Citrix Endpoint Management

Web Content Filter device policy

You can filter web content on iOS devices by using the Apple auto-filter function with specific sites that you add to allow or block lists. Web Content Filter device policy is available only on iOS devices in Supervised mode. For information about placing an iOS device into Supervised mode, see Deploy devices using Apple Configurator 2.

Note:

  • Android devices don’t support web content filtering.
  • From iOS version 16.5 and later, the Web Content Filter device policy stops recognizing https://localhost in the allow list. This results in some apps becoming unresponsive. Also, adding a derivative of the URL such as http://localhost:, http://localhost:*, and so on to the allow list doesn’t resolve the issue.

To add or configure this policy, go to Configure > Device Policies. For more information, see Device policies.

iOS settings

  • Filter type: Click Built-in or Plug-in in the drop-down list, and then follow the procedures that follow for the option you choose. The default is Built-in.

Built-in filter type

  • Web Content Filter
    • Auto filter enabled: Whether to use the Apple auto-filter function to analyze websites for inappropriate content. The default is Off.
    • Permitted URLs: This list is ignored when Auto filter enabled is set to Off. When Auto filter enabled is set to On, the items in this list are always accessible whether the auto filter allows access or not. For each URL you want to add to the allow list, click Add and do the following:
      • Type the URL of the permitted website. You must add https:// or https:// before the web address.
      • Click Save to save the website to the allow list or click Cancel not to save it.
    • Blocked URLs: Items in this list are always blocked. For each URL you want to add to the block list, click Add and do the following:
      • Enter the URL of the website to be blocked. You must add https:// or https:// before the web address.
      • Click Save to save the website to the block list or click Cancel not to save it.
  • Bookmark allow list
    • Bookmark allow list: Specifies the sites that users can access. To enable access to websites, add their URL.
      • URL: The URL of each website that users can access. For example, to enable access to the Citrix Secure Hub store, add the Citrix Endpoint Management server URL to the URL list. You must add https:// or https:// before the web address. This field is required.
      • Bookmark folder: Enter an optional bookmark folder name. If this field is left blank, the bookmark is added to the default bookmarks directory.
      • Title: Enter a descriptive title for the website. For example, type “Google” for the URL https://google.com.
      • Click Save to save the website to the allow list or click Cancel not to save it.

Plug-in filter type

  • Filter name: Enter a unique name for the filter.
  • Identifier: Enter the bundle ID of the plug-in that provides the filtering service.
  • Service address: Enter an optional server address. Valid formats are IP address, host name, or URL.
  • User name: Enter an optional user name for the service.
  • Password: Enter an optional password for the service.
  • Certificate: Click an optional identity certificate in the drop-down list that has to be used to authenticate the user to the service. The default is None.
  • Filter WebKit traffic: Select whether to filter WebKit traffic.
  • Filter Socket traffic: Select whether to filter socket traffic.
  • Custom Data: For each custom key you want to add to the web filter, click Add and then do the following:
    • Key: Type the custom key.
    • Value: Type a value for the custom key.
    • Click Save to save the custom key or click Cancel not to save it.
  • Policy settings
    • Remove policy: Choose a method for scheduling policy removal. Available options are Select date and Duration until removal (in hours)
      • Select date: Click the calendar to select the specific date for removal.
      • Duration until removal (in hours): Type a number, in hours, until policy removal occurs. Only available for iOS 6.0 and later.
Web Content Filter device policy