Category filter

How to set up Web Content Filtering on Android devices?

Corporate deployed endpoints often house confidential and sensitive documents. These critical data must always be kept secure. Since the data remains in the employee devices that are not heavily guarded, it is highly vulnerable to attacks or breaches. These attacks mainly occur when the employees click on an unsecured or unwanted website. These issues can be quickly resolved by blocking employees’ access to unsecure websites through web content filtering. Nevertheless, blocking access to specific websites helps the organization save network bandwidth.


This feature is available on Enterprise and higher pricing plans.

Configure Web Content Filtering on Android

To configure web filters,

  1. Login to your Hexnode portal.
  2. Head on to Policies.
  3. Select an existing policy from the list or add a new one.
  4. Go to Android > Security > Web Content Filtering.

web content filtering for Android devices using MDM


Web Content Filtering policy works only on Android 6+ Samsung Knox devices with Customisation SDK above 2.6 (Knox API level 19).

Blacklisting URLs

If you have a single URL or a particular set of URLs that you might want to keep away from the end user’s reach, then blacklisting them will be the better option. Even if you blacklist a subdirectory URL such as “”, the whole domain “” will be blacklisted.

However, if a subdomain such as “” is blacklisted, it does not block the domain “” or other subdomains like “”.

Before adding URLs, make sure

  • URLs start with either http:// or https://.
  • Separate the URLs using commas or semi-colons.

To blacklist URLs,

  1. Login to your Hexnode portal.
  2. Go to Policies.
  3. Select an existing policy from the list or add a new one.
  4. Go to Android > Security > Web Content Filtering. Click Configure.
  5. Set the filter type as “Blacklist”.
  6. In the text box provided below, enter a URL that is to be blacklisted, followed by pressing the ‘check’ button to the right.

All the added URLs will be displayed on the Web Content Filtering policy page. Click the X button if you wish to remove any URL from the list.


  • Usually, when you blacklist a URL using web content filtering, access to the URL is blocked on browsers and corresponding applications. However, the access will not be blocked on applications if it uses a different URL.
  • On the device end, the blacklisted websites cannot be opened. The user will be greeted with the page showing “No internet”. Sites that are not whitelisted will also be considered blacklisted.

A website is blocked by adding it to the blacklist.

Whitelisting URLs

You can whitelist a URL to block access to all other URLs from the device. Note that you cannot add a complete URL including its subfolders (something like to be inserted into the field. Even if you insert the complete URL, the entire domain ( in the case of the above example) will be whitelisted.
Also, if the domain “” is whitelisted, it does not permit access to subdomains like “” and “”. Hence, you will have to add them separately to the whitelist to allow them on the devices.

The same rules of blacklisting URLs apply here.

  • Prefix http:// or https:// to a URL.
  • Whitelist single or multiple URLs. Separate the URLs using commas or semi-colons.

To whitelist a URL,

  1. Login to your Hexnode portal.
  2. Go to Policies.
  3. Select an existing policy from the list or add a new one.
  4. Select Web Content Filtering from Android > Security.
  5. Click on the radio button corresponding to the “Whitelist” option to set it as the filter type.
  6. By default, contents in the Google Play Store app cannot be accessed from the devices when whitelisting is enabled. But you can allow access to the Play Store app by selecting the option Allow Google Play Store.
  7. In the box provided below, enter the URLs one by one, which needs to be whitelisted.

  • If a URL is whitelisted in one policy and blacklisted in another, the URL will be blocked on the device end. In the case of multiple URLs, only the whitelisted URLs that are not blacklisted can be accessed.
  • Tethering or VPN functionalities on the device may get affected when the Web Content Filtering policy is associated. It is expected behavior on Samsung Knox devices configured with firewall rules.

On the device end, the user will only be able to open websites that are whitelisted, thus preventing them from accessing any unwanted sites.

Only the whitelisted site can be opened

Associate Policies with Target entities

If the policy has not yet been saved.

  1. Navigate to Policy Targets.
  2. Select the Devices, Users, Device Groups, User Groups and Domains to which the policy has to be attached.
  3. Click on Save to apply the policies to the target entities.

If the policy has been saved, you can associate it with another method.

  1. From the “Policies” tab, select the policy to be associated.
  2. Click on Manage > Associate Targets and select the target entities. This can be devices, users, groups, or domains.
  3. Click on Associate.
  • Managing Android Devices