BlueFletch Enterprise
  • BlueFletch Enterprise
  • Product Guides
    • BlueFletch Launcher
      • Configurable Layouts
        • Layouts
        • Orientation Options
        • Criteria
        • Widgets
        • Implied Groups
        • Kiosk Mode
        • Persistent Foreground App
        • Password Protected Applications
        • Quick Start Applications Folder
        • Layout Custom Actions
        • Replacement Values
        • Assets Manager
      • Theming
        • Configure Theme
        • Site-Specific Theming
        • Custom Field Display
      • Site Information Service
      • Custom Intents
        • Standard Android Intents
        • Platform Actions
        • Filtering
        • Technical Guide
      • Security and Safety
        • Clear App Data on Logout
        • Application Enabler
        • Disable Packages
        • Key Management
        • NFC Enable/Disable
        • Secure Notifications
        • Wi-Fi UI Settings Enable/Disable
        • Motion Activated Device Lock
        • Unique Login
        • Local Admin Password
        • Device Remote Lock
      • Device Loss Prevention
        • Low Battery Mode
        • Luggage Tag Mode
        • Secure Device Mode
      • Launcher Provider SDK
      • Load Configurations via QR Code Scan
      • Getting Started
      • Technical Guide
      • Release Notes
    • Authentication and SSO
      • Features
        • Secondary Authentication
          • PIN
          • Face Recognition
          • NFC Tag
          • Barcode
          • Alternate Secondary Authentication
      • Technical Guide
        • LDAP
        • AppAuth/OIDC
        • Okta (Session)
        • MSAL
        • ADFS 3.0/2012 Using ADAL
      • Release Notes
    • Support Application
      • Features
        • Events to Splunk
        • Logs to Azure
        • External Configuration Support
        • Application Usage History
        • Generating RxLogger Log Files
      • Technical Guide
        • Event Information
        • Event Examples
      • Support Installer
      • Getting Started
      • Release Notes
    • Device Finder
      • Features
        • Device Details
        • Device Status
        • View Site Devices
      • Technical Guide
      • Getting Started
      • Release Notes
    • Browser
      • Features
        • Custom Scripts
        • FIDO2 / Webauthn Support
        • URL AllowList and BlockList
      • Technical Guide
        • Configuring Browser
        • All Configuration
        • Available Intents
        • APIs and Page Actions
      • Release Notes
    • Chat
      • Features
      • Technical Guide
      • Getting Started
      • Release Notes
    • Playbook Agent
      • Features
      • Getting Started
      • Release Notes
    • Portal
      • Login & Logout
      • Navigation & Account Settings
      • Support Agent
        • Home
        • Device Details
        • Dashboards
        • Cards
        • Event Explorer
        • Reports
      • Enterprise Launcher
        • Creating a Configuration
        • Sending a Notification
        • Managing Sites
      • Playbook MDM
        • Playbooks
        • Plays
        • Devices
        • Deployment Groups
        • Zebra StageNow
      • EMM Console
        • Overview
        • Setup
          • Enroll Org in EMM
          • Policy Management
          • Provisioning
          • Device Management
          • Installing Playbook in EMM
        • Troubleshooting
          • Device Issues
          • Policy Issues
      • Chat Manager
        • Overview
        • Chat Roles
        • Chat Channels
        • Chat Audio Transcription
        • Message Logs
      • Admin
        • Organization
        • Single Sign On
          • Azure Setup
          • Okta Setup
          • Google Workspace Setup
          • Portal Setup
        • Users
        • Roles
          • Overview
          • Predefined Roles
          • Permissions
          • Manage Roles
        • Downloads
        • Agents
        • Key Management
          • Overview
          • API Keys
          • Device Keys
          • Device Restrictions
          • Allowed IP Addresses
        • Enterprise
        • Audit Logs
      • Event Forwarding
      • Remote Control
      • Getting Started
      • Release Notes
    • Other Applications
      • Messaging
        • Features
        • Technical Guide
        • Release Notes
      • Keyboard
        • Features
        • Technical Guide
          • How to: Set Keyboard as default
        • Release Notes
      • Bluetooth
        • Features
        • Release Notes
      • Voice Chat
        • Features
        • Release Notes
      • Device Remote Control
        • Features
        • Technical Guide
        • Release Notes
      • Device ID
        • Features
        • Technical Guide
        • Release Notes
      • Suite Installer
        • Technical Guide
        • Release Notes
      • Accessibility Enabler
        • Release Notes
      • EPM Plugin
        • Features
        • Technical Guide
        • Release Notes
    • Workforce Identity
  • Technical Documentation
    • Updating License Key
    • Commonly Reported Issues
    • Deploying BlueFletch Enterprise
      • Android 10 and 11
      • MDMs
        • Workspace One (VMWare AirWatch)
        • SOTI
        • Microsoft Intune
          • Microsoft Intune + Playbook
      • From Portal to Playbook Agent
Powered by GitBook
On this page
  • Use Cases
  • Allow access to all URLs except blocked
  • Block access to all URLs except allowed
  • Logging
  1. Product Guides
  2. Browser
  3. Features

