Category filter

Web content filtering on iOS devices

Web content filtering settings for iOS allow the admin to block or grant access to specific websites for secure browsing. The admin can regulate web access on iOS devices by either blocklisting or allowlisting URLs. It enables enterprises to restrict devices from accessing malicious sites and helps keep the devices secure.


  • This feature works only on supervised iOS 7.0+.
  • Available on Enterprise, Ultimate and Ultra pricing plans.

Configure Web Content Filtering via policy

To manage access to the websites on iOS devices, create a policy containing the blocklisted or allowlisted websites and push the policy to the target devices. To configure the policy,

  1. Log in to your Hexnode UEM portal.
  2. Navigate to Policies > New Policy. Assign a suitable name and description (optional) for the policy. You can also choose to continue with an existing policy.
  3. Go to iOS > Security > Web Content Filtering. Click Configure.
  4. Choose the appropriate Filter Type: Blocklist or Allowlist.

Filter Type 1: Blocklist

To block access to specific websites,

  • Choose the filter type Blocklist.
  • Enter the URLs to be blocklisted. Use comma or semi-colon to separate multiple URLs. Add valid URLs only. Valid URLs start with ‘http://’, ‘https://’ and ‘rstp://’.
  • Click on the Add button to enlist all the URLs to be blocked. To remove a URL from the list, click on the trash icon to the right of the URL.

You can also enable Apple’s built-in web filter by enabling the option “Restrict inappropriate Content”. It will block any content that includes profanity or sexually explicit language automatically. Although Apple is not entirely perfect with blocking, it reduces the need to add every URL to the blocklist manually. When you enable automatic filtering, you can see a text box right below to add URLs that you don’t want to be checked by the web filter.

Exempt URLs from auto-filtering


Usually, when you blocklist a URL in web filtering, it blocks access to it in the browsers. However, it is possible to access the corresponding app. In such cases, Hexnode allows you to blocklist/allowlist apps to control access to the apps.

After associating the web content filtering policy with the device, if the user tries to access any of the blocklisted pages (for instance,, the device prompts that the given page is restricted.

Blocklisted YouTube URL will be restricted

Filter Type 2: Allowlist

To grant access to specific websites,

  • Choose the filter type Allowlist.
  • Enter the URLs to be allowlisted in the appropriate text field. Add a valid URL starting with either ‘http://’ or ‘https://’. Only a single URL can be entered at a time, so separating multiple URLs with a comma or semi-colon won’t work here.
  • The Bookmark Name field allows you to create bookmarks in Safari. Name them, and they will appear as bookmarks.
  • The Bookmark Path field specifies the location for bookmarks in Safari. Since Apple updated this setting, all bookmarks will be listed under the “Approved Sites” folder, irrespective of what you enter here.
  • Click on the Add button to add the URLs to the list. All the allowlisted URLs are displayed right below the text fields. To remove any of the URLs from the list, click on the trash icon corresponding to the URL.

When the web content filtering policy is applied, and if the user tries to access any webpage other than ( the allowlisted ones, the device prompts that the given page is restricted. Thus, webpage access will be denied.

Only Allowlisted apps are unrestricted

Associate Policy with iOS Devices

The web content filtering configurations created in the Hexnode UEM portal have to be attached to the devices to take effect. Follow any of the following methods to associate the policy with its target entities.
Method 1: If the policy has not been saved,

  1. Navigate to Policy Targets > Devices > +Add Devices.
  2. Choose the target devices and click OK. Click Save.
  3. You can also associate the policy with Device Groups, Users, User Groups, or Domains from the left pane of the Policy Targets tab.

Method 2: If the policy has been saved,

  1. Go to the Policies tab and choose the desired policy.
  2. Click on the Manage drop-down and select Associate Targets.
  3. Choose the target entities and click Associate.

  • Once the policy is associated, private browsing will be disabled, and the user cannot clear browsing history or website data in Safari.
  • If you choose the blocklist filter type, the restricted access applies only to the URLs specified explicitly. For instance, if a blocklisted website gets redirected, the device may not block the redirected URLs if not included among the blocklisted URLs.
  • A given website may have different versions, such as mobile version, desktop version, etc. Each of them should be considered as a separate URL.
  • If both blocklisting and allowlisting policies are applied on a device, URLs common to both policies will be blocked. Only the URLs unique to the allowlisting policy will be accessible to the users. For instance, if URLs (A), (B) and (C) are allowlisted in policy A and URLs (A), (C), and (D) are blocklisted in policy B, then only URL (B) will be accessible.

  • Managing iOS Devices