I'm getting this error when accessing certain websites, but not others. My internet is going through a shared educational connection. I suspect the IT dept are doing a Man in the middle and inspecting everything doing through. Is this even fixable?
Shared internet connection blocks certain website
- Thread starter GodAtum
- Start date
Strange question, why haven't you asked the schools / college / Uni's IT staff for help?
Its not broken they are using HTTPS inspection; due to Safeguarding and Prevent legislation schools etc. have a legal obligation to both filter and monitor their internet connection and under certain circumstances they are legally required to report users to the authorities.
All of the institutions computers and tablets will have a certificate installed, it would be unusual for them to allow people to connect equipment to their LAN.
Guest Wi-Fi will vary depending upon the size and capability of the institution but often it would be on a VLAN or have client isolation enabled and have some sort of landing page for user authentication which would display an acceptable use policy and a link to install the certificate needed for HTTPS inspection.
You can't bypass the filtering and will need to contact the institutions IT team for help installing the certificate.
Regards - a former School ICT Operations Manager
Its not broken they are using HTTPS inspection; due to Safeguarding and Prevent legislation schools etc. have a legal obligation to both filter and monitor their internet connection and under certain circumstances they are legally required to report users to the authorities.
All of the institutions computers and tablets will have a certificate installed, it would be unusual for them to allow people to connect equipment to their LAN.
Guest Wi-Fi will vary depending upon the size and capability of the institution but often it would be on a VLAN or have client isolation enabled and have some sort of landing page for user authentication which would display an acceptable use policy and a link to install the certificate needed for HTTPS inspection.
You can't bypass the filtering and will need to contact the institutions IT team for help installing the certificate.
Regards - a former School ICT Operations Manager
School staff might be provided with inbound VPN details for remote working but any school filtering solution would block outbound VPN and proxy servers.
There are ways and means of tunnelling in these situations - but not straightforward and almost certainly against policy.
Education filtering has always been a game of Whac-A-Mole with kids constantly trying to bypass the filters but its far more secure than it used to be and third party safeguarding software is common on school devices that will take automatic screen captures if any concerns are detected and send them to the schools DSL.
In schools the more recent problem has been mobiles with their own 4 / 5G connections but these are being banned in a lot of places now.
With HTTPS inspection, port blocking, external dns servers blocked, firewall deep packet inspection etc. OP isn't getting VPN working without breaking their AUP if its a school; Uni's might allow it for certain projects but they would have to weigh the risks against their legal obligations e.g. the Prevent legislation.
If op is a member of staff breaking the AUP = fired for gross misconduct, if he's a student breaking the AUP = likely exclusion.
OP needs to speak to their ICT team, I find it odd he posted here rather than contacting them, previously he said he had a BT connection so I don't know what he means by "a shared educational connection".
Weird trend I've noticed recently is a move away from direct blocking access to things in the first place and instead a deferred response to halt undesired behaviour i.e. our handheld devices at work the security software used to straight up prevent you swiping to get settings but with newer versions if you are quick the screen will open and you can make changes if fast enough before it gets force closed with a message that it has been "blocked by your organisation".
Dunno whether this is because older more experienced developers are retiring and there is an increasing number of less experienced developers coming up the ranks with more of a naivety to how far some people can and will go to circumvent security.
If Google works then they're just blocking you from accessing certain sites. The certificate error is going to be a side effect of presenting an error page on an HTTPS site to a client that doesn't have a custom root installed.
You might see a different error message if you try and access a blocked site in a private window, as it won't know about HSTS.
You might see a different error message if you try and access a blocked site in a private window, as it won't know about HSTS.
Last edited:
You've moved the goal posts some what from the opening post.
Its not a surprise that they might block students accessing private home servers hosting god knows what when they have a legal obligation to filter and monitor their internet connection.
Where as Google classroom etc is used in a lot of educational institutions so would be less likely to be blocked.
Installing the cert would take a few mins if you asked them but if someone asked me to unblock a home server for them they would get a flat out no due to the safeguarding risk.