Category filter

How to set up Web Content Filtering on Android devices?

Corporate deployed endpoints often house confidential and sensitive documents. These critical data must always be kept secure. Since the data remains in the employee devices that are not heavily guarded, it is highly vulnerable to attacks or breaches. These attacks mainly occur when the employees click on an unsecured or unwanted website. These issues can be quickly resolved by blocking employees’ access to unsecure websites through web content filtering. Nevertheless, blocking access to specific websites helps the organization save network bandwidth.


This feature is available on Enterprise and higher pricing plans.

Configure Web Content Filtering on Android

To configure web filters,

  1. Login to your Hexnode portal.
  2. Head on to Policies.
  3. Select an existing policy from the list or add a new one.
  4. Go to Android > Security > Web Content Filtering.

Android policy for Web Content Filtering


Web Content Filtering policy works only on Android 6+ Samsung Knox devices with Customisation SDK above 2.6 (Knox API level 19).

Blocklisting URLs

If you have a single URL or a particular set of URLs that you might want to keep away from the end user’s reach, then blocklisting them will be the better option. Even if you blocklist a subdirectory URL such as “”, the whole domain “” will be blocklisted.

However, if a subdomain such as “” is blocklisted, it does not block the domain “” or other subdomains like “”.

Before adding URLs, make sure

  • URLs start with either http:// or https://.
  • Separate the URLs using commas or semi-colons.

To blocklist URLs,

  1. Login to your Hexnode portal.
  2. Go to Policies.
  3. Select an existing policy from the list or add a new one.
  4. Go to Android > Security > Web Content Filtering. Click Configure.
  5. Set the filter type as “Blocklist”.
  6. In the text box provided below, enter a URL that is to be blocklisted, followed by pressing the ‘check’ button to the right.

All the added URLs will be displayed on the Web Content Filtering policy page. Click the X button if you wish to remove any URL from the list.


  • Usually, when you blocklist a URL using web content filtering, access to the URL is blocked on browsers and corresponding applications. However, the access will not be blocked on applications if it uses a different URL.
  • On the device end, the blocklisted websites cannot be opened. The user will be greeted with the page showing “No internet”. Sites that are not allowlisted will also be considered blocklisted.

Blocklisted website blocked on Android device

Allowlisting URLs

You can allowlist a URL to block access to all other URLs from the device. Note that you cannot add a complete URL including its subfolders (something like to be inserted into the field. Even if you insert the complete URL, the entire domain ( in the case of the above example) will be allowlisted.
Also, if the domain “” is allowlisted, it does not permit access to subdomains like “” and “”. Hence, you will have to add them separately to the allowlist to allow them on the devices.

The same rules of blocklisting URLs apply here.

  • Prefix http:// or https:// to a URL.
  • Allowlist single or multiple URLs. Separate the URLs using commas or semi-colons.

To allowlist a URL,

  1. Login to your Hexnode portal.
  2. Go to Policies.
  3. Select an existing policy from the list or add a new one.
  4. Select Web Content Filtering from Android > Security.
  5. Click on the radio button corresponding to the “Allowlist” option to set it as the filter type.
  6. By default, contents in the Google Play Store app cannot be accessed from the devices when allowlisting is enabled. But you can allow access to the Play Store app by selecting the option Allow Google Play Store.
  7. In the box provided below, enter the URLs one by one, which needs to be allowlisted.

  • If a URL is allowlisted in one policy and blocklisted in another, the URL will be blocked on the device end. In the case of multiple URLs, only the allowlisted URLs that are not blocklisted can be accessed.
  • Tethering or VPN functionalities on the device may get affected when the Web Content Filtering policy is associated. It is expected behavior on Samsung Knox devices configured with firewall rules.

On the device end, the user will only be able to open websites that are allowlisted, thus preventing them from accessing any unwanted sites.

Only Allowlisted websites are accessible on Android devices

Associate Policies with Target entities

If the policy has not yet been saved.

  1. Navigate to Policy Targets.
  2. Select the Devices, Users, Device Groups, User Groups and Domains to which the policy has to be attached.
  3. Click on Save to apply the policies to the target entities.

If the policy has been saved, you can associate it with another method.

  1. From the “Policies” tab, select the policy to be associated.
  2. Click on Manage > Associate Targets and select the target entities. This can be devices, users, groups, or domains.
  3. Click on Associate.
  • Managing Android Devices