Forcing SafeSearch

clearosThis article describes the procedure force SafeSearch in Google and YouTube. Note that this procedure does not adversely affect content filtering when using Gateway Management.


dnsblock

Start by logging on to your ClearOS server (locally or by SSH) with your root account.

We will create an iptables entry to block all forward DNS traffic, forcing DNS traffic to go via your ClearOS server.

Create the dnsblock file, and then add the following entry to this dnsblock file:

vi /etc/clearos/firewall.d/dnsblock
iptables -I FORWARD -p udp --dport 53 -j DROP

 

Now restart the firewall:

service firewall restart

 

nosslsearch.conf

Now we can create a file that will redirect traffic to the nosslsearch.google.com IP address.  Note that this IP address can change from time to time, at the time of writing this article it was 216.239.38.120.

Create the nosslsearch.conf file, and add the following lines.

vi /etc/dnsmasq.d/nosslsearch.conf
address=/www.google.com/216.239.38.120
address=/www.google.co.uk/216.239.38.120

 

Restart the dnsmasq service:

service dnsmasq restart

YouTube

You can also apply filtering to YouTube.  Start by creating safeyoutube.conf file, and then add the following lines. Don't forget to restart the dnsmasq service.

vi /etc/dnsmasq.d/safeyoutube.conf

address=/www.youtube.com/216.239.38.120
address=/m.youtube.com/216.239.38.120
address=/youtubei.googleapis.com/216.239.38.120
address=/youtube.googleapis.com/216.239.38.120
address=/www.youtube-nocookie.com/216.239.38.120
service dnsmasq restart

 

Blocking other HTTPS websites

Now that you've forced DNS to go through ClearOS, you can block other sites with one line.

Start by creating the blockdomains.conf file and then add the following example lines.  Finally restart the dnsmasq service.

vi /etc/dnsmasq.d/blockdomains.conf

address=/facebook.com/127.0.0.1
address=/twitter.com/127.0.0.1
address=/plus.google.com/127.0.0.1
address=/encrypted.google.com/127.0.0.1
address=/youtube.com/127.0.0.1
service dnsmasq restart

 WARNING: Be careful when editing the blockdomains.conf file.  I forgot to add the IP address on one line, and the dnsmasq service then failed to start.

 

Thanks for visiting.