Filter Bypass Controls

Filter Bypass Controls allow you to block Psiphon, Ultrasurf, and other filter bypass clients.

Throughout the years, students have attempted to utilize a variety of methods to bypass our filtering. Common filter bypass clients include including Psiphon, Ultrasurf, VYPR, FlasgVPN, Orbot, Hola, Zenmate, Cyberghost, Hidemyass!, SpotFlux, and many others. These filters allow students to bypass web filtering and access restricted and prohibited content while avoiding blocking and tracking mechanisms. 

Blocking these filter bypass clients is the only fully effective way of preventing students from accessing blocked content. Our Filter Bypass Controls allow you to completely block Psiphon, Ultrasurf, and all other filter bypass clients. The controls work as the first line of defense, blocking the user utilizing the bypass client from all internet access for up to 60 minutes. During this time, pertinent personnel are notified of the block through email notifications which allow administrators and staff to address the issue. At the same time, the student is discouraged from trying to use bypass clients in the future due to the internet block.

Our proprietary, adaptive technology blocks filter bypass clients — while learning and adapting along with changes and advanced in filter bypass technologies for ongoing end-to-end protection across your school. Our technology tracks traffic associated with filter bypass clients and blocks it by default. The technology keeps on tracking this traffic, intelligently learning and adapting to new IPs, channels, and technologies used by filter bypass clients in order to always stay one step ahead of them. We do our best to discourage the filter bypass clients to change their methods of operation by only blocking users for up to 60 minutes, instead of blocking them permanently. This way, the content bypass clients have less of an incentive to alter their methodologies.

Using Filter Bypass Controls

Note: Currently, Filter Bypass Controls only work for inline Rockets, and not for Lightspeed Cloud or Private Cloud setups.
Note: Filter Bypass Controls work for all operating systems as long as the device is on network/inline.
Note: Filter Bypass Controls are turned off by default. You will have to enable them to filter bypass clients.

You can access Filter Bypass Controls by navigating to Web Filter > General > Filter Bypass Controls.

You can enable Filter Bypass Controls by checking the box next to Ban bypass clients. 

You can select the duration of the ban under Ban clients for. Duration starts at 0 (will not block the user utilizing the client from the internet, but will generate a report) and goes up to 60 minutes (will completely block the user utilizing the client from the internet for 60 minutes.) When the ban occurs, we block all traffic, including DNS traffic and all other ports/protocols that we filter.  Users do not get a block page when the ban occurs.

You should add any pertinent emails to the Email Notifications field in order to immediately receive ban notifications in order to be able to immediately address the situation.

Note: You can add bypass exemptions in the P2P/Bypass/QUIC Exemptions section.