I would think that this would be easier at the firewall - you could just deny port 443 to www.google.com
<mini rant> Firewalls should be set at default deny. This is specially true in situations like this where the legal and political consequences are severe. Using only whitelisting for port 443 (or any other port, including 80), for the student's subnet seems to be the safest thing. I know it's politically difficult, but life would be easier in the long run. </mini rant> On Fri, Feb 10, 2012 at 07:44, Kennedy, Jim <[email protected]> wrote: > Long story made somewhat short: We enforce safe search on google images > with our filter. If a clever student hits https://www.google.com and > searches for Excalibur Films images the safe search enforcement fails and > they are going to get more than they should. And since I now know this, I > will go to jail and my wife will be sad. > > > > So I need to do the below from Google: > > > > To utilize this solution, your school’s network administrator would modify > your DNS (Domain Name System) configuration to make Google domains, e.g. > www.google.com to be an alias or CNAME (canonical name) of nossl.google.com. > When we see search requests arriving over the nossl end point we will > redirect these to a non-SSL search session. HTTP traffic and other services > will not be affected. > > > > I am a bit puzzled on how to do this. If I toss up a zone for google.com and > put up a www.google.com CNAME nossl.google.com What happens when someone > tries to hit mail.google.com? My zone lookup will fail…will my DNS server > then hit my forwarders for mail.google.com > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
