Since update to 22.214.171.124, the safesearch looks like doesn´t work or doesn´t match with anything, when we surf in https.
When we search "bitch" or "puta" we can see the images.
Does anybody know what´s happend?, why we can access in https to look everything.
PD: Maybe we can not envrypt the query because the user is redirected to a session unencrypted HTTP, but how???El mensaje fue editado por: maitane on 2/04/12 6:28:57 CDT
The question is that we don´t want to inspect SSL traffic by now.
We´re working with the safesearch function enabled and also we´ve created a especific rule set to prevent possible unwanted results on web searchers.
This rule set is working fine in http but we´ve realised that if we use https://www.goole.com our rule set and the safe search neither work.
If you want to enforce Google safe search for https, then you must use the SSL scanner. The Web Gateway cannot modify the headers to force safe search unless it breaks into the SSL connection.
when SSL Scanner is not enabled MWG cannot see what you searched for. MWG will see that your browser talks to Google, not what is communicated. Therefore the safe search enforcer cannot apply.
And wich is the easiest way to enable the SSL scanning so it don´t looks like a "man in the middle"?
By now, we only want to scan those searchs.
the problem is that SSL Scanner basically is a "man in the middle". So MWG will always have to replace the server certificate in order to look into the tunnel. If you have a root certificate enrolled to your browsers that MWG can use to sign server certificates users won't notice if the certificate was signed by MWG. If desired you can restrict the SSL inspection to search engines only, so that most of the SSL traffic remains untouched.
However you will have the root certificate installed on the browsers. Otherwise they will always see a certificate warning, since the server cert was changed by MWG.
That´s it Andre, thanks very much for your reply.
Restrict the SSL inspection to search engines only could be a good way for us by now.
Which would be the correct criteria? URL.Categories contains Search Engines?
basically yes, but we need to be a little careful here. The most important question it if you are running in a transparent mode. In transparent modes MWG may only see the destination IP address, rather than the host name that was accessed. In this case the categorization can cause problems. The category lookup performs reverse and forward DNS lookups to get a valid result, but it may not be as reliable as when running in explicit modes.
Also you have to ensure that your clients have a root certificate enrolled which MWG uses to sign server certificates. Otherwise your users will be prompted with a certificate warning. Actually there are customers who are happy with that, but I think its worth mentioning :-)
Maybe you restrict the SSL Scanner to the client IP of a test computer first of all, and play around with it. Then add the criteria for Search Engines and check whether it behaves as desired. If all is good you could make the change for other users.