# URL AllowList and BlockList Beginning Browser version 2.2.x, you can now configure an allow list and block list to control browser navigation and restrict users from navigating to unauthorized websites. Use the URL blocklist and allowlist to: * **Allow access to all URLs except the ones you block** - Use the blocklist to prevent users from visiting certain websites, while allowing them access to the rest of the web. * **Block access to all URLs except the ones you allow** - Use the blocklist to block access to all URLs. Then, use the allowlist to allow access to a limited list of URLs. * **Define exceptions to very restrictive blocklists**—Use the blocklist to block access to all URLs. Then, use the allowlist to let users access certain schemes, subdomains of other domains or ports. * **Allow Browser to open apps directly on the device** - Allow specific external protocol handlers so that Browser can automatically open certain apps. {% hint style="info" %} If the block list is not set, users will have unrestricted access to websites, as your network allows. {% endhint %} The behavior for this configuration is as follows: * If the block list is defined, Browser will attempt to match the URL with the items in the block list. * If a URL is "blocked", Browser will attempt to match the URL with items in the allow list. If a match is found in the allow list, access to the URL will be granted; otherwise the user will be redirected to an access denied page. Both block list and allow list configurations use **Java Regular Expressions** to match URLs the user attempts to load. Based on configured regular expression, Browser determines "matches" based on the following logic: * If the filter contains a scheme, e.g. `chrome://.*`, Browser will perform a **regex match on the entire URL**. * If the filter contains a host only, e.g. `play.google.com`, Browser will perform a regex match on the **host section only.** * If the filter contains a port number, e.g. `:8080` or `192.168.1.3:8080`, the Browser will perform a regex match on the **host and the port number.** ## Use Cases ### Allow access to all URLs except blocked If the user is allowed to access all sites except `facebook.com` and `twitter.com`, the configuration will be setup as follows: ```json "browserRestrictions": { "blockList" : [ ".*facebook.com", ".*twitter.com" ], "allowList" : [] } ``` Since the `allowList` is unset, Browser will allow other sites, except for the ones that match in the `blockList`. In the above example, facebook.com and all of its sub-domains will be blocked, and all of twitter.com and its subdomain will be blocked, while everything else will be allowed. ### Block access to all URLs except allowed If the user will only be allowed to access URLs you define, the configuration setup will be as follows: ```json "browserRestrictions": { "blockList" : [ ".*" ], "allowList" : [ "chrome://.*" "^login.microsoftonline.com", "^play.google.com", ".*\.bluefletch.com" ] } ``` The `blockList` is defined with an "all" regex pattern, so by default all websites will be marked to be blocked, except if they're defined in the `allowList` section. In this example, the following sites will be permitted. * sites that contain the protocol `chrome://` * sites with hostnames starting with `login.microsoft.com` * sites with hostnames starting with `play.google.com` * sites from `bluefletch.com` or any of its subdomains, e.g. `support.bluefletch.com` ## Logging If using the Support Agent, Browser will log all attempted navigation to blocked URLs. {% hint style="info" %} Feature requires Browser 2.2.1 or greater and Launcher 3.20.14 or greater. {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.bluefletch.com/bluefletch-enterprise/product-guides/browser/features/url-allowlist-and-blocklist.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.