Web Filter Extension for Google Chrome

You can locate the extension settings by navigating to Web Filter > Mobile Devices > Web Filter Extension for Google Chrome.

The Web Filter Extension for Google Chrome works with your Rocket to provide off-network filtering for Chromebooks. The extension for Chrome provides content filtering for ChromeOS, allowing school administrators to ensure safe, monitored access on school-distributed Chromebooks. Operating as a Chrome extension, it offers policy-based filtering and off-network activity reporting–all without the need for a proxy. In addition, it provides seamless single sign-on capabilities for ChromeOS devices when they are used off the school network.

The Web Filter Extension for Google Chrome is the safest iteration of our Google Chrome extension to date! The new Extension for Google Chrome is created uniquely for your organization. Only you and you alone have access to this extension, ensuring a seamless deployment and filtering experience.


  • Chrome v48 or higher is required. Please note ChromeOS normally updates to the latest version automatically.
  • For transparent authentication to work correctly, your Lightspeed Web Filter must be running version 3.4.0rc2 or newer.
  • You must have your Google Authentication source configured in the Web Filter. You must also have it set up as a mobile authentication source under Web Filter > Mobile Devices > Authentication Sources
  • Ports 443 (inbound) and 80 (inbound/outbound) need to be forwarded to the Rocket in order for the Web Filter Extension for Google Chrome to work.

Web Filter Extension for Google Chrome Settings

The Web Filter Extension for Google Chrome has several fields, including API Key, Primary Policy Server, Secondary Policy Server, and Use HTTPs.

The API Key field is populated automatically. You should not alter the value that appears in that field. Prior to enabling the Web Filter Extension for Google Chrome, you will have to populate the Primary Policy Server and Secondary Policy Server fields. If you only have a single policy server, then populate that Primary Policy Server field with the FQHN of your Rocket. If you have both a primary and a secondary policy server, then populate both fields (In our example we only have a single policy server, so we only populated that field.)

Note: If you have a Cluster setup, use your Round Robin DNS address as your Primary Policy Server.

Customers who currently use SSL certificates generated by a Certificate Authority (CA) with their Rocket appliance for mobile filtering should enable the Use HTTPS option by checking the box to the left of it. These customers previously used the Chrome Lightspeed S-Filter. All Lightspeed customers who utilize Certificate Authority issued certificates MUST enable this option.

Note: Cloud Filter customers MUST enable the Use HTTPS option.
Note: Customers who use the default certificate or a self-signed certificate should NOT enable the Use HTTPS option.

Setting up the extension is easy. You can enable the extension by navigating to Web Filter > Mobile Devices > Web Filter Extension for Google Chrome and clicking Enable.


Once the extension is enabled, you will see the Extension ID and Extension URL fields. You will use this information to deploy the extension to your users.

Note: Clients with multiple tiers should first set the Web Filter Extension for Google Chrome up at their Root tier, and then set it up individually in each additional tier they wish to push the extension to. The extension will need to be set up and pushed individually for each tier.

Deploying the Web Filter Extension for Google Chrome

Note: Google may change their UI without warning, causing these steps to no longer be accurate. If that is the case, please notify us through the Was This Helpful link (click No and a form to notify us will pop up) at the bottom of the page and we will immediately update the steps.

  1. 1. Open the Google Admin console and navigate to Device Management.

  2. 2. On the left-hand navigational menu, click on Chrome Management.
  3. 3. Click on User Settings.

  4. 4. Select your organization on the left-hand navigational menu and then scroll down to Apps and Extensions > Force-installed Apps and Extensions. Click on Manage force-installed apps.
  5. 5. Click on Specify a Custom App.
  6. 6. In the ID and URL fields enter your (a.) specific custom ID and URL as displayed in Web Filter > Mobile Devices > Web Filter Extension for Chrome. Click Add.

  7. 7. Once the app has been added you will see it in your list of apps to the right. The app will have the same name as the ID in the Web Filter interface. Click Save to push the extension.
  8. 8.Don’t forget to Save your setting changes.

From the GAFE console:

  • Disable incognito mode (private browsing).
  • Force the Chromebooks to a single domain. You can learn how to do so here (Sign-in Settings->Restrict Sign In)
  • Disable Developer Tools


  • If a user logs in to an email domain that is not registered the device will not be filtered.
  • Developer Tools must be disabled through the GAFE console. This can be accomplished by navigating to Device Management > Chrome > User Settings and setting the drop down menu for developer tools to Never allow use of built-in developer tools. Learn more here. (User Experience >Developer Tools)


  • Customers that use self-signed certificates should push those out to users in order to avoid certificate alerts.
Note: If you want Smart Play to work with the Web Filter Extension for Google Chrome, you will need to add a URL Pattern list with the following URLs to your Rule Sets:
Note: The extension does not recognize URL-level categorization filtering, but does recognize URL Patterns.
Note: It may take up to 5 minutes for Rocket setting changes to register on the extension.