Web Content Filter
MDM lets you control the contents that can be viewed by users on the Chrome on managed Chromebooks, using Web Content Filter. Web Content Filter lets you Blocklist or Allowlist URLs as explained below:
- Allowlisting: Only URLs added in this filter can be viewed by the user on Chrome, while all other URLs are blocklisted(restricted from viewing on the device browser).
- Blocklisting: URLs added in this filter cannot be viewed by the user on Chrome, while all other URLs are allowlisted(can be viewed on the device browser)
Other than restricting URLs, Web Content Filter also provides the option of creating bookmarks, for allowlisted URLs.
Blocklisted URLs can be still be accessed if the corresponding app is present on the device. For example, even if all Facebook URLs have been restricted, users can still access Facebook, if the app is installed on the device. To prevent this, the apps must be blocklisted as explained here.
The table below explains the details to be specified in the Web Content Filter policy before associating it to devices/groups.
|Filter Type||Specify the filter based on whether URLs are to be blocklisted/allowlisted|
|URL||Specify the URLs to be blocklisted/allowlisted|
(Can be configured only if Filter Type is 'Allowlist')
|Specify the bookmark name to be used in the browser. This can be used if you want the allowlisted URL to be bookmarked with a specific name in the browser.|
Adding URLs in Web Content Filter
The following table explains the various scenarios where Web Content Filter can be used.
|Only secure HTTP(HTTPS) URLs are to be viewed on the device.||Either restrict all HTTP URLs by blocklisting http://* or allow only HTTPS URLs by allowlisting https://*|
|The URL blocklisted/allowlisted gets redirected to another URL.||Specify the second URL(to which the first redirects to). If example.com redirects to example.us,then example.us must be specified|
|Fully Blocklist a website including both the HTTP and HTTPS versions||Specify example.com to automatically Blocklist both the HTTP and the HTTPS versions of example.com|
|Fully Blocklist/Allowlist all the sub-domains associated with the website||Specify example.com to automatically Allowlist/Blocklist all the sub-domains(domain1.example.com) of the website including mobile version of the website(m.example.com)|
|Blocklist a website with multiple domain extensions(.org,.biz)||Specify example.* to automatically Blocklist all the available domain extensions of the website|
|Blocklist a specific domain extension(.biz)||Specify *.biz to Blocklist all websites with the domain extension .biz.|
|Blocklist only a particular sub-domain.||Specify sub-domain.example.com. This does not Blocklist example.com|
|Allow access only to specific resources on the Intranet||Allowlist the corresponding IP address of the machine, to access the resources associated to the specific machine.|
Distributing multiple Web Content Filter policies to the same device
The following table explains how Web Content Filter works on the device, when multiple profiles are pushed to the device.
|PROFILE 1||PROFILE 2||EXPECTED BEHAVIOUR|
|Allowlist URL #1||Allowlist URL #2||URL #1 and URL #2 are allowlisted. All other URLs are automatically blocklisted.|
|Blocklist URL #1||Blocklist URL #2||URL #1 and URL #2 are blocklisted. All other URLs are automatically allowlisted.|
|Blocklist URL #1||Allowlist URL #1||URL #1 is allowlisted. All other URLs are automatically blocklisted.|
|Blocklist URL #1 and URL #2||Allowlist URL #3 and URL #4||URL #3 and URL #4 are allowlisted. All other URLs are automatically blocklisted.|