URL AllowList and BlockList

Beginning Browser version 2.2.x, you can now configure an allow list and block list to control browser navigation and restrict users from navigating to unauthorized websites.

Use the URL blocklist and allowlist to:

  • Allow access to all URLs except the ones you block - Use the blocklist to prevent users from visiting certain websites, while allowing them access to the rest of the web.

  • Block access to all URLs except the ones you allow - Use the blocklist to block access to all URLs. Then, use the allowlist to allow access to a limited list of URLs.

  • Define exceptions to very restrictive blocklists—Use the blocklist to block access to all URLs. Then, use the allowlist to let users access certain schemes, subdomains of other domains or ports.

  • Allow Browser to open apps directly on the device - Allow specific external protocol handlers so that Browser can automatically open certain apps.

If the block list is not set, users will have unrestricted access to websites, as your network allows.

The behavior for this configuration is as follows:

  • If the block list is defined, Browser will attempt to match the URL with the items in the block list.

  • If a URL is "blocked", Browser will attempt to match the URL with items in the allow list. If a match is found in the allow list, access to the URL will be granted; otherwise the user will be redirected to an access denied page.

Both block list and allow list configurations use Java Regular Expressions to match URLs the user attempts to load. Based on configured regular expression, Browser determines "matches" based on the following logic:

  • If the filter contains a scheme, e.g. chrome://.*, Browser will perform a regex match on the entire URL.

  • If the filter contains a host only, e.g. play.google.com, Browser will perform a regex match on the host section only.

  • If the filter contains a port number, e.g. :8080 or 192.168.1.3:8080, the Browser will perform a regex match on the host and the port number.

Use Cases

Allow access to all URLs except blocked

If the user is allowed to access all sites except facebook.com and twitter.com, the configuration will be setup as follows:

"blockList" : [
    ".*facebook.com",
    ".*twitter.com"
],
"allowList" : []   //leave unset

Since the allowList is unset, Browser will allow other sites, except for the ones that match in the blockList. In the above example, facebook.com and all of its sub-domains will be blocked, and all of twitter.com and its subdomain will be blocked, while everything else will be allowed.

Block access to all URLs except allowed

If the user will only be allowed to access URLs you define, the configuration setup will be as follows:

"blockList" : [
    ".*"
],
"allowList" : [    
   "chrome://.*"
   "^login.microsoftonline.com",
    "^play.google.com",
    ".*\.bluefletch.com"
]

The blockList is defined with an "all" regex pattern, so by default all websites will be marked to be blocked, except if they're defined in the allowList section. In this example, the following sites will be permitted.

  • sites that contain the protocol chrome://

  • sites with hostnames starting with login.microsoft.com

  • sites with hostnames starting with play.google.com

  • sites from bluefletch.com or any of its subdomains, e.g. support.bluefletch.com

Logging

If using the Support Agent, Browser will log all attempted navigation to blocked URLs.

Feature requires Browser 2.2.1 or greater and Launcher 3.20.14 or greater.

PreviousFIDO2 / Webauthn SupportNextTechnical Guide

Last updated 1 year ago