How to enforce Safe Search for Google, You Tube, Bing

MVP Expert
MVP Expert


Now all the major search providers have switched to HTTPS all requests to the search engines are encrypted - it is no longer possible to use a firewall to look at the URL and modify it to switch the request to a safe search request.

This means that most search engines will return non safe results.

This is a big deal especially for Schools and guest networks - you don't want children seeing non safe content, same for guests - you don't want them having access to non safe content in a work environment.


Google, You Tube and Bing recognize this is a significant issue and offer a 'safe search' VIP, it is then possible to change the DNS entries for all the Google TLD's to resolve to

Again the same thing is possible for Bing redirect to

You Tube offer a restricted mode for video searches again using the VIP.


Note as of January 2016 it appears that yahoo do not offer safesearch via DNS.


If you don't want to play around with the DNS servers, the same configuration is possible on Aruba Instant.


The solution is for Instant to be configured for access control rules which will destination NAT based on domain name.

i.e. if we see change the destination IP to (


The problem with google is they have ~190+ top level domains so they all need to be redirected. i.e

Instead of 190 rules we can use the following wild card '.*'

our D-NAT rule would look like;

rule alias google..* match any any any dst-nat ip




The configuration can be done via both WebUI and Console.

Unfortunately we can't D-NAT to a domain name so we have to resolve the safe VIPs manually;


Google =


You Tube =


Bing =


wlan access-rule SafeSearch
 index 0

# redirect google searches

 rule alias google..* match any any any dst-nat ip


# redirect You Tube
 rule alias match any any any dst-nat ip
 rule alias match any any any dst-nat ip
 rule alias match any any any dst-nat ip
 rule alias match any any any dst-nat ip
 rule alias match any any any dst-nat ip


# redirect Bing
 rule alias match any any any dst-nat ip


# Block Yahoo
 rule alias match any any any deny

# Allow everything else
 rule any any match any any any permit




To verify you are getting safe results, either attempt to search for non safe content, or check settings under google and change to non safe results and then search and then re-check the settings it should be back to safe results.


Version history
Revision #:
4 of 4
Last update:
‎01-27-2016 02:36 AM
Updated by:
Labels (1)
Hi. Can you be more specific on how to apply this setings? I have AP215 and AP315 running firmware. Can I set up this through instant? Regards.
Search Airheads
Showing results for 
Search instead for 
Did you mean: