Enable web content filter from configuration profile

App & System Services Networking
borisestrada OP
Created Nov ’20
Replies 8
Boosts 0
Views 2.8k
Participants 4
Hi, how can I enable web content filter from a configuration profile?
I'm using the "com.apple.webcontent-filter" payload, also I'm specify to use Plug-in as FilterType and app’s bundle identifier is set as the value of the PluginBundleID field in the profile payload. Further my app using Network Extension, FilterDataProvider and FilterControlProvider.

What I want to achive is to enable the web content filter without open my app.
Answered by DTS Engineer in 647982022

Should work as I dont need to open my app on the managed device for
enabling the web content filter?

Yes.

When you think about this it’s a clear requirement of the current design. By definition the user of a supervised device can’t make device-wide changes, and thus there’s no way that they can configure the filter from your app. That means that the only way to configure the filter is via a configuration profile.

Correlating your profile to the documentation I see a number of problems:

  • You don’t need FilterDataProviderBundleIdentifier and FilterDataProviderDesignatedRequirement on iOS.

  • You can omit FilterPackets because packet filters aren’t a thing on iOS.

  • You’ve redacted the PluginBundleID value, so it’s not clear what bundle ID you’re using. The documentation isn’t particularly forthcoming on this either so, just to be clear, this must be the bundle ID of the container app.

When I want to set up stuff like this I lean heavily on Apple Configurator. The following is an example of what it generates when you supply all the required parameters and nothing else:

Code Block  
<dict>
    <key>FilterBrowsers</key>
    <true/>
    <key>FilterSockets</key>
    <true/>
    <key>FilterType</key>
    <string>Plugin</string>
    <key>PayloadDescription</key>
    <string>Configures content filtering settings</string>
    <key>PayloadDisplayName</key>
    <string>My Filter Config</string>
    <key>PayloadIdentifier</key>
    <string>com.apple.webcontent-filter.2EF1184F-FC41-4477-BA81-D46AB318D8BB</string>
    <key>PayloadType</key>
    <string>com.apple.webcontent-filter</string>
    <key>PayloadUUID</key>
    <string>2EF1184F-FC41-4477-BA81-D46AB318D8BB</string>
    <key>PayloadVersion</key>
    <integer>1</integer>
    <key>PluginBundleID</key>
    <string>com.example.apple-samplecode.Test667016</string>
    <key>UserDefinedName</key>
    <string>Test667016 Filter Config</string>
</dict>


Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
Replies  8
Boosts  0
Views  2.8k
Participants  4
DTS Engineer OP
Apple
Nov ’20

how can I enable web content filter from a configuration profile?

On which platform?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
0
borisestrada OP
Nov ’20
I want to enable the web content filter on a iOS device, iOS 12.x
(I'm using Workspace one as MDM)

Thanks for your reply.
0
DTS Engineer OP
Apple
Nov ’20

I want to enable the web content filter on a iOS device, iOS 12.x

Is the device supervised? That’s a requirement for the content filter on iOS.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
0
borisestrada OP
Nov ’20
Yes the iOS device is supervised.
0
DTS Engineer OP
Apple
Nov ’20

Yes the iOS device is supervised.

Cool. You should be able to make that work. What does your com.apple.webcontent-filter payload look like?

ps It’ll be easier to real if you use triple backticks to format it as code.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
0
borisestrada OP
Nov ’20
Should work as I dont need to open my app on the managed device for enabling the web content filter?

Here is my com.apple.webcontent-filter payload 

Code Block 
<dict>
	<key>UserDefinedName</key>
	<string>ProTective Web Content Filter</string>
	<key>PayloadDescription</key>
	<string>WebContentFilterSettings</string>
	<key>PayloadIdentifier</key><string>com.apple.webcontent-filter.96980f60-3b6b-45fa-8555-9d6e58a50666</string>
	<key>PayloadUUID</key><string>96980f60-3b6b-45fa-8555-9d6e58a50666</string>
	<key>PayloadType</key><string>com.apple.webcontent-filter</string>
	<key>PayloadVersion</key><integer>1</integer>
	<key>FilterDataProviderBundleIdentifier</key>
	<string>extension.FilterDataProvider.BundleIdentifier</string>
	<key>FilterDataProviderDesignatedRequirement</key>
	<string>extension.FilterDataProvider.DesignatedRequirement</string>
	<key>FilterPackets</key>
	<false/>
	<key>FilterBrowsers</key>
	<true/>
	<key>FilterSockets</key>
	<true/>
	<key>FilterType</key>
	<string>Plugin</string>
	<key>PluginBundleID</key>
	<string>my.app.bundle.id</string>
</dict>

0
DTS Engineer OP
Apple
Nov ’20
Accepted Answer

Should work as I dont need to open my app on the managed device for
enabling the web content filter?

Yes.

When you think about this it’s a clear requirement of the current design. By definition the user of a supervised device can’t make device-wide changes, and thus there’s no way that they can configure the filter from your app. That means that the only way to configure the filter is via a configuration profile.

Correlating your profile to the documentation I see a number of problems:

  • You don’t need FilterDataProviderBundleIdentifier and FilterDataProviderDesignatedRequirement on iOS.

  • You can omit FilterPackets because packet filters aren’t a thing on iOS.

  • You’ve redacted the PluginBundleID value, so it’s not clear what bundle ID you’re using. The documentation isn’t particularly forthcoