Category filter

How to set up Web Content Filtering for Mac?

Web content filtering enables your organization to regulate access to websites. Organizations may have to restrict access to certain websites due to compliance regulations, bandwidth usage, or other concerns. You can configure policies across your devices, effectively preventing users from accessing these URLs from the Safari browser.

Note:

This feature is supported only on Ultra pricing plan.

Configure Web Content Filtering

Go to the Policies tab from the Hexnode UEM dashboard.
Continue with an existing policy or create a new one by clicking on New Policy.
Select Web Content Filtering from macOS > Security. Click Configure.
Next, choose the Filter Type.
Configure the necessary settings for web content filtering.

Filter Type 1: If you have chosen Blocklist as the filter type,

Blocklist web URLs

Blocklisting a URL prevents the users from accessing any page on that website.

To blocklist web URLs, specify the URL to be blocklisted in the text field and click on Add.
.

Notes:

URLs should start with http://, ftp://, or https://.
You can blocklist multiple URLs by separating them using comma or semi-colon.

When a user tries to visit the blocklisted URLs, they will be locked out of the page with a warning message.

Blocklist by content

The option Blocklist by Content is enabled by default for macOS devices and there is no provision to disable it. This option restricts the explicit content automatically. However, admin can allow the users to access those websites by allowlisting them.

This feature is useful when you may need to provide access to websites that are blocked based on content type. Since this is an automatically enabled restriction, you will have to provide access to these websites exclusively.

To allowlist an exceptional URL,

Enter the URLs in the text field and click Add.

Notes:

URLs should start with http://, ftp://, or https://.
You can blocklist multiple URLs by separating them using comma or semi-colon.

When a user tries to visit sites with explicit content, they will be locked out of the page with a warning message.

Fig. 1: The main URL being blocklisted returns an error page.

Fig. 2: An exceptional allowlisted link in a blocklisted domain is given access.

Note:

Usually when you blocklist a URL in web filtering, it blocks access to the website in the browsers as well as the corresponding app.

Filter type 2: If you have chosen Allowlist as the filter type,

Allowlist web URLs

Allowlisting blocks the users from accessing any of the websites except the allowlisted ones.
To allowlist web URLs,

Enter the URLs in the text field and click Add.

Notes:

URLs should start with http://, ftp://, or https://.
You can whitelist multiple URLs by separating them using comma or semi-colon.

For URL Allowlisting, when the user tries to visit any other site, they are shown a warning along with the list of allowlisted sites.

Note:

Allowlisting takes precedence when deploying two contradictory Web Content Filtering policies, one blocklisting a URL and the other allowlisting the same URL.

Associate the policy with macOS devices

If you have not saved the policy yet,

Go to Policy Targets > +Add Devices. Alternatively, you can choose to associate the policy to either device groups, users, user groups or domains from the left pane.
Choose the target device/devices.
Click Ok. Click Save.

If you need to add more devices, click on +Add Devices again and repeat the above steps. This won’t affect your previous selections.

If you are on a page that lists the policies,

Select a policy.
From Manage drop-down, choose Associate Targets.
Choose the target devices and click Associate.

Exception:

Note that web content filtering restricts the users from accessing specific websites on the Safari browser only. The user may still access the given URLs from the device using other browsers.

When you want the users to access only the Safari browser, additionally perform app blocklisting over unnecessary browser apps to restrict them on the devices.

On the contrary, you can permit different browser apps on a Mac while restricting access to certain websites with the help of App Configurations. When you create the XML file, include the key attribute – URLBlocklist with the list of websites to restrict. Further, upload this file to generate app configurations for other browser apps.

<?xml version="1.0" encoding="UTF-8"?> 
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> 
<plist version="1.0"> 
<dict>  
<key>URLBlocklist</key> 
<array>  
<string>twitter.com</string>  
<string>facebook.com</string>  
</array>  
</dict>  
</plist>

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<dict>

<key>URLBlocklist</key>

<array>

<string>twitter.com</string>

<string>facebook.com</string>

</array>

</dict>

</plist>

Similarly, for whitelisting websites, you can set the key URLBlocklist to ‘*’ and list the URLs to be whitelisted under the key URLAllowlist.

<?xml version="1.0" encoding="UTF-8"?> 
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> 
<plist version="1.0">  
<dict>  
<key>URLBlocklist</key> 
<array> 
<string>*</string>  
</array> 
<key>URLAllowlist</key> 
<array>  
<string>twitter.com</string>  
<string>facebook.com</string>  
</array>  
</dict>  
</plist>