Category filter

How to set up Web Content Filtering for Mac?

Web content filtering enables your organization to regulate access to websites. Organizations may have to restrict access to certain websites due to compliance regulations, bandwidth usage, or other concerns. You can configure policies across your devices, effectively preventing users from accessing these URLs from the Safari browser. Read on to find out how you can implement web content filtering on your macOS devices through the Hexnode UEM portal.

Configure Web Content Filtering on Mac

Go to the Policies tab from the Hexnode UEM dashboard.
Continue with an existing policy or create a new one by clicking on New Policy.
Select Web Content Filtering from macOS > Security. Click Configure.
Next, choose the Filter Type.
Configure the necessary settings for web content filtering.

The following elements can be restricted by setting up web content filtering on a device through the Hexnode portal:

Websites: Administrators can block access to websites by providing the URLs using Blocklist Web URLs or Allowlist Web URLs filter settings. The web content filtering feature helps admins ensure that users cannot access any sites that may disrupt productivity or expose them to any risks. Under Blocklist Web URLs filter, the URLs of the websites to be blocked are specified. Allowlist Web URLs filter allows access to only the websites that are specified explicitly and will block access to all others by default.
Explicit/Adult Content: Websites containing explicit content are automatically blocked by Hexnode UEM through the option Blocklist by Content which is enabled by default. The access to these websites is restricted along with the other blocked sites and thus maintain a safe browsing environment. The admin can give the users access to any of those websites, if necessary, by allowlisting them and thereby bypassing the auto-filter.
Clear History: On applying web content filtering on macOS devices, the user will be prevented from clearing the browsing history in the Safari browser. The Clear History option under the History tab of the browser will be disabled.
Private Browsing: Private browsing will be disabled by default. The user will be unable to open a Private Window for a private browsing session in the Safari browser.

Filter Type 1: If you have chosen Blocklist as the filter type,

Blocklist Web URLs

Blocklisting a URL prevents the users from accessing any page on that website.

To blocklist web URLs, specify the URL to be blocklisted in the text field and click on Add.
.

Notes:

URLs should start with http://, ftp://, or https://.
You can blocklist multiple URLs by separating them using comma or semi-colon.

When a user tries to visit the blocklisted URLs, they will be locked out of the page with a warning message.

Blocklist by Content

The option Blocklist by Content is enabled by default for macOS devices and there is no provision to disable it. This option restricts the explicit content automatically. However, admin can allow the users to access those websites by allowlisting them.

This feature is useful when you may need to provide access to websites that are blocked based on content type. Since this is an automatically enabled restriction, you will have to provide access to these websites exclusively.

To allowlist an exceptional URL,

Enter the URLs in the text field and click Add.

Notes:

URLs should start with http://, ftp://, or https://.
You can blocklist multiple URLs by separating them using comma or semi-colon.

When a user tries to visit sites with explicit content, they will be locked out of the page with a warning message.

Fig. 1: The main URL being blocklisted returns an error page.

Fig. 2: An exceptional allowlisted link in a blocklisted domain is given access.

Note:

Usually when you blocklist a URL in web filtering, it blocks access to the website in the browsers as well as the corresponding app.

Filter type 2: If you have chosen Allowlist as the filter type,

Allowlist Web URLs

Allowlisting blocks the users from accessing any of the websites except the allowlisted ones.
To allowlist web URLs,

Enter the URLs in the text field and click Add.

Notes:

URLs should start with http://, ftp://, or https://.
You can whitelist multiple URLs by separating them using comma or semi-colon.

For URL allowlisting, when the user tries to visit any other site, they are shown a warning along with the list of allowlisted sites.

Note:

Allowlisting takes precedence when deploying two contradictory Web Content Filtering policies, one blocklisting a URL and the other allowlisting the same URL.

Associate the policy with macOS devices

If you have not saved the policy yet,

Go to Policy Targets > +Add Devices. Alternatively, you can choose to associate the policy to either device groups, users, user groups or domains from the left pane.
Choose the target device/devices.
Click Ok. Click Save.

If you need to add more devices, click on +Add Devices again and repeat the above steps. This won’t affect your previous selections.

If you are on a page that lists the policies,

Select a policy.
From Manage drop-down, choose Associate Targets.
Choose the target devices and click Associate.

Exception:

Note that web content filtering restricts the users from accessing specific websites on the Safari browser only. The user may still access the given URLs from the device using other browsers.

When you want the users to access only the Safari browser, additionally perform app blocklisting over unnecessary browser apps to restrict them on the devices.

On the contrary, you can permit different browser apps on a Mac while restricting access to certain websites with the help of App Configurations. When you create the XML file, include the key attribute – URLBlocklist with the list of websites to restrict. Further, upload this file to generate app configurations for other browser apps.

<?xml version="1.0" encoding="UTF-8"?> 
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> 
<plist version="1.0"> 
<dict>  
<key>URLBlocklist</key> 
<array>  
<string>twitter.com</string>  
<string>facebook.com</string>  
</array>  
</dict>  
</plist>

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<dict>

<key>URLBlocklist</key>

<array>

<string>twitter.com</string>

<string>facebook.com</string>

</array>

</dict>

</plist>

Similarly, for whitelisting websites, you can set the key URLBlocklist to ‘*’ and list the URLs to be whitelisted under the key URLAllowlist.

<?xml version="1.0" encoding="UTF-8"?> 
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> 
<plist version="1.0">  
<dict>  
<key>URLBlocklist</key> 
<array> 
<string>*</string>  
</array> 
<key>URLAllowlist</key> 
<array>  
<string>twitter.com</string>  
<string>facebook.com</string>  
</array>  
</dict>  
</plist>