Re: bypass content filter with Chrome test

1,016 views
Skip to first unread message

Alex Wagner

unread,
Apr 8, 2015, 4:30:37 PM4/8/15
to k12ap...@googlegroups.com
Who do you use?

We have no such issue here at GoGuardian. 

On Friday, April 3, 2015 at 11:40:12 AM UTC-7, Bjorn Behrendt wrote:
Our students have found a way to bypass our content filter to get to facebook (or any blocked https sites).   Just by hitting refresh a lot at the SSL error screen.

I have a ticket out to ENA (who is our ISP and content filter), but I am wondering if the issue is also present on other Content filters.

On a Chromebook, Chrome mobile, or Chrome Browser.    We have https://www.facebook.com blocked. because it is secure, we don't get a blocked screen but just an SSL error ("Webpage not availible").     If your content filter handles https filtering in the same way could you please test.

Using Chrome (others don't seem to have the issue), go to https://www.facebook.com and get to the ssl error screen, then just hit refresh a lot of times.

Here is a video I made of me bypassing our content filter: 

Bjorn Behrendt M.Ed ~ Never Stop Learning
   Blog: Edlisten.com

Bjorn Behrendt

unread,
Apr 3, 2015, 2:40:12 PM4/3/15
to

Stephen Gale

unread,
Apr 3, 2015, 4:55:06 PM4/3/15
to k12ap...@googlegroups.com
Interesting.   I will check and see if we see the same on our end.  By chance are you doing SSL Decryption on facebook.com?  That should also interrupt the traffic since the Certificate isn't Facebooks cert... (Facebook.com is registered with Google's HSTS service). 

If you want to block it completely, you could block the site in the URLBlacklist.  I would leave off the protocol and let Google block all of facebook.com.  Then they will get a page directly from the browser saying that they aren't allowed to go to that site.  It also works for iFrames, so they couldn't go to a proxy site.  The problem would be that this method would prevent them from going to those sites when they are off campus as well, and that may be a concern for some.  

Marion Bates

unread,
Apr 4, 2015, 2:04:47 PM4/4/15
to k12ap...@googlegroups.com
I remember reading about something that sounds exactly like this in a newsletter from our content filtering provider, Securly, and they said they had fixed it, but there were no technical details. (Their Chromebook filtering solution involves pushing down an extension administratively, so it's not wholly transparent.) We're not doing much with Chromebooks in the school that uses Securly currently, and we aren't blocking Facebook, so I didn't pay much attention to it at the time, but perhaps they have a writeup somewhere about the methods they used?

Good luck,

-- MB
Reply all
Reply to author
Forward
0 new messages