You can locate the extension settings by navigating to Web Filter > Mobile Devices > Web Filter Extension for Google Chrome.
The Web Filter Extension for Google Chrome works with your Rocket to provide off-network filtering for Chromebooks. The extension for Chrome provides content filtering for ChromeOS, allowing school administrators to ensure safe, monitored access on school-distributed Chromebooks. Operating as a Chrome extension, it offers policy-based filtering and off-network activity reporting–all without the need for a proxy. In addition, it provides seamless single sign-on capabilities for ChromeOS devices when they are used off the school network.
The Web Filter Extension for Google Chrome is the safest iteration of our Google Chrome extension to date! The new Extension for Google Chrome is created uniquely for your organization. Only you and you alone have access to this extension, ensuring a seamless deployment and filtering experience.
- Chrome v48 or higher is required. Please note ChromeOS normally updates to the latest version automatically.
- For transparent authentication to work correctly, your Lightspeed Web Filter must be running version 3.4.0rc2 or newer.
- You must have your Google Authentication source configured in the Web Filter. You must also have it set up as a mobile authentication source under Web Filter > Mobile Devices > Authentication Sources.
- Ports 443 and 80 (both inbound and outbound) need to be forwarded to the Rocket in order for the Web Filter Extension for Google Chrome to work.
Web Filter Extension for Google Chrome Settings
The Web Filter Extension for Google Chrome has several fields, including API Key, Primary Policy Server, Secondary Policy Server, and Use HTTPs.
The API Key field is populated automatically. You should not alter the value that appears in that field. Prior to enabling the Web Filter Extension for Google Chrome, you will have to populate the Primary Policy Server and Secondary Policy Server fields. If you only have a single policy server, then populate that Primary Policy Server field with the FQHN of your Rocket. If you have both a primary and a secondary policy server, then populate both fields (In our example we only have a single policy server, so we only populated that field.)
Note: If you have a Cluster setup, use your Round Robin DNS address as your Primary Policy Server.
Customers who currently use SSL certificates generated by a Certificate Authority (CA) with their Rocket appliance for mobile filtering should enable the Use HTTPS option by checking the box to the left of it. These customers previously used the Chrome Lightspeed S-Filter. All Lightspeed customers who utilize Certificate Authority issued certificates MUST enable this option.
Note: Cloud Filter customers MUST enable the Use HTTPS option.
Note: Customers who use the default certificate or a self-signed certificate should NOT enable the Use HTTPS option.
Setting up the extension is easy. You can enable the extension by navigating to Web Filter > Mobile Devices > Web Filter Extension for Google Chrome and clicking Enable.
Once the extension is enabled, you will see the Extension ID and Extension URL fields. You will use this information to deploy the extension to your users.
Note: Clients with multiple tiers should first set the Web Filter Extension for Google Chrome up at their Root tier, and then set it up individually in each additional tier they wish to push the extension to. The extension will need to be set up and pushed individually for each tier.
Disallow Incognito Mode
Chrome’s Incognito Mode allows users to browse the Internet privately. While user activity isn’t hidden in Incognito Mode, it’s best to disallow this feature when setting up your web-filtering service.
To disallow Incognito Mode from the Google Admin console, navigate to Incognito Mode (Device Management > Chrome > User settings > Security > Incognito Mode) and select Disallow Incognito Mode from the drop-menu. Click Save to apply this setting. Click Save to apply this setting.
Never Allow Developer Tools
Chrome’s built-in developer tools give users access to the browser’s (and other web applications) internal code. It’s best to never allow users access to the browser’s built-in developer tools.
To never allow access to Chrome’s built-in developer tools, from the Google Admin console, navigate to Development Tools (Device Management > Chrome > User settings > User Experience > Developer Tools) and select Never allow use of built-in developer tools from the drop-menu. Click Save to apply this setting.
If you want Smart Play to work with the Web Filter Extension for Google Chrome, you will need to add a URL Pattern
list with the following URLs to your Rule Sets
Note: The extension does not recognize URL-level categorization filtering, but does recognize URL Patterns.
Note: It may take up to 5 minutes for Rocket setting changes to register on the extension.