Web Filter Extension for Google Chrome

You can locate the extension settings by navigating to Web Filter > Mobile Devices > Web Filter Extension for Google Chrome.

The Web Filter Extension for Google Chrome works with your Rocket to provide off-network filtering for Chromebooks. The extension for Chrome provides content filtering for ChromeOS, allowing school administrators to ensure safe, monitored access on school-distributed Chromebooks. Operating as a Chrome extension, it offers policy-based filtering and off-network activity reporting–all without the need for a proxy. In addition, it provides seamless single sign-on capabilities for ChromeOS devices when they are used off the school network.

The Web Filter Extension for Google Chrome is the safest iteration of our Google Chrome extension to date! The new Extension for Google Chrome is created uniquely for your organization. Only you and you alone have access to this extension, ensuring a seamless deployment and filtering experience.

Prerequisites

  • Chrome v48 or higher is required. Please note ChromeOS normally updates to the latest version automatically.
  • For transparent authentication to work correctly, your Lightspeed Web Filter must be running version 3.4.0rc2 or newer.
  • You must have your Google Authentication source configured in the Web Filter. You must also have it set up as a mobile authentication source under Web Filter > Mobile Devices > Authentication Sources
  • Ports 443 and 80 (both inbound and outbound) need to be forwarded to the Rocket in order for the Web Filter Extension for Google Chrome to work.

Web Filter Extension for Google Chrome Settings

The Web Filter Extension for Google Chrome has several fields, including API Key, Primary Policy Server, Secondary Policy Server, and Use HTTPs.

The API Key field is populated automatically. You should not alter the value that appears in that field. Prior to enabling the Web Filter Extension for Google Chrome, you will have to populate the Primary Policy Server and Secondary Policy Server fields. If you only have a single policy server, then populate that Primary Policy Server field with the FQHN of your Rocket. If you have both a primary and a secondary policy server, then populate both fields (In our example we only have a single policy server, so we only populated that field.)

Note: If you have a Cluster setup, use your Round Robin DNS address as your Primary Policy Server.

Customers who currently use SSL certificates generated by a Certificate Authority (CA) with their Rocket appliance for mobile filtering should enable the Use HTTPS option by checking the box to the left of it. These customers previously used the Chrome Lightspeed S-Filter. All Lightspeed customers who utilize Certificate Authority issued certificates MUST enable this option.

Note: Cloud Filter customers MUST enable the Use HTTPS option.
Note: Customers who use the default certificate or a self-signed certificate should NOT enable the Use HTTPS option.

Setting up the extension is easy. You can enable the extension by navigating to Web Filter > Mobile Devices > Web Filter Extension for Google Chrome and clicking Enable.

 

Once the extension is enabled, you will see the Extension ID and Extension URL fields. You will use this information to deploy the extension to your users.

Note: Clients with multiple tiers should first set the Web Filter Extension for Google Chrome up at their Root tier, and then set it up individually in each additional tier they wish to push the extension to. The extension will need to be set up and pushed individually for each tier.

Deploying the Web Filter Extension for Google Chrome

Note:

  • If a user logs in to an email domain that is not registered the device will not be filtered, therefore force Chromebooks to a single domain. Learn more about restricting sign-in: (Sign-in Settings->Restrict Sign In)
Note:
  • Customers that use self-signed certificates should push those out to users in order to avoid certificate alerts.

Follow these steps to deploy the Web Filter Extension for Google Chrome via the Google Administrator Console:

  1. 1. Open the Google Admin console and navigate to Device Management.
    2

  2. 2. On the left-hand navigational menu, click on Chrome Management.
    3
  3. 3. Click on User Settings.
    4

  4. 4. Select your organization on the left-hand navigational menu and then scroll down to Apps and Extensions > Force-installed Apps and Extensions. Click on Manage force-installed apps.
    5
  5. 5. Click on Specify a Custom App.
    6
  6. 6. In the ID and URL fields enter your (a.) specific custom ID and URL as displayed in Web Filter > Mobile Devices > Web Filter Extension for Chrome. Click Add.
    9

  7. 7. Once the app has been added you will see it in your list of apps to the right. The app will have the same name as the ID in the Web Filter interface. Click Save to push the extension.
  8. 8.Don’t forget to Save your setting changes.

Disallow Incognito Mode

Chrome’s Incognito Mode allows users to browse the Internet privately. While user activity isn’t hidden in Incognito Mode, it’s best to disallow this feature when setting up your web-filtering service.

To disallow Incognito Mode from the Google Admin console, navigate to Incognito Mode (Device Management > Chrome > User settings > Security > Incognito Mode) and select Disallow Incognito Mode from the drop-menu. Click Save to apply this setting. Click Save to apply this setting.

Never Allow Developer Tools

Chrome’s built-in developer tools give users access to the browser’s (and other web applications) internal code. It’s best to never allow users access to the browser’s built-in developer tools.

To never allow access to Chrome’s built-in developer tools, from the Google Admin console, navigate to Development Tools (Device Management > Chrome > User settings > User Experience > Developer Tools) and select Never allow use of built-in developer tools from the drop-menu. Click Save to apply this setting.

Note: If you want Smart Play to work with the Web Filter Extension for Google Chrome, you will need to add a URL Pattern list with the following URLs to your Rule Sets:
*.youtube.com/browse_ajax/*
*.youtube.com/related_ajax/*
*.youtube.com/yts/*
Note: The extension does not recognize URL-level categorization filtering, but does recognize URL Patterns.
Note: It may take up to 5 minutes for Rocket setting changes to register on the extension.