pdf icon
Category Filter

Web Content Filter

MDM lets you control the contents that can be viewed on the browsers of managed devices using Web Content Filter. Web Content Filter lets you Blocklist or Allowlist URLs as explained below:

  • Allowlisting: Only URLs added in this filter can be viewed on the device browser, while all other URLs are blocklisted (restricted from viewing on the device browser).
  • Blocklisting: URLs added in this filter cannot be viewed on the device browser, while all other URLs are allowlisted (can be viewed on the device browser)

Other than restricting URLs, Web Content Filter also provides the option of restricting content, whereby websites with malicious content are automatically blocked irrespective of whether the website URL has been allowlisted or blocklisted. Web Content Filter is applicable for Non-Samsung(Knox unsupported) devices running 5.0 or later versions, only if provisioned as Profile Owner or Device Owner and Samsung devices running 5.0 or later with Knox version 2.6 or later. To check the Knox version, go to Settings -> About Device -> Knox version.For Samsung devices running on Android 6.0 and above, legacy enrollment is sufficient for web content filter to function.

  • Blocklisted URLs can be still be accessed if the corresponding app is present on the device. For example, even if all Facebook URLs have been restricted, users can still access Facebook, if the app is installed on the device. To prevent this, the apps must be blocklisted as explained here.
  • In Non-Samsung devices and Knox unsupported Samsung devices, Web Content Filter is applied only to Chrome and not to other browsers. In Samsung devices, Web Content Filter is applied to all the browsers on the device.
  • You can blocklist or allowlist only 1000 URLs'. It is recommended to use Chrome browser instead of Samsung browser, incase of devices with OS version 12 and above.

Policy Description

The table below explains the details to be specified in the Web Content Filter policy before associating it to devices/groups.

FEATURE DESCRIPTION KNOX-ENABLED SAMSUNG NON-SAMSUNG
LEGACY PROFILE OWNER DEVICE OWNER
Automatic restriction of malicious content Prevent websites with malicious content, from being viewed on the device browser failured failured success success
Filter Type

Specify the filter based on whether URLs are to be blocklisted or allowlisted

success failured success success
Add URLs The URLs to be allowed or restricted can be added manually or by uploading a CSV. success failured success success
Bookmark Name
(Can be configured only if Filter Type is 'Allowlist')
Specify the bookmark name to be used in the browser. This can be used if you want the allowlisted URL to be bookmarked with a specific name in the browser. success failured success success
Bookmark Location
(Can be configured only if Filter Type is 'Allowlist')
Specify the bookmark folder path to be used in the browser. This can be used to specify the bookmark folder path for saving the created bookmarks failured failured success success
Upload File
(Can be configured only if URLs are added via CSV)
Upload a CSV file with the URLs to be allowed or restricted. If Filter Type is 'Allowlist', you can also enter the bookmark name and location (for non-Samsung devices) to be used in the browser in the CSV file. success failured success success

Adding URLs in Web Content Filter

The following table explains the various scenarios where Web Content Filter can be used.

SCENARIO EXAMPLE URLs DEVICE
SAMSUNG NON-SAMSUNG
Only secure HTTP(HTTPS) URLs are to be viewed on the device. Either restrict all HTTP URLs by blocklisting http://* or allow only HTTPS URLs by allowlisting https://* success
Devices must be running 4.3 or later versions
success
The URL blocklisted/allowlisted gets redirected to another URL. If there are multiple re-directions, from one URL to another, then those URL's should also be specified under the Allowlist or Blocklist in the web content filter.For instance if example.com redirects to example.us,then example.us must also be specified in the URL list. success success
Fully Blocklist a website including both the HTTP and HTTPS versions Specify example.com to automatically Blocklist both the HTTP and the HTTPS versions of example.com success success
Fully Blocklist/Allowlist all the sub-domains associated with the website Specify example.com to automatically Allowlist/Blocklist all the sub-domains(domain1.example.com) of the website including mobile version of the website(m.example.com) success success
Blocklist a website with multiple domain extensions(.org,.biz) Specify example.* to automatically Blocklist all the available domain extensions of the website success failured
Blocklist a specific domain extension(.biz) Specify *.biz to Blocklist all websites with the domain extension .biz. success failured
Blocklist only a particular sub-domain. Specify sub-domain.example.com. This does not Blocklist example.com success success
Allow access only to specific resources on the Intranet Allowlist the corresponding IP address of the machine, to access the resources associated to the specific machine. success success

Distributing multiple Web Content Filter policies to the same device

The following table explains how Web Content Filter works on the device, when multiple profiles are pushed to the device.

PROFILE 1 PROFILE 2 EXPECTED BEHAVIOUR
Allowlist URL #1 Allowlist URL #2 URL #1 and URL #2 are allowlisted. All other URLs are automatically blocklisted.
Blocklist URL #1 Blocklist URL #2 URL #1 and URL #2 are blocklisted. All other URLs are automatically allowlisted.
Blocklist URL #1 Allowlist URL #1 URL #1 is allowlisted. All other URLs are automatically blocklisted.
Blocklist URL #1 and URL #2 Allowlist URL #3 and URL #4 URL #3 and URL #4 are allowlisted. All other URLs are automatically blocklisted.

 

Jump To