Forcing users to use Google search via HTTP (instead of using SSL) without SSL-Interception
search cancel

Forcing users to use Google search via HTTP (instead of using SSL) without SSL-Interception


Article ID: 165751


Updated On:


ProxySG Software - SGOS


Your organization has a requirement to log all traffic, including searches to Google. By default Google redirects users to an SSL-encrypted page, so the proxy can't see the actual search query and results.


According to Google, you can use a different host which will NOT redirect to HTTPS - They mention that you need to create a DNS CNAME on the DNS server(s) configured on the SG.

There is an easier way. You can forward traffic that was originally destined to to their nosslsearch server. This is achieved by following these steps:

1. Create a forwarding host as follows (Configuration -> Forwarding -> Forwarding Hosts -> New

User-added image

2. Open VPM, create a Forwarding layer with a rule like this:

User-added image

The elements break out like this:

User-added image

User-added image

3. Install policy and browse to You'll notice that you are now using an HTTP connection instead of HTTPS (you can tell by the fact that there is a globe instead of a lock icon in front of the URL):

User-added image

As you can also see, this even works with country redirects.

Keep in mind that this only works for Google web searches (which Google automatically redirect to HTTPS) - image, video and other searches do not use SSL by default. Google Plus and Google mail (googlemail, Gmail) will need full SSL-Interception, as do Google Drive and other services that use SSL by default.


You can force Google image search to use https by manually browsing to

If you want to redirect this search as well, you can add another rule (as described in #2), but instead of using "" as the host field entry, use "" - make sure you select "At beginning" for the host field.