Here’s How to Block Students From Using Psiphon, Ultrasurf and Hotspot Shield

Students have always sought ways to get around your school’s content filter – and we’ve always been a step ahead with innovative features to protect your users, your network, and your school. The latest feature in Lightspeed Systems Web Filter 3: Longhorn gives you more power than ever, with new Filter Bypass Controls that block even the toughest bypass tools, like Psiphon, Ultrasurf, Hotspot Shield and more!

Tools like Psiphon were designed to provide an unfiltered and unmonitored internet experience; this isn’t what schools need for their students. They’re also designed to constantly adapt, making blocking via static lists ineffective.

Filter Bypass Controls, available in the latest release of Lightspeed Systems Web Filter Longhorn, lets you detect those sessions and shut them down. You can:
– Ban these tools with a single click
– Lock out clients using these tools for anywhere from 0 to 60 minutes
– Send real-time alerts when a bypass tool is detected
– Report on all bypass attempts
– Set up exemptions

These new features build upon our Multi-Layered Bypass Protection, which allows you to:
– Block unknown URLs
– Block sites designated as security.proxy
– Block P2P traffic
– Ban bypass tools (new!)
– Block QUIC (new!)
– Alerts and lockouts on bypass attempts (new!)
– Reports on all of it

The simple user interface makes it easy for you to enable powerful back-end protection.



Lightspeed Systems Web Filter customers: get the latest release to take advantage of these powerful new features.

Not a Lightspeed customer? Get a demo to see how you can get the power to protect against these tools.

  • gabriel.gador says:

    Is it possible to block that traffic for a particular rule set (attached to say, the Guest SSID), or is this setting “all or nothing” (applies to ALL filtered clients, guest or otherwise?

      • Gabe says:

        Hi Amy – do Tiers get processed top to bottom? I have two Tiers, one called Wireless BYOD (guest users) and the other called Root. The Wireless BYOD tier is listed first, then Root. I have my Wireless BYOD VLANs defined in the Wireless BYOD tier (e.g., The Root Tier includes all VLANs on my network ( I was told that I would need to remove the Wireless BYOD IP ranges from the Root Tier, however, that would basically require me to define each and every VLAN on my network excluding those ranges (e.g.,,, etc). I find it hard to believe that there isn’t another way to exclude the BYOD VLANs from Root other than in this manner. Can you help?

  • Matt says:

    When I turned on the ‘Ban bypass clients’, all of the Apple (Mac) desktops got banned in my school district. Is there something going on in the background of the Macs?

  • Leave a Reply

    Your email address will not be published. Required fields are marked *

    You may use these HTML tags and attributes:

    <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>