Web Content Filter
MDM lets you control the contents that can be viewed on the browsers of managed devices using Web Content Filter. Web Content Filter lets you Blocklist or Allowlist URLs as explained below:
- Allowlisting: Only URLs added in this filter can be viewed on the device browser, while all other URLs are blocklisted(restricted from viewing on the device browser).
- Blocklisting: URLs added in this filter cannot be viewed on the device browser, while all other URLs are allowlisted(can be viewed on the device browser)
- Plug-in: You can manage the web content via a third party plugin.
Other than restricting URLs, Web Content Filter also provides the option of restricting content, whereby websites with adult content are automatically blocked irrespective of whether the website URL has been allowlisted or blocklisted. Web Content Filter is applicable for Supervised devices running iOS 7.0 or later versions. Enabling Automatic restriction of inappropriate content ensures that inappropriate content is restricted on the devices. Apple restricts inappropriate content based on blocklisted keywords such as adult content, and content to be restrained from children below 18.
- Blocklisted URLs can be still be accessed if the corresponding app is present on the device. For example, even if all Facebook URLs have been restricted, users can still access Facebook, if the app is installed on the device. To prevent this, the apps must be blocklisted as explained here.
- Blocklisting/allowlisting HTTP version of the URL automatically Blocklists/Allowlists the HTTPS version of the URL and vice-versa.
- If a blocklisted URL is redirected, then the restriction will not be applied on the redirected URL, unless it is also blocklisted
- Wild card-based URLs such as *.example.com, https://*.com etc., are not supported.
- Mobile version of the URL and country based domain extensions should be considered as separate URLs. Example : facebook.com, facebook.co.uk, m.facebook.com, etc
Policy Description
The table below explains the details to be specified in the Web Content Filter policy before associating it to devices/groups.
FEATURE | DESCRIPTION |
---|---|
Automatic restriction of malicious content | Prevent websites with malicious content, from being viewed on the device browser |
Filter Type | Specify the filter based on whether URLs are to be blocklisted or allowlisted |
Add URLs | The URLs to be allowed or restricted can be added manually or by uploading a CSV. |
Bookmark Name (Can be configured only if Filter Type is 'Allowlist') |
Specify the bookmark name to be used in the browser. This can be used if you want the allowlisted URL to be bookmarked with a specific name in the browser. |
Upload File (Can be configured only if URLs are added via CSV) |
Upload a CSV file with the URLs to be allowed or restricted. If Filter Type is 'Allowlist', you can also enter the bookmark name to be used in the browser in the CSV file. |
Adding URLs in Web Content Filter
The following table explains the various scenarios where Web Content Filter can be used.
SCENARIO | EXAMPLE URLs |
---|---|
Fully Blocklist all the sub-folders/directories of a website | Specify http://example.com to automatically block all the sub-folders/directories(example.com/directory1). However, this doesn't block the sub-domains such as m.example.com |
Blocklist a specific sub-domain of a website | Specify sub-domain.example.com to block the sub-domain. However, this doesns't block the website http://example.com or other sub-domains such as m.example.com |
The URL blocklisted/ allowlisted gets redirected to another URL |
Specify the second URL(to which the first redirects to). If http://example.com redirects to http://example.us,then http://example.us must be specified |
The URL combined with a port number | The URL gets completely blocklisted/allowlisted as port numbers are not considered |
Distributing multiple Web Content Filter policies to the same device
The following table explains how Web Content Filter works on the device, when multiple profiles are pushed to the device.
PROFILE 1 | PROFILE 2 | EXPECTED BEHAVIOUR |
---|---|---|
Allowlist URL #1 and #2 | Allowlist URL #1 and #3 | URL #1 is allowlisted. All other URLs are automatically blocklisted. |
Blocklist URL #1 | Blocklist URL #2 | URL #1 and URL #2 are blocklisted. All other URLs are automatically allowlisted. |
Blocklist URL #1 | Allowlist URL #1 | All URLs are automatically blocklisted. |
Blocklist URL #1 and URL #2 | Allowlist URL #3 and URL #4 | URL #3 and URL #4 are allowlisted. All other URLs are automatically blocklisted. |
- Note:
Once the Web Content Filter policy is associated, private browsing will be disabled, and the user cannot clear browsing history or website data in Safari.
Configuring Plug-ins
FEATURE | DESCRIPTION |
---|---|
Filter Name | Provide a name for your plug-in. |
Plug-in Bundle ID | Enter the plugin extension and not the app id. Contact the developer to get the bundle id. |
Filter Socket | The HTTPS communication from app can be filtered through a socket. You can choose to enable or disable socket. |
Filter Webkit | All the web traffic from browser can be filtered through a webkit. You can choose to enable or disable webkit. |
Vendor configuration | These are certain functions to manage the web content. Contact the app developer to know what functions can be performed. |
Note: If you want to filter both app and web traffic then enable both webkit and socket filters. There are some advanced settings which can be enabled when specified by the vendor.