Blocking Embedded Games in Google Search
This article discusses embedded games from Google Search and techniques for controlling them.
When searching for keywords like snake, minesweeper, solitaire or pacman, Google Search returns an embedded game. An example search result is shown below:
The Solution
- Login to the USS dashboard
- Navigate to Settings -> Keyword Lists
- Create a new Keyword List and name it appropriately such as Block Google Games
- Set the Match Logic to Match Any and Match Content to URL. It should look like this:
- Populate the keyword list with the following individual entries:
Femvve,
logos/fnbx
pKhWu,
UixVIb,
The list should look like this:
- You should then Navigate to Web Security --> Filter Rules, and create a filter rule to block the keyword category you just created.
The End Result and Technical Breakdown
If the steps to block the game were followed correctly the game should be failing to load and be unresponsive like in the example below:
So what is happening here and why can’t we just block this by traditional means?
Unfortunately, the play button loads the game via JavaScript, we isolated this to a single directory to where this is launched from:
https://www.google.com/xjs/_/js/
If we were to simply block the above URL it would result in the functionality of Google being compromised. Instead, the solution can be found with a deeper look into how this request works.
Looking at the network traffic we can see the following HTTP GET request is made when searching for snake in Google:
This is a complicated request structure with what appears to include a lot of different URL parameters on the request. When viewing the above in the browser it shows the JavaScript code that is being executed and if you CTRL+F and search for snake you will find entries of snake within the file.
The next step is to read the code backwards to isolate one of the above URL parameters - in this case snake is the value of pKhWu
in the above URL. If we remove that value from the URL and revisit the website, and search for snake again, it is no longer present in the response. Hence why it is much more effective to block by keywords in the request. By blocking the JavaScript module from being loaded we can prevent the loading of snake - the end result is it is blocked for the end user. This process was repeated for each game embedded within Google, for example pacman, etc.
For further assistance please contact your service provider for support.