How to Block HTTPS Sites—With or Without SSL Inspection

Want to learn how to block HTTPS sites without SSL inspection? In this article, you will learn about how CurrentWare’s web filtering software BrowseControl blocks HTTPS sites without breaking encryption.

Use BrowseControl to Block HTTPS Websites Without Breaking Encryption

BrowseControl is an agent-based web content filtering software that can block websites without SSL inspection. Simply install the client on the endpoints you want to manage, pick one of the filtering modes that does not require SSL inspection, select the users or computers you want to restrict, and add the desired URLs or content categories to the block list.

The web restriction technologies used by BrowseControl are…

1. Advanced HTTPS Filtering uses deep packet-level filtering with custom HTTPS certificates to perform SSL scanning to inspect HTTPS traffic to identify data exfiltration attempts, and block access to websites and download/upload activities.
2. Windows Filtering Platform (WFP) for clients running Windows Vista and later, and on servers running Windows Server 2008 and later
3. Winsock Layered Service Provider (LSP) for legacy Microsoft operating systems
4. Microsoft UI Automation (UIA) allows and blocks websites based on the URLs typed in the address bar of web browsers.

The WFP, LSP, and UIA filtering methods are ideal if you want to block HTTPS websites in your network without SSL inspection. Get started today with a free 14-day trial of BrowseControl.

Block Any Domain, IP Address, or Specific URL Based on Users and Devices

BrowseControl’s granular internet blocking features allow you to configure unique settings for each of your users or computers. 

Simply place the users or devices you would like to control into their own policy groups and add the specific sites you would like to allow or block to the URL and category lists.

This level of granularity is ideal when an administrator wants to block websites for some users while allowing them for others. For example, social media sites can be blocked for all employees that are not a part of the marketing team.

Filter Websites Across Any Web Browser

BrowseControl includes a default list of the most common browsers (Google Chrome, Mozilla Firefox, Microsoft Edge Chromium, Microsoft Internet Explorer, Opera, Safari, etc). If you would like to block internet access from any other browser or application with browsing capabilities you can add them to the filtering list. 

Convenient Central Console With Active Directory Import & Sync

Any enterprise internet restriction solution must be implemented in a scalable way.

BrowseControl and the other software solutions in the CurrentWare Suite support Windows Active Directory Import and Sync, allowing you to use the exact same Windows AD organizational units and hierarchy that you’re used to.

From the convenient central console you can manage internet blocking settings for your entire workforce, saving you countless hours of support and maintenance. 

Block Millions of HTTP and HTTPS Websites in Just a Few Clicks

When you simply want to block websites, a web filter is far easier to manage than a firewall. 

With BrowseControl all you need to do to block a website is add the specific sites you want to block to the Block List. There’s no need to configure multiple policy entries, set up your own internal certificate authority (CA), track down a multitude of IP addresses, and be forced to block the same websites for every computer and employee in your environment.

With BrowseControl’s Category Filtering feature, you can easily block millions of websites across over 100 URL categories including Social Media, Pornography, Virus Infected, and Phishing sites. 10,000+ new domains are added each day, allowing you to simply select the types of websites you want to block.

The URL filter even allows you to import a list of URLs from a .csv or .txt file, allowing you to migrate your existing website lists into BrowseControl. 

Block HTTPS Sites for Remote Users

A network-based firewall configuration cannot protect a device once it goes off-site. BrowseControl’s software client continues to block sites using the last known policies until a connection to the CurrentWare server can be reestablished. 

Any new site settings changes will take effect once a connection between the CurrentWare Client and CurrentWare Server is established. This reconnection can happen through a VPN, port forwarding through a public static IP address, or other remote connection options. 

Case Study: TCAT Takes Control of Student Internet Use

The Tennessee College of Applied Technology (TCAT) is one of the best technological educational institutions in the Tennessee area. To keep delivering a cutting-edge learning experience, they knew that they needed to integrate online resources into their curriculums and teaching methods. 

But allowing internet access is not without its risks. As an IT instructor, Gabriel Alvarado is adamant that educational institutions need to defend against unauthorized access to personal information belonging to pupils, parents, or staff.

Gabriel knew that restricting internet access with blocking software was essential for protecting against web-based threats. In addition to improving security, BrowseControl provided TCAT’s students with an optimal educational experience by blocking distracting websites during class hours and preventing bandwidth hogs from impacting the performance of the network.

BrowseControl’s remote installation options and central management console made it the best filtering software for TCAT as they could deploy the software during the school term rather than having to wait until the holidays. Staff and user accounts could be readily distinguished, allowing filtering policies to be customized to the needs of each group.

“Exposing students to the digital world comes with a responsibility to protect them. And as well as keeping our students safe, we also need to keep our system safe! Students aren’t always aware of the dangerous consequences of their online actions, so there is always a risk of harmful behavior.”

Gabriel Alvarado, CIS/CIT Instructor, TCAT Crump

What is SSL Inspection?

Enterprise network monitoring products that include a firewall, SSL proxy, or related technology will use SSL inspection to convert HTTPS to HTTP in order to determine whether or not a given site should be added to a blacklist based on the exact contents on the page. 

Synonyms for SSL inspection and similar HTTPS inspection techniques include HTTPS DPI (deep packet inspection), SSL decryption, HTTPS interception, Transport Layer Security Inspection (TLSI), Transport Layer Security (TLS) break and inspect, SSL Stripping (when used maliciously), and man-in-the-middle attack (when used maliciously).

In contrast, BrowseControl’s URL filter is able to block websites based on a known URL, IP address, or domain without the need to break encryption. 

Conclusion

BrowseControl web restriction software is the ideal tool for blocking websites without SSL inspection. Companies that would like more granular control over web traffic such as blocking specific file downloads and uploads can enable BrowseControl’s Advanced HTTPS mode to enable SSL inspection as needed.

Ready to start blocking HTTPS websites? Get a FREE trial of BrowseControl, CurrentWare’s internet restriction software.