Problem
Search Engine queries make up a very large portion of user's day-to-day internet activity, and it may be beneficial to be able to see, record and filter those searches, either for trend analysis in reporting, or to heighten Safeguarding capabilities.
However, search queries are submitted in an encrypted fashion over HTTPS, and as such are invisible to normal filtering methods, which may only filter based on the domain portion of the HTTP header, or on the DNS lookup as used by other filter providers.
Resolution
The Guardian Web Filter Categories contain keywords, phrases or patterns that allow the Web Filter to take filtering action on submitted search queries through all major (and many lesser known) search engines. Through the application of HTTPS Inspection, the Web Filter is able to decrypt the client traffic, analyse the search term or phrase, categorise the word or phrase on the fly and take appropriate filtering action based on that categorisation and the users or groups specific filtering policies.
Admins may also set up their own custom word/phrase lists to allow or block queries as required.
In order to carry out Search Term Filtering, at a minimum an HTTPS Inspection policy must be in place to apply the 'Decrypt and Inspect' action to the 'Web Search' category.
For details on setting up HTTPS Inspection policies, please see this article.
Custom Word/Phrase Lists
As mentioned, you may also set up a custom category containing a list of words or phrases that fit your specific requirements and use that category in a Guardian Allow or Block Policy to create the desired action. Details on setting up Guardian Web Filter policies can be found here.
Step-by-Step
- Log in to your Smoothwall Filter Admin UI.
- Navigate to Guardian > Policy Objects > Categories.
- Create a new custom category to be used specifically for blocking unwanted search terms, or else edit an existing category that can be used for this purpose.
- Expand the advanced section and find the Search term filtering input field. Add any search terms that should be blocked here in square brackets and save the change. As an example:
[ momo ]
A Note on Formatting - The Sussex Problem
Due to how the Smoothwall reads the entered search terms, care must be taken in the formatting, specifically in space-bracing the search terms.
For example
[sex]
Here the Smoothwall will read the characters 'sex' as a literal string of letters and search for references to those three letters in any given word.
That would also block searches for Sussex and Middlesex. To avoid this, spaces should be used within the brackets, as so:
[ sex ]
Now the search term is read as a word in its own right and actioned accordingly.
Reporting.
User search terms may be viewed in real-time through the Real Time Search Term log, available under Reports > Real time > Search terms.