Here’s How to Block Students From Using Psiphon, Ultrasurf and Hotspot Shield

Students have always sought ways to get around your school’s content filter – and we’ve always been a step ahead with innovative features to protect your users, your network, and your school. The latest feature in Lightspeed Systems Web Filter 3: Longhorn gives you more power than ever, with new Filter Bypass Controls that block even the toughest bypass tools, like Psiphon, Ultrasurf, Hotspot Shield and more!

Tools like Psiphon were designed to provide an unfiltered and unmonitored internet experience; this isn’t what schools need for their students. They’re also designed to constantly adapt, making blocking via static lists ineffective.

Filter Bypass Controls, available in the latest release of Lightspeed Systems Web Filter Longhorn, lets you detect those sessions and shut them down. You can:
– Ban these tools with a single click
– Lock out clients using these tools for anywhere from 0 to 60 minutes
– Send real-time alerts when a bypass tool is detected
– Report on all bypass attempts
– Set up exemptions

These new features build upon our Multi-Layered Bypass Protection, which allows you to:
– Block unknown URLs
– Block sites designated as security.proxy
– Block P2P traffic
– Ban bypass tools (new!)
– Block QUIC (new!)
– Alerts and lockouts on bypass attempts (new!)
– Reports on all of it

The simple user interface makes it easy for you to enable powerful back-end protection.



Lightspeed Systems Web Filter customers: get the latest release to take advantage of these powerful new features.

Not a Lightspeed customer? Get a demo to see how you can get the power to protect against these tools.

  • gabriel.gador says:

    Is it possible to block that traffic for a particular rule set (attached to say, the Guest SSID), or is this setting “all or nothing” (applies to ALL filtered clients, guest or otherwise?

      • Gabe says:

        Hi Amy – do Tiers get processed top to bottom? I have two Tiers, one called Wireless BYOD (guest users) and the other called Root. The Wireless BYOD tier is listed first, then Root. I have my Wireless BYOD VLANs defined in the Wireless BYOD tier (e.g., The Root Tier includes all VLANs on my network ( I was told that I would need to remove the Wireless BYOD IP ranges from the Root Tier, however, that would basically require me to define each and every VLAN on my network excluding those ranges (e.g.,,, etc). I find it hard to believe that there isn’t another way to exclude the BYOD VLANs from Root other than in this manner. Can you help?

  • Matt says:

    When I turned on the ‘Ban bypass clients’, all of the Apple (Mac) desktops got banned in my school district. Is there something going on in the background of the Macs?

  • rguibord says:


    I am just trying to make sure that I have read/understood the documentation regarding blocking the use of bypass client software. I was hoping that the Rocket filter could just block these tools from working altogether but instead it appears that when the use of them is detected, the Rocket blocks all Web access for the client for a specified range of time and then sends an email to someone for awareness and possible discipline.
    Have I interpreted this correctly or is the Rocket capable of doing something more like I am looking for – just rendering these tools useless because they stop working?


    • Rob Chambers says:

      These tools are very aggressive in their attempt to bypass your Web Filter including generating a fair amount of traffic that appears to be legitimate utilizing well known and normally allowed websites. It is for that reason when our software detects this in use we lockdown all traffic and alert the admin to the use of this application to ensure that the bypass is blocked and the end user is not allowed to access traffic that they policy would block.

  • Leave a Reply

    Your email address will not be published. Required fields are marked *

    You may use these HTML tags and attributes:

    <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>