Enforcing safe search features in Access rules

The safe search feature helps schools and other organizations to limit web searches and filter out potentially offensive content from search results.

Safe search can be implemented in two ways:
  • DNS-based (used by Google SafeSearch)
  • Safe search based on HTTP request modification (used by, for example, Bing, Yahoo, and DuckDuckGo)

DNS-based solution for Google SafeSearch

When DNS (TCP with Google SafeSearch) or DNS (UDP with Google SafeSearch) services are in use, Forcepoint NGFW redirects Google searches to Google's SafeSearch service by changing the DNS response. It forces all users to use safe search while still allowing a secure connection via HTTPS. Changing safe search settings in the browser does not disable safe search.

HTTP request modification for Bing, Yahoo, and DuckDuckGo searches

Use HTTP (SafeSearch) or HTTPS (SafeSearch with decryption) services to enforce safe search with Bing, Yahoo, and DuckDuckGo. Forcepoint NGFW modifies the search request by adding a "restriction" redirect string to the search URL to prevent offensive content from showing in the search results. TLS inspection must be configured, and you must have decryption enabled in the Access rule for HTTPS traffic for the safe search enforcement to apply to HTTPS.