Forcing SafeSearch
This article describes the procedure force SafeSearch in Google and YouTube. Note that this procedure does not adversely affect content filtering when using Gateway Management.
dnsblock
Start by logging on to your ClearOS server (locally or by SSH) with your root account.
We will create an iptables entry to block all forward DNS traffic, forcing DNS traffic to go via your ClearOS server.
Create the dnsblock file, and then add the following entry to this dnsblock file:
vi /etc/clearos/firewall.d/dnsblock
iptables -I FORWARD -p udp --dport 53 -j DROP
Now restart the firewall:
service firewall restart
nosslsearch.conf
Now we can create a file that will redirect traffic to the nosslsearch.google.com IP address. Note that this IP address can change from time to time, at the time of writing this article it was 216.239.38.120.
Create the nosslsearch.conf file, and add the following lines.
vi /etc/dnsmasq.d/nosslsearch.conf
address=/www.google.com/216.239.38.120
address=/www.google.co.uk/216.239.38.120
Restart the dnsmasq service:
service dnsmasq restart
YouTube
You can also apply filtering to YouTube. Start by creating safeyoutube.conf file, and then add the following lines. Don't forget to restart the dnsmasq service.
vi /etc/dnsmasq.d/safeyoutube.conf
address=/www.youtube.com/216.239.38.120
address=/m.youtube.com/216.239.38.120
address=/youtubei.googleapis.com/216.239.38.120
address=/youtube.googleapis.com/216.239.38.120
address=/www.youtube-nocookie.com/216.239.38.120
service dnsmasq restart
Blocking other HTTPS websites
Now that you've forced DNS to go through ClearOS, you can block other sites with one line.
Start by creating the blockdomains.conf file and then add the following example lines. Finally restart the dnsmasq service.
vi /etc/dnsmasq.d/blockdomains.conf
address=/facebook.com/127.0.0.1
address=/twitter.com/127.0.0.1
address=/plus.google.com/127.0.0.1
address=/encrypted.google.com/127.0.0.1
address=/youtube.com/127.0.0.1
service dnsmasq restart
WARNING: Be careful when editing the blockdomains.conf file. I forgot to add the IP address on one line, and the dnsmasq service then failed to start.
Thanks for visiting.