This article applies to organisations with a 'Hybrid' setup (both On-Premise Appliance and Cloud), as well as On-Premise only and Cloud only setups.
Smoothwall Browser only applies your Web Filter Policies within itself and can’t filter content in other web browsing apps, such as link previews in word processors.
To stop links and content from opening in other apps, install Smoothwall's Content Filter Plugin. The end user won’t be able to access the site, and will see a message that says: ‘Restricted Site: You cannot browse this page at “URL” because it is restricted.’
Before you begin
- The iPad must be a supervised device with Smoothwall Browser installed.
- Your MDM supports creating Web Content Filters or deploying a manually created profile from Apple Configurator.
Install the Content Filter Plugin
- In Apple Configurator, create a new profile or open an existing profile.
Tip
If you use a different MDM, refer to the provider’s documentation to create a profile and install it on iPads.
- Go to Content Filter > Configure.
- For the Filter Type, select Plugin (Third Party App).
- Fill in the fields as required:
- For Identifier, enter Smoothwall Browser's Bundle ID: com.smoothwall.ios.Firefox
- Do not select or fill in the Service Address, Organization, User Name, Password, Certificate and Custom Data fields.
- Ensure the Filter WebKit Traffic checkbox is selected.
- Deselect the Filter Socket Traffic checkbox.
- Save the profile by going to File > Save.
- Install the configuration profile on your iPads.
Set custom filter rules
Some apps display content using an internal web browser without allowing users to browse the wider internet. By default, the Content Filter Plugin blocks the content, but you can create custom rules to allow specific apps or websites to show their content.
- In Apple Configurator, open an existing profile.
- Go to Content Filter > Configure.
- Enter custom rules in the Custom Data section:
- In the Key column:
- Enter the bundle ID, such as ‘com.example.MathsQuiz’, to set the rule for a specific app.
- Enter a domain or hostname to set the rule for a specific website.
- Enter allow or block in the Value column.
- In the Key column:
- Deploy the rule changes to iPads.
If you have multiple hostnames or apps from the same vendor, you can use a wildcard *. To explicitly block content that might be allowed by a wildcard, set the Value as block.
Example
To allow access to an example website, and allow access to a ‘Maths Quiz’, ‘Spelling Quiz’ and ‘Cooking Quiz’, but block ‘Exam’, you’d need rules with these settings:
| Key | Value |
| com.example.* | allow |
| com.example.Exam | block |
| www.examplewebsite.com | allow |
Order the rules are applied
Rules are applied in this order, regardless of the order of rules in the Custom Data section:
- If the app is Smoothwall Browser, filtering is applied via your Web Filter Policies.
- Access is allowed for single sign-on from Google or Microsoft.
- App-specific custom filter rules.
- Custom filter rules for apps using a wildcard. If there are multiple matches, the longest is used.
- Host-specific custom filter rules.
- Custom filter rules using a wildcard. If there are multiple matches, the longest is used.
- If no rules match, access to the content is blocked.
Report on blocked and allowed requests
Due to Apple’s restrictions, you can’t report on what content was allowed or blocked by the Content Filter Plugin in Cloud Reports or the On-Premise Appliance Reports and Logs.
If you have a Mac computer, you can use the Console app to view Content Filter Plugin's filtering decisions:
- Add a custom data rule with Debug as the Key and true as the Value, and deploy the configuration to a test iPad.
- Connect the iPad to the Mac.
- In the Console app, search the logs for smw.DataFilter
Important
Remove the Debug rule after testing to prevent anyone with physical access to the iPad from accessing the full browsing history across all apps.