Google provides a mechanism to enforce "safe search" at organizations such as elementary schools by causing requests for www.google.com to be handled by nosslsearch.google.com using DNS trickery, and then HTTP requests for searches will be transmitted in plain text to enable request rewriting without requiring SSL man-in-the-middle. (See https://support.google.com/websearch/answer/186669?hl=en Option 3 near bottom of page) However, there seem to be many sites using a squid-based proxy but unable to implement the suggested DNS hack. It would be handy to be able to direct squid to use nosslsearch.google.com’s IP address for requests to http://www.google.com/. Because the Google server responds with a 302 redirect to anything other than Host: www.google.com, I’ve tried rewriting the HTTP URL in ICAP REQMOD adaptation from http://www.google.com/ to http://nosslsearch.google.com/ and leaving the Host header set to www.google.com. However, Squid rewrites the Host header to nosslsearch.google.com in the request it sends to the origin server, even with the "url_rewrite_host_header off” setting in squid.conf, and the Google server responds with HTTP 302. Alternatively, it seems one can trick squid by using the IP address for nosslsearch.google.com in the system’s /etc/hosts file, like: 216.239.32.20 www.google.com but that seems fragile. Are there any better approaches to achieve the desired result? Thanks, Guy
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail