Linux "Wheezy" 7.1.

DansGuardian doesn't filter Google web-search or image-search queries transmitted over SSL (HTTPS). Google writes that I should "configure the DNS entry for www.google.com to be a CNAME for nosslsearch.google.com". But I'm not familiar enough with my DNS-server software to know how to do this. [Edit: Plus, it'd be nice to have a solution which will work even if I'm using my ISP's DNS server.]

How can I disable Google SSL Search?

unforgettableidSupportsMonica
  • 147
  • 1
  • 9
  • It seems that you are asking the wrong question. You already know how to disable SSL for Google search, your real question is "How do I do this on my DNS server?". Without knowing what DNS server you are using, it isn't really possible to answer that. – ThatGraemeGuy Jul 30 '13 at 08:53
  • @ThatGraemeGuy: I'm a DNS amateur running MaraDNS. And <[maradns.org/tutorial/dangling.html](http://www.maradns.org/tutorial/dangling.html)> warns that CNAMEs pointing to external host names are "not resolvable by some stub resolvers". Not knowing how to set up CNAMEs anyway, I decided to disable SSL Google search via my `urlregexplist`. The answer I posted below documents how I did so. This way, perhaps DNS amateurs who come after me will be able to take the easy way out. Are you claiming I should instead disable SSL Google search via my DNS server? If so, why? – unforgettableidSupportsMonica Jul 30 '13 at 22:35

2 Answers2

1

I did a Google search for [ nosslsearch dansguardian | squid ] and found a bunch of solutions.

In a post on the DansGuardian support list, Karl Henselin suggests adding a rule to DansGuardian's urlregexplist file. This seems like a reasonable solution. I've improved that rule; it now seems to work on many Google domains (but not on others, such as www.google.co.uk). Here's the improved version:

# Disable Google SSL Search. Based on a post by Karl Henselin.
# See <http://serverfault.com/q/527228>.
"^https://www.google.[a-z]{2,6}(.*)"->"https://nosslsearch.google.com\1"

This rule works for me for blocking access to SSL Web search. It doesn't block access to <https://images.google.com>, but that website is now just a query form. Only <www.google.com> actually serves image results nowadays.

Does the rule work for you too? Please leave a comment.

unforgettableidSupportsMonica
  • 147
  • 1
  • 9
0

I was having an issue with this entry modifying requests to www.googleapis.com, since the dots in the expression mean to match any character. This was causing youtube not to work on my mobile devices. I changed the expression to: 

    "^https://www\.google\.[a-z]{2,6}(.*)"->"https://nosslsearch.google.com\1"

and it fixed that issue.

Bronco
  • 101