As you may know in late 2013 Google began defaulting all client connections to be made over SSL, this meant that without using our SSL decryption module (SSL Intercept available in version 6 and above) your Bloxx Web Filtering solution was unable to enforce Google Safe Search to users web requests as the communication between the Client and Google was encrypted.
Google eventually implemented a method (No SSL Search) that would allow networks to enforce Safe Search if all Google requests were pointed to a specific farm of servers. These servers would only ever respond over HTTP and in turn would allow the Bloxx Web Filters to enforce Google Safe Search on a per policy basis, this could be achieved without the need to use our SSL Intercept module as the communication between the Client and Google was not encrypted.
In order to set your network up with No SSL Search all you had to do was make a change to your internal DNS servers so that requests to Google domains would always resolve to the No SSL Search server farm. In Version 7.0 we introduced support for this functionality where instead of making changes to your DNS server all you had to do was set the Disable encrypted Google search under Filtering > Global Settings > Content Filters.
Google recently announced that they are retiring the “No SSL Search” option and instead are introducing a “Force Safe Search” option which means that if you point to the new server farm all requests to Google made from the Client will be fully encrypted however all searches will have Safe Search enforced.
In Bloxx Version 7.6 we changed the previous functionality added in 7.0 so that it will point to the new Force Safe Search option that Google have implemented.
If this new method is enabled you will run in to the following limitations;
- All requests regardless of user will be forced to use Google Safe Search, this means you will lose the ability to set this on a per user basis.
- If you have this option enabled and you are not using our SSL Intercept module the Bloxx appliance will be unable to provide search query reports for Google. You will also be unable to use the Search Alerts functionality added in 7.4 for Google.
Google have indicated that the “No SSL Search” option will be retired at some point in December 2014 but have not given an exact date, nor have they advised what will happen if you do nothing and wait for them to switch the No SSL Search farm off. We recommend that you take one of the following steps to ensure there is minimal impact to your organisation when this happens;
- We strongly recommend the use of our SSL Intercept module, this will allow the Bloxx solution to treat SSL requests in the same way as HTTP requests.
This not only allows the Bloxx Solution to enforce safe search on a per policy basis but also track what people are searching for which you can review in reports or configure search alerts to be notified when clients enter search terms you wish to be notified of.
- Use Google’s new method and accept the above limitations. (Remember you will need to upgrade to Software Version 7.6!)
- Restrict access to Google and use an alternative Search Engine.
Version 5 Customers
If you are running our Version 5.x software version we are unable to decrypt SSL content as the SSL Intercept module is only available in Version 6 and above, Bloxx do not have a method to enforce Google’s new method.
If you need to enforce Google Safe Search for your clients Google have a few options you can perform on client machines or by modifying your DNS servers. Please see the following link for more information on how to do this: https://support.google.com/websearch/answer/186669?hl=en-GB
Please contact your account manager if you’d like to discuss upgrading to Version 7.
Click here for more information on Google Safe Search, remember the Google Safe Search filter isn’t 100% accurate but will help you avoid most adult content.
Again, as no exact date has been given in December 2014 we strongly recommend any affected customers to take action now to ensure minimal impact to your organisation.