Product Documentation

To add a web content device policy for iOS

Mar 04, 2015
You can add a device policy in XenMobile to filter web content on iOS devices by using Apple's auto-filter function in conjunction with specific sites that you add to whitelists and blacklists. This policy is available only on iOS 7.0 and later devices in Supervised mode. For information about placing an iOS device into Supervised mode, see To place an iOS device in Supervised mode by using the Apple Configurator.
  1. In the XenMobile console, click Configure > Device Policies. The Device Policies page appears.


    Select Policies page

  2. Click Add to add a new policy. The Add a New Policy dialog box appears.


    Select web content filter

  3. Click More and then, under Security, click Web Content Filter. The Web Content Filter Policy page appears.


    Web content filter policy information page

  4. In the Policy Information pane, enter the following information:
    1. Policy Name: Type a descriptive name for the policy.
    2. Description: Optionally, type a description of the policy.
  5. Click Next. The iOS Platform information page appears.


    Web content filter iOS policy information page

  6. In the iOS Platform Information page, in the Filter type list, do one of the following and then follow the procedures later in this topic for the option you choose:
    • Leave the default Built-in filter type.
    • Click Plug-in to configure the Plug-in filter type.
    To configure the Built-in filter type
    1. Auto filter enabled: Select whether to use Apple's auto-filter function to analyze websites for inappropriate content. The default is OFF.
    2. Permitted URLs: This list is ignored when Auto filter enabled is set to OFF. When Auto filter enabled is set to ON, the items in this list are always accessible regardless of whether the auto filter allows access.

      Click Add and then do the following to add websites to the whitelist:

      1. Enter the URL of the permitted website. You must add http:// or https:// before the web address.
      2. Click Save to save the website to the whitelist or click Cancel not to save it.
      3. Repeat steps i. and ii. for each website you want to add to the whitelist.
    3. Blacklisted URLs: Items in this list are always blocked.

      Click Add and then do the following to add websites to the blacklist:

      1. Enter the URL of the website to be blocked. You must add http:// or https:// before the web address.
      2. Click Save to save the website to the blacklist or click Cancel not to save it.
      3. Repeat steps i. and ii. for each website you want to add to the blacklist.
    4. Bookmark whitelist: Items in this list are the only sites accessible to users.

      Click Add and then do the following to bookmark websites:

      1. URL: Enter the URL of the website to be bookmarked. You must add http:// or https:// before the web address. This field is required.
      2. Bookmark folder: Enter an optional bookmark folder name. If this field is left blank, the bookmark is added to the default bookmarks directory.
      3. Title: Enter a descriptive title for the website. For example, type "Google" for the URL http://google.com.
      4. Click Save to save the website to the blacklist or click Cancel not to save it.
      5. Repeat steps i. through iv. for each website you want to bookmark.
      Note: To delete an existing website, hover over the line containing the listing and then click the trash can icon on the right-hand side. A confirmation dialog box appears. Click Delete to delete the listing or Cancel to keep the listing.

      To edit an existing website, hover over the line containing the listing and then click the pen icon on the right-hand side. Make any changes to the listing and then click Save to save the changed listing or Cancel to leave the listing unchanged.

    5. See Step 7 to finish configuring the Built-in filter configuration.
    To configure the Plug-in filter type


    Web content filter plug-in page

    1. Filter name: Enter a unique name for the filter.
    2. Identifier: Enter the bundle ID of the plugin that provides the filtering service.
    3. Service address: Enter an optional server address. Valid formats are IP address, hostname, or URL.
    4. User name: Enter an optional user name for the service.
    5. Password: Enter an optional password for the service.
    6. Certificate: In the list, click an optional identity certificate to be used to authenticate the user to the service. The default is None.
    7. Filter WebKit traffic: Select whether to filter WebKit traffic.
    8. Filter Socket traffic: Select whether to filter socket traffic.
    9. Custom Data: Click Add and then do the following to add custom data to the web content filter:
      1. Key: Enter the custom key.
      2. Value: Enter a value for the custom key.
      3. Click Save to save the custom key or click Cancel not to save it.
      4. Repeat steps i. through iii. for each custom key you want to add.
      Note: To delete an existing key, hover over the line containing the listing and then click the trash can icon on the right-hand side. A confirmation dialog box appears. Click Delete to delete the listing or Cancel to keep the listing.

      To edit an existing key, hover over the line containing the listing and then click the pen icon on the right-hand side. Make any changes to the listing and then click Save to save the changed listing or Cancel to leave the listing unchanged.

  7. Under Policy Settings, next to Remove policy, click either Select date or Duration until removal (in days).
  8. If you click Select date, click the calendar to select the specific date for removal.
  9. In the Allow user to remove policy list, click Always, Password required, or Never.
  10. If you click Password required, next to Removal password, type the necessary password.


    Policy removal settings

  11. Expand Deployment Rules and then configure the following settings: The Base tab appears by default.


    Deployment rules

    1. In the lists, click options to determine when the policy should be deployed.
      1. You can choose to deploy the policy when all conditions are met or when any conditions are met. The default option is All.
      2. Click New Rule to define the conditions.
      3. In the lists, click the conditions, such as Device ownership and BYOD, as shown in the preceding figure.
      4. Click New Rule again if you want to add more conditions. You can add as many conditions as you would like.
    2. Click the Advanced tab to combine the rules with Boolean options.


      Advanced deployment rules with base rules

      The conditions you chose on the Base tab appear.
    3. You can use more advanced Boolean logic to combine, edit, or add rules.
      1. Click AND, OR, or NOT.
      2. In the lists that appear, choose the conditions that you want to add to the rule and then click the Plus sign (+) on the right-hand side to add the condition to the rule.

        At any time, you can click to select a condition and then click EDIT to change the condition or Delete to remove the condition.

      3. Click New Rule again if you want to add more conditions.

        In this example, the device ownership must be BYOD, the device local encryption must be True, and the device mobile country code cannot be only Andorra.

        Advanced deployment rules complete

  12. Click Next. The Web Content Filter Policy assignment page appears.
  13. Next to Choose delivery groups, type to find a delivery group or select a group or groups in the list to which you want to assign the policy. The groups you select appear in the right-hand Delivery groups to receive app assignment list.


    Policy assignment page

  14. Expand Deployment Schedule and then configure the following settings:
    1. Next to Deploy, click ON to schedule deployment or click OFF to prevent deployment. The default option is ON. If you choose OFF, no other options need to be configured.
    2. Next to Deployment schedule, click Now or Later. The default option is Now.
    3. If you click Later, click the calendar icon and then select the date and time for deployment.
    4. Next to Deployment condition, click On every connection or click Only when previous deployment has failed. The default option is On every connection.
    5. Next to Deploy for always-on connection, click ON or OFF. The default option is OFF.
      Note: This option applies when you have configured the scheduling background deployment key in Settings > Server Properties. The always-on option is not available for iOS devices.
    Note: The deployment schedule you configure is the same for all platforms. Any changes you make apply to all platforms, except for Deploy for always on connection, which does not apply to iOS.


    Deployment schedule

  15. Click Save to save the policy.