Thanks for the answer, but

craig-rogers · ‎02-25-2015

Hi,

I'm currently testing https Inspect to close a hole in the Google Images search.

I was under the impression that https inspect would not display any images that are in the a blocked category.

I have a CSW created certificate installed on the PC I'm testing on which I see as being accepted. If I delete the cert from the PC, then I can't get to google (via https) as the cert is not accepted.

However, with the cert running on the PC, images are not being filtered within a Google search. It's not practical for us to change to a "safesearch on" policy and was under the impression that https inspect would indeed filter the images, but it's not. I've tested on some images that they are blocked as if I click the "visit site" or "view image" links, then I get the blocked page.

Any help is very appreciated.

Thanks

Craig

Ken Stieers · ‎02-25-2015

All the HTTPS proxy does is let you get encrypted sites and optionally decrypt the traffic so you can dig into it more.(Eg anti malware, AVC, etc)

Images displayed in Google image searches are hosted at google and are links to their home site. They aren't pulled from the host site by the brower viewing the results.

If you're trying to block porn in google searches you'll have to turn on safe search...

craig-rogers · ‎02-26-2015

Thanks for the answer, but that's crazy, it didn't used to be like that before Google forced https on everyone.

I can't see how safe search can be enforced? I know it can be done on at DNS, but that doesn't help our field users who connect to their own/public wifi. Even when they are VPN'd, we use split tunnelling so that won't work either.

Seems a real limitation of CWS that you cannot simply manipulate URLs or make custom suffix's? Or can you?

Our contract is up later this year and with all the issues we've had lately combined with it not being a very powerful solution, I suspect we'll be looking elsewhere.

Erik Dahle · ‎02-27-2015

Access Policy - URL Filtering - Enable Safe Search?

Works fine in my policy.

craig-rogers · ‎02-27-2015

I'm guessing this is on a Web Security Appliance and not the Cloud Web Security?

I know it's an option on the appliance, but we are (not yet) using them.

Erik Dahle · ‎02-27-2015

Ah, I missed that thing about Cloud Web Security, sorry about that.
Yep, I'm running the physical appliance.

kushsriva · ‎03-03-2015

Hi Craig,

You would need to enable the "SeachAhead" feature on the CWS portal to limit Google Image search in the blocked category

"When enabled, SearchAhead will annotate Google, Bing, and Yahoo! search results for all users. The annotation provides guidance on acceptable or unacceptable content based on the corresponding web filtering policy you have applied."

To enable SearchAhead, you would need to go to 'Web Filtering", expand the "Management" tab and select "Global Settings" and check the box for "SearchAhead.

Regards,

Kush

craig-rogers · ‎03-04-2015

Hi Kush,

Thanks for the reply, however, I've already tried this and it doesn't filter Google Images. I just think it's a limitation of CWS so we are looking at reverting back to an on-site appliance.

Regards

Craig

kushsriva · ‎03-04-2015

Hi Craig,

I do understand your concern however if possible just check with Cisco TAC or your Cisco CWS SDM to check if the feature has been enabled at the Backend, for your CWS account.

I have seen this issue once that the feature had to be enabled from the backend and it started to work.

Regards,

Kush

CSW: Filtered Google Images still appearing with HTTPS Inspect configured