HTTPS decryption

LGfL recommends that all schools enable HTTPS decryption for improved filtering. To find out more about what this is and why it is recommended, please check out this video.

HTTPS decryption allows SchoolProtect to decrypt and re-encrypt HTTPS traffic. This process allows schools to have greater control over their web filtering. Without HTTPS decryption, web filtering can only see the top-level domain of a website (e.g., https://www.bbc.co.uk), making it impossible to block or allow specific pages or content within that site. So without HTTPS decryption, if there was a page within the BBC website that you didn't want users to access, you would need to block the entire domain (and this could lead to "overblocking" which schools are advised by DfE to avoid). Decryption allows you to be more granular with your filtering.

HTTPS decryption enables the filtering system to inspect the full URL string, including search terms and embedded content, which provides more granular reporting that in turn can more effectively safeguard children.

Some of the SchoolProtect functions will not work without HTTPS decryption e.g. you can't see search term reporting (what users are seraching in Google for example) in the dashboard and you can't block individuals keywords or URLS that have text after the '/'.

It also ensures that when a website is blocked, a clear "blocked page" message is displayed, rather than a generic "page cannot be displayed" error. To enable this service, a network manager or IT support organization at the school must install a certificate on school-managed devices. While it works seamlessly on managed devices, Bring Your Own Device (BYOD) devices require manual installation of the certificate or the creation of an excluded IP range or policy.

For setup methods, you can see here.