Assessment IP Address Filtering
Restrict tests by location
As increasing numbers of institutions are delivering high-stakes tests using Blackboard Learn, course facilitators, instructors, and administrators want to prevent students from cheating. High-stakes tests are often delivered to students in proctored lab environments to ensure that students can be identified and monitored while taking a test. However, if the Blackboard Learn test can be accessed from any location during the testing window, students could conspire to take a test from a different location or have someone else take the test from another location on their behalf, compromising the security of the testing environment.
IP addresses identify specific PCs and are a good method to enforce these location-restriction requirements described. You can specify the locations and IP addresses students can use to access tests in Blackboard Learn. Instructors can then enforce the location restriction for a given assessment.
The first step to take advantage of location restriction is to create a range of IP addresses corresponding to one or more network segments used exclusively in the testing environment. Give the range a natural language name so instructors can easily choose it when restricting an assessment by location. The range can contain as many different filters as necessary to correctly capture the part of the network used in the testing environment. You can also include custom descriptive help text to be shown to students if they try to access the test from outside the range.
Create a range of IP addresses
You can only create one range. You can add multiple labs to the range.
- Go to Administrator Panel >Course Settings > Grading Security Settings.
- Type a range name. This range name should be easily understood and identified by instructors when they are selecting IP ranges from their course.
- Type the IP addresses in the IP Filter field.
- List one IP filter per line and use the word BLOCK or ALLOW before the IP address. For example: ALLOW 123.456.3.3
- Wildcards (*) are allowed in any position of the IP address.
- IPv4 and IPv6 syntax are supported.
- Specify an IP filter range by inserting a forward slash between two IP addresses. For example: ALLOW 192.168.0.0/192.168.255.255
- Only students who are using a computer with an IP address in the allowed range can access the test or survey.
Type information for students about where the test is located and any other information that is appropriate in the Student Help Text field.
Once an IP Range has been created, instructors can select it within a course on the respective test options page.
Test availability exceptions
There may be situations where an instructor needs to make an exception for a student or group of students to allow them to take the test from someplace outside of specified location (IP range). When this is the case, the instructor may use the Test Availability Exceptions to exclude specified students or groups of students from the location restriction.
Students with this exception can take the test from any location, even if it's restricted for other students.
In a high-stakes testing situation, the proctor or instructor can override a restriction from the Test Begin page. From here, instructors are shown the individual instances when users were prevented from accessing a test, along with an option to override this restriction to allow a user to continue taking the test.
Additional notes and technical details:
- The Restrict Location setting on the Test Options page isn't displayed to instructors until an administrator has created at least one IP Filter.
- Location restriction is also available for surveys.
- Other tools like SCORM, Assignments, Self & Peer Assessments, etc., don't include location restriction.
- IPv4 and IPv6 range checking are supported.
- Load-balanced and TLS-offloaded client installs can support this feature, as long as the X-Forwarded-for HTTP header is properly configured at the balancer/off-loader.
- All course reuse operations that include test deployments (meaning the copy or package includes content and tests, not just tests or just content) include location restriction information.
- A new public API is available to other tools to compare the user's IP address to the named IP address range set by the administrator, and determine whether the user is in range or out of range.
- Custom range creation or checking, custom error messages and security logging, overrides or other features built for this project are not exposed via public API.
All errors and overrides are logged in the new Security Log with event codes 36, 37, and 38.
|Event Code||Security Event||Changes||Description|
|36||User Starting an Assessment Violated IP Address Rule||New Event for Test IP Address Filtering||Identifies intentional and unintentional violations to the IP Address value or range restrictions set on an assessment. An assessment that begins with an IP Address value/range restriction only has a severity of "0."|
|37||User Taking or Finishing an Assessment Violated IP Address Rule||New Event for Test IP Address Filtering||
Identifies intentional and unintentional violations to the IP Address value or range restrictions set on an assessment. An assessment that may start meeting the IP Address rule but then violates it during or at the completion of an assessment.
|38||IP Address Rule Overridden for an Assessment Attempt||New Event for Test IP Address Filtering||Test Proctors may need to override a given blocked attempt for a particular student if the IP address/range was not configured correctly by the administrator. These exceptions would be logged.|
|Event Code||Security Event||Example Single Row|
|36||User Starting an Assessment Violated IP Address Rule||
timestamp=Aug 08 2008 08:08:08.888 EDT|app_vend=blackboard|app_name=learn
|37||User Taking or Finishing an Assessment Violated IP Address Rule||timestamp=Aug 08 2008 08:08:08.888 EDT|app_vend=blackboard|app_name=learn
|evt_name=User Taking or Finishing an assessment or Continue Attempt Violated IP Address Rule|sev=2|cat=assessments|outcome=success
|session_id=1000|msg=User taking or completing assessment course assessment <_3_1> violated IP Address rule. The violation was logged. May be an indicator of a potentially inadvertent test policy violation or a misconfigured IP Address rule.
|http_useragent=Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0)|act=logged
|38||IP Address Rule Overridden for an Assessment Attempt||timestamp=Aug 08 2008 08:08:08.888 EDT|app_vend=blackboard|app_name=learn
|evt_name=IP Address Rule Overridden for an assessment Attempt
|msg=Test administrator overrode a test policy violation for user <_2_1> for course assessment <_3_1> because it violated IP Address rule. May be an indicator of a potentially inadvertent test policy violation or a misconfigured IP Address rule.
|http_useragent=Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)|act=logged