F5 GTM iRule to enforce Google Safe Search

July 15, 2015 at 5:59 pm Leave a comment

There are ton’s of tools you can use to enable Google Safe Search…  Essentially, you need to serve a custom record for http://www.google.com that’s a CNAME pointing to forcesafesearch.google.com.

Anyhow, for our Customer Wifi, we want to take some steps to limit the visibility of adult results to our customers (both for liability and PR reasons).  Since we have a large number of retail locations, all running through a central data center, we run a high performance DNS cache using our F5.  While I’m sure there are lots of ways to solve this issue, we created an iRule to handle it:

when DNS_REQUEST {  
if { [DNS::question name] == "www.google.com" } {   
set lookup "[RESOLV::lookup @[RESOLVING DNS SERVER HERE] -a "forcesafesearch.google.com"]"
set ip [getfield $lookup " " 1]
DNS::answer insert "www.google.com. 300 IN CNAME forcesafesearch.google.com"
DNS::answer insert "forcesafesearch.google.com. 300 IN A $ip"
if { [DNS::question name] ends_with "explicit.bing.net" } {
DNS::answer clear
DNS::header rcode NXDOMAIN

Just replace the text “[RESOLVING DNS SERVER HERE]” with the IP address of a server capable of resolving the forcesafesearch DNS query.  If you are using Route Domains, don’t forget to include it on the end of your DNS server IP.

As a bonus, this iRule also blocks explicit.bing.net, the domain that Bing uses to display thumbnails/videos for explicit content.


Entry filed under: General, Networking.

Making administrative web apps in PHP Palo Alto and the power of an API

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed


July 2015
« Jun   Aug »

Most Recent Posts

%d bloggers like this: