Category Filter

Web content filtering on iOS devices

Web content filtering settings for iOS allow the admin to block or grant access to specific websites for secure browsing. The admin can regulate web access on iOS devices by either blacklisting or whitelisting URLs. It enables enterprises to restrict devices from accessing malicious sites and helps keep the devices secure.

Notes:

  • This feature works only on supervised iOS 7.0+.
  • Available on Enterprise, Ultimate and Ultra pricing plans.

Configure Web Content Filtering via policy

To manage access to the websites on iOS devices, create a policy containing the blacklisted or whitelisted websites and push the policy to the target devices. To configure the policy,

  1. Log in to your Hexnode MDM portal.
  2. Navigate to Policies > New Policy. Assign a suitable name and description (optional) for the policy. You can also choose to continue with an existing policy.
  3. Go to iOS > Security > Web Content Filtering. Click Configure.
  4. Choose the appropriate Filter Type: Blacklist or Whitelist.

Filter Type 1: Blacklist

To block access to specific websites,

  • Choose the filter type Blacklist.
  • Enter the URLs to be blacklisted. Use comma or semi-colon to separate multiple URLs. Add valid URLs only. Valid URLs start with ‘http://’, ‘https://’ and ‘rstp://’.
  • Click on the Add button to enlist all the URLs to be blocked. To remove a URL from the list, click on the trash icon to the right of the URL.

You can also enable Apple’s built-in web filter by enabling the option “Restrict inappropriate Content”. It will block any content that includes profanity or sexually explicit language automatically. Although Apple is not entirely perfect with blocking, it reduces the need to add every URL to the blacklist manually. When you enable automatic filtering, you can see a text box right below to add URLs that you don’t want to be checked by the web filter.

Blacklist by content for blocked access and whitelist urls for bypassing restriction

Note:


Usually, when you blacklist a URL in web filtering, it blocks access to it in the browsers. However, it is possible to access the corresponding app. In such cases, Hexnode allows you to blacklist/whitelist apps to control access to the apps.


After associating the web content filtering policy with the device, if the user tries to access any of the blacklisted pages (for instance, https://youtube.com), the device prompts that the given page is restricted.
Restricted access to Youtube – iOS web content filtering

Filter Type 2: Whitelist

To grant access to specific websites,

  • Choose the filter type Whitelist.
  • Enter the URLs to be whitelisted in the appropriate text field. Add a valid URL starting with either ‘http://’ or ‘https://’. Only a single URL can be entered at a time, so separating multiple URLs with a comma or semi-colon won’t work here.
  • The Bookmark Name field allows you to create bookmarks in Safari. Name them, and they will appear as bookmarks.
  • The Bookmark Path field specifies the location for bookmarks in Safari. Since Apple updated this setting, all bookmarks will be listed under the “Approved Sites” folder, irrespective of what you enter here.
  • Click on the Add button to add the URLs to the list. All the whitelisted URLs are displayed right below the text fields. To remove any of the URLs from the list, click on the trash icon corresponding to the URL.


When the web content filtering policy is applied, and if the user tries to access any webpage other than (https://www.hexnode.com) the whitelisted ones, the device prompts that the given page is restricted. Thus, webpage access will be denied.
iOS-web-content-filtering-whitelisting-urls

Associate Policy with iOS Devices

The web content filtering configurations created in the Hexnode MDM portal have to be attached to the devices to take effect. Follow any of the following methods to associate the policy with its target entities.
Method 1: If the policy has not been saved,

  1. Navigate to Policy Targets > Devices > +Add Devices.
  2. Choose the target devices and click OK. Click Save.
  3. You can also associate the policy with Device Groups, Users, User Groups, or Domains from the left pane of the Policy Targets tab.

Method 2: If the policy has been saved,

  1. Go to the Policies tab and choose the desired policy.
  2. Click on the Manage drop-down and select Associate Targets.
  3. Choose the target entities and click Associate.
Notes:

  • Once the policy is associated, private browsing will be disabled, and the user cannot clear browsing history or website data in Safari.
  • If you choose the blacklist filter type, the restricted access applies only to the URLs specified explicitly. For instance, if a blacklisted website gets redirected, the device may not block the redirected URLs if not included among the blacklisted URLs.
  • A given website may have different versions, such as mobile version, desktop version, etc. Each of them should be considered as a separate URL.
  • If you apply conflicting policies to a device such that blacklisting and whitelisting are associated with a given website, blacklisting takes precedence, i.e., the blacklist filter is the most restrictive.