Web Content Filter

Template

The Web Content Filter payload allows you to whitelist and blacklist specific web URLs. This payload is supported only on supervised devices.

When multiple content filter payloads are present:

  • The blacklist is the union of all blacklists—that is, any URL that appears in any blacklist is inaccessible.

  • The permitted list is the intersection of all permitted lists—that is, only URLs that appear in every permitted list are accessible when they would otherwise be blocked by the automatic filter.

  • The whitelist list is the intersection of all whitelists—that is, only URLs that appear in every whitelist are accessible.

  • URLs are matched by using string-based root matching. A URL matches a whitelist, blacklist, or permitted list pattern if the exact characters of the pattern appear as the root of the URL.

    For example, if test.com/a is blacklisted, then test.com, test.com/b, and test.com/c/d/e will all be blocked. Matching does not discard subdomain prefixes, so if test.com/a is blacklisted, m.test.com is not blocked.

    Also, no attempt is made to match aliases (IP address versus DNS names, for example) or to handle requests with explicit port numbers.

If a profile does not contain an array for PermittedURLs or WhitelistedBookmarks, that profile is skipped when evaluating the missing array or arrays.

As an exception, if a payload contains an AutoFilterEnabled key, but does not contain a PermittedURLs array, that profile is treated as containing an empty array—that is, all websites are blocked.

All filtering options are active simultaneously. Only URLs and sites that pass all rules are permitted.

Summary

PayloadType:com.apple.webcontent-filter
Supervised Only:
 N/A
macOS:N/A
macOS Deprecated:
 N/A
iOS:N/A
iOS Deprecated:N/A
Highlander:N/A

Keys

FilterType

FilterType

Type of filter, built-in or plug-in

Type Default Required Regex iOS macOS Supervised
string BuiltIn always N/A N/A N/A N/A

Note

FilterType must be Plugin on macOS

FilterType is BuiltIn

AutoFilterEnabled

Web filter enabled

Optional. If true, automatic filtering is enabled. This function evaluates each web page as it is loaded and attempts to identify and block content not suitable for children. The search algorithm is complex and may vary from release to release, but it is basically looking for adult language, i.e. swearing and sexually explicit language. The default value is false.

Type Default Required Regex iOS macOS Supervised
boolean False N/A N/A N/A N/A N/A

PermittedURLs

PermittedURLs

Used only when AutoFilterEnabled is true. Otherwise, this field is ignored. Each entry contains a URL that is accessible whether the automatic filter allows access or not.

Type Default Required Regex iOS macOS Supervised
array N/A N/A N/A N/A N/A N/A

WhitelistedBookmarks

White list

Optional. If present, these URLs are added to the browser’s bookmarks, and the user is not allowed to visit any sites other than these. The number of these URLs should be limited to about 500.

Type Default Required Regex iOS macOS Supervised
array N/A N/A N/A N/A N/A N/A

BlacklistedURLs

BlacklistedURLs

Each entry contains a URL that will not be accessible.

Type Default Required Regex iOS macOS Supervised
array N/A N/A N/A N/A N/A N/A

FilterType is Plugin

UserDefinedName

UserDefinedName

A string which will be displayed for this filtering configuration.

Type Default Required Regex iOS macOS Supervised
string N/A always N/A N/A N/A N/A

PluginBundleID

PluginBundleID

The Bundle ID of the plugin that provides filtering service.

Type Default Required Regex iOS macOS Supervised
string N/A always N/A N/A N/A N/A

ServerAddress

ServerAddress

Server address (may be IP address, hostname, or URL).

Type Default Required Regex iOS macOS Supervised
string N/A N/A N/A N/A N/A N/A

UserName

Username

A username for the service.

Type Default Required Regex iOS macOS Supervised
string N/A N/A N/A N/A N/A N/A

Password

Password

A password for the service.

Type Default Required Regex iOS macOS Supervised
string N/A N/A N/A N/A N/A N/A

PayloadCertificateUUID

Certificate UUID

UUID of the certificate payload containing an identity used as the client credential

Type Default Required Regex iOS macOS Supervised
string N/A N/A ^[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}$ N/A N/A N/A

Organization

Organization

An Organization string that will be passed to the 3rd party plugin.

Type Default Required Regex iOS macOS Supervised
string N/A N/A N/A N/A N/A N/A

FilterBrowsers

FilterBrowsers

FilterBrowsers

Type Default Required Regex iOS macOS Supervised
integer True N/A N/A N/A N/A N/A

FilterSockets

FilterSockets

FilterSockets

Type Default Required Regex iOS macOS Supervised
integer True N/A N/A N/A N/A N/A