Only allow approved sites in chrome

expand collapsive

I am trying to setup my phones. I need to lockdown chrome browser only to some approved sites. How can I do that?

All Replies

  • Hey there.

    @mont, Web Content Filtering is supported only on Android 6+ Samsung devices with Knox SDK 2.6+. It works on all browsers including Google Chrome.

    @edm, I cannot pinpoint your requirements from your query. As you have mentioned about “phones” I am assuming it’s either Android mobiles or iPhones.

    We have several methods to whitelist websites depending on your requirement. I will explain each method here.

    For iOS devices –

    iOS has a native method to blacklist/whitelist websites throughout the entire device across all managed browsers. This can be achieved by configuring a Web Content Filtering policy and applying it to supervised iOS 7+ devices.

    iOS devices support this feature only if they are supervised and the browsers installed are managed. In a non-supervised device, these configurations will not be applied and the user will be allowed to surf all websites using Safari or any other unmanaged browser.

    For Android devices –

    Supported apps in Android devices enrolled in Android Enterprise can be managed using App Configurations.
    Google Chrome for Android provides support for app configurations. Find the following fields while setting up

    App Configuration for Google Chrome-

    1. Block access to a list of URLs – Here, you can specify all the URLs that must be blocked. As you are planning to whitelist, you need to block all websites. The wildcard, asterisk (*) can be used for this purpose. Passing the asterisk symbol in the “Block access to a list of URLs” field will block all websites other than the ones allowed in the “Allow access to a list of URLs” field.
    2. Allow access to a list of URLs – Here, you can define exceptions to the blocked URLs. Type the URL’s that you need to access/whitelist.

    Now, save the configuration and apply the policy to the required devices. Google Chrome will be locked to the specified list of websites.

    Do remember that these configurations are application-specific. Other browsers will not be affected by these configurations and hence will be able to access the restricted websites.

    If you have an Android 6+ Samsung Knox device with customization SDK 2.6+, you can use the Web Content Filter policy to whitelist or blacklist the websites throughout all browsers in the device.

    On Knox devices with lower versions or on devices that are not enrolled in Android Enterprise, Google Chrome cannot be used to achieve this functionality. Hexnode provides specialized browsers that support URL whitelisting. This method, however, requires you to lock your device in a Kiosk mode using Hexnode UEM. The devices will be confined to a set of specified apps and websites. You will have to create Web Apps first and then assign the Web Apps in the Kiosk Mode. Now, you can set up Website Kiosk Settings using Hexnode Browser Lite or Hexnode Kiosk Browser to configure other websites to be whitelisted. Also, only add the required apps in the kiosk and never add any other browsers as they will be able to access the restricted URLs.

    Now, the Hexnode browser will be configured with the required settings and the users will only be able to access the whitelisted apps.

    Have a great day!

    Shawn Payne.
    Hexnode UEM.

  • Participant



    Hello. The devices managed by me are all non-supervised, but I still need to prevent access to such websites for all the employees as they are draining a lot of data. Can I do that using Hexnode?

  • Hey @mortim,

    Unfortunately, there is no UEM capable of performing the functionality that you have requested. Apple MDM protocols have defined the use of non-supervised devices in a BYOD scenario. This means that only a part of such devices, called the managed part, can be accessed by UEM’s and only such managed apps can be controlled. This is done to protect user privacy.

    So, unless you supervise those devices, we cannot provide device-level content filtering. However, you can implement network/router level filtering. You could configure a firewall/VPN/proxy to block all such unwanted websites from the corporate network. This will prevent users from accessing such apps/websites using the corporate network.

    Hope this helps.

    Shawn Payne.
    Hexnode UEM

  • Hello Chyou,

    Thank you for reaching out to us.

    Web content filtering can only be used to block sites in Safari. But you can always make use of the App Configurations feature to block specific sites in Google Chrome. Simply create an xml file that blacklists the sites you want to block and upload it after selecting Google Chrome from Policies > New Policy > macOS > App Configurations. Associate the policy to the required devices and you are good to go. Feel free to refer to our detailed help doc on setting up App Configurations if you get stuck.

    Deborah Timothy
    Hexnode UEM

  • Participant



    Installed chrome as enterprise app (pkg) on all macs. Can I also push extensions to all of them using Hexnode? There are 100+ devices and 10+ extensions. I don’t have to install them manually, right? Don’t ruin my week!!

  • Hexnode



    Hello Soren,

    Thank you for reaching out to us. Hexnode just saved your week!! You will not have to sit and install all the extensions manually.  You can use the feature App Configurations to install extensions to customize your browsers that are installed using its pkg file.

    Include the following in the xml file that you deploy,


    You can add any number of extensions by including their ID and update URL in the XML file in the given format. To get the ID and update URL:

      1. Install the necessary extensions on one device.
      2. Open Google Chrome and open the Extensions tab. You can do this by entering chrome://extensions in the address bar or clicking on the three dots in the upper right corner > More Tools > Extensions.
      3. A list of all the added extensions can be seen. Copy the ID of the extensions you want.
      4. If the extensions are installed on a macOS device, the update URL can be found by opening Finder > Go > Go to Folder> ~/Library/Application Support/Google/Chrome/Default/Extensions. Open the folder that has the same name as the ID of the extension. Note down the update URL from the .json file present in the folder.
      5. If the extensions are installed on a Windows device, the update URL will be present in the .json file in C:\Users\%UserName%\AppData\Local\Google\Chrome\UserData\Default\Extensions

    Hope that helps. Feel free to reach out if you get stuck.

    Deborah Timothy
    Hexnode UEM

  • Hexnode



    Hello Cynthia-liz

    Thank you for reaching out to us. Here is the general format for giving the sites that need to be blocked or allowed:


    • Scheme is an optional field and usually refers to https, http, ftp, chrome etc. It must be followed by //.
    • Dot (.) is prefixed before host to filter the sites with the exact hostname. It is an optional prefix.
    • Host is a required field whose value is an IP address or a hostname. It can also take * as its value. This will block all URLs other than the one mentioned in Allow access to a list of URLs.
    • Port is an optional field that takes a value between 1 and 65535.
    • Path is an optional field that can take any string value.
    • Query is an optional parameter that contains a set of key-value and key-only tokens delimited by ‘&’.

    You might find these examples useful:
    "", "", "", "http://server:8080/path", "", "file://*"

    Deborah Timothy
    Hexnode UEM