Blocking Port 443

[maxymaxy]

Hi,
My school library trial concluded very successfully. So the question remains for me is how many licenses can I afford

I am in the process of writing my report to the principal but I still have one problem that I couldn't solve ... blocking port 443. Students have been using this method to get around blocked addresses. I have tried setting up a policy in ABT but it doesn't seem to have any effect. The policy is applied permanently. What could I be doing wrong? I can't block it on our web server for the whole school as teachers still need to use that port.

On the other hand the URL filtering is working brilliantly.

[Andy]

Ok, I can assume you are using version 5 and that you have tried to created a normal 'Block Internet Access' policy and set it to block port 443 directly.

You can also try blocking this port via the 'Block Web sites' policy and specifying the port to block using the syntax 'port 443' in the Web Address to block.

This is also further explained in the version 5 user guide on page 64.

Give it a go and let me know if this now works.

Andy

[maxymaxy]

Thanks for the quick reply, Andy. I am using v5.1. I will try your way and let you know what happens.

Cheers

[maxymaxy]

Hi,

I have tried all kinds of ways to block 443 but it still doesn't work. Can I send you privately, an example of the website that the students can access on 443? I would rather not post it here and have Google put into its search list.

Thanks

[Andy]

Hi

Ok, the problem is that you are trying to block a single https://.... web address. The problem is that any communications via https: (or SSL encryption) between your web browser and the remote web site is 128bit encrypted, including any headers and web addresses. Therefore we are not able to detect https://www.xyz.com web addresses and block them.

There are 2 solutions to this:

1: Create a temporary block on port 443 during specific lessons which gets remove at the end of the lesson and so teachers will not be affected outside lesson times.
2: Block the IP address of the specific https web site.

To find and block an IP address:

- Call up the Windows Command prompt. ( click 'Start' - 'Run' enter 'cmd.exe' and press return)
- Type 'ping www.xyx.com' and press return (don't add the https:// at the start)
- Note the IP address returned
- Create a new 'Block Web Site' policy
- Add the IP address as a Web link to block (no wildcards)
- Save and apply this policy.

You need to repeat this process for ALL https://www.... web sites you need to block

[maxymaxy]

Hi Andy,

Thanks again for your time to answer my question. Your explanation is very clear. I will be asking my principal for a much tougher internet abuse policy as well as blocking specific ip addresses.

All the teachers I have spoken to and who have seen ABT in action are 'chomping at the bit' for me to install it in every computer lab ... we have 5 labs of 26 pcs in the senior school and a similar number in the junior school. I will be requesting a roll out in the senior school next term with the junior school later in the year.

I still think, though that the client should be password protected against removal

Cheers
Maxy