SchoolProtect - HTTPS Decryption Why Is It important?
There are a number of significant differences in the way that HTTP and HTTPS sites are handled, and we recommend investigating implementing HTTPS decryption at your school in order to have greater control over your filtering. HTTPS decryption is part of the SchoolProtect service available to all LGfL schools and, with the launch of the new platform, is an area that has significantly evolved.
What is HTTPS Decryption?
HTTPS decryption involves the SchoolProtect proxy servers decrypting and re-encrypting HTTPS session to view the content contained within.
Your network manager or IT support organisation will have previously installed an LGfL certificate to allow enhanced filtering functionality.
HTTPS decryption works seamlessly on managed devices once the certificate has been installed and relevant exclusions have been added as detailed in this guide, however, BYoD devices will either need the certificate installing manually on each device or added to an excluded IP range or policy. The school will need to decide what level of filtering to apply to BYoD devices. A common approach is to enforce decryption on student devices but not on staff devices.
A not encrypted HTTP website and an encrypted HTTPS website.
Why is it important?
HTTPS decryption is important for several reasons including:
- It grants the ability to allow or block individual pages, or areas, of a website. For example you could block Twitter, but allow the school's Twitter feed or allow BBC but block certain problematic areas of it.
- It enhances reporting. You'll be able to report on certain things that you wouldn't normally be able to such as the particular YouTube video a student has watched.
- It offers greater control over keywords. We recommend only using these sparingly, but you could block a troublesome term from being searched on Google.
- Using HTTPS Decryption means you will always be served with a block page on a blocked website, even when visiting HTTPS websites that are blocked. Without HTTPS decryption, these pages will display a 'page cannot be displayed' message. It will therefore it will be unclear why you can not access the website (a website could not display for a multitude of reasons) and if it was blocked by filtering, you'd be unable to see the information on the block page that will be helpful for troubleshooting.
- It will allow your school to use advanced SchoolProtect features such as greater control over embedded content (currently under development and will be coming soon).