Are you telling us that it would be a great addon for our content filter? I’m curious to know your feelings.
1 Like
There should be no doubt, this is a MUST HAVE feature. There is no better way to break into the education field then having a secure proxy with ldap authentication, especially one that blocks social media and porn.
3 Likes
Yes, I agree, a vital function.
Forced secure search + SQUID on blacklists good solution is not always possible to switch to an alternative dns.
From myself I’d asked (since we use a modular system) to be able to install and dansguardan module. The Forum requests, I think that such an option would have been urgently needed for schools. Yes, porn and social networks can be disabled in the current configuration, but it is always the local language is meaningful momentum, and these points may block dansguardian says. Then plug in the schools - or white list of allowed, but you are restricted with access to the information in school or squid but then lists options …
1 Like
Thanks to dnutan Marc for the configuration tips.
I could apply the dnsmask part on nethserver 7.3,
but no the squidguard part since squidguard templates to customize are no more there.
I could only find /etc/e-smith/templates/etc/squid/squid.conf/50squidguard which make use of rewriting rules:
more /etc/e-smith/templates/etc/squid/squid.conf/50squidguard { my $status = $ufdb{'status'} || 'disabled'; my $schildren = $squidguard{'StartupChildren'} || '5'; my $ichildren = $squidguard{'IdleChildren'} || '5'; my $mchildren = $squidguard{'MaxChildren'} || '20'; if ($status eq 'enabled') { $OUT.="\n# Enable squidGuard \n"; $OUT.="url_rewrite_program /usr/sbin/ufdbgclient -l /var/log/squid\n"; $OUT.="url_rewrite_children $mchildren startup=$schildren idle=$ichildren concurrency=0\n"; $OUT.='url_rewrite_extras "%>a/%>A %un %>rm bump_mode=%ssl::bump_mode sni=\"%ssl::>sni\" referer=\"%{Referer}>h\""' } }
Does any one can explain me where I’m wrong ?
Thanks
In 7.3 squidGuard has been replaced by ufdbGuard.
You could add a line to /etc/ufdbguard/ufdbGuard.conf:
safe-search on
It could not work well due to https.
I follow google faq to block safe search through safesearch vip (see @dnutan link above: https://support.google.com/websearch/answer/186669?hl=en ).
1 Like
Ok thanks :then I will relie only on the dns trick, which can be of course bypassed it specifying directly ip@ but this is enough for targetted user current skills 
.
To avoid usage of ip addresses, check Block access to sites accessed using IP address in the web filter.
http://docs.nethserver.org/en/latest/content_filter.html#filters
1 Like
Hi,
I try to enable safesearch on Nethserver 7.4.1708 : i add a line to /etc/ufdbguard/ufdbGuard.conf
safe-search on
I choose transparent proxy mode with ssl
Unfortunately, the safe search don’t work 
I also tried it in the past, but it never worked.
Maybe you can search/ask on Ufdbguard forum or mailing list
Hi,
yes i read the ReferenceManual : only find page 40
"option 3 : possible with configure DNS to have aCNAME record entry for www.google.com pointing to forcesafesearch.google.com "
but i don’t know whish file i need to edit
DNSMasq doesn’t support arbitrary CNAMEs, you’d need to redirect all DNS queries to unbound, then define the CNAME inside unbound itself.
In the end, it requires a complex configuration and you need a little bit of sysadmin skill to put it in place.
EDIT
@filippo_carletti suggested me a solution shared with a customer some time ago.
- Create an host from server-manager: forcesafesearch.google.com = 216.239.38.120
- Execute these commands:
mkdir -p /etc/e-smith/templates-custom/etc/dnsmasq.conf
for i in $(curl -s https://www.google.com/supported_domains ); do echo cname=www$i,forcesafesearch.google.com; done >/etc/e-smith/templates-custom/etc/dnsmasq.conf/60safesearch
expand-template /etc/dnsmasq.conf
service dnsmasq restart
Check if it works:
# host www.google.it
www.google.it is an alias for forcesafesearch.google.com.
forcesafesearch.google.com has address 216.239.38.120
Do not forget to create a firewall block rule from green/blue to red on port 53 UDP, to avoid filter bypass from clients.
Note: I never tested it, it’s just a translate cut&paste 
5 Likes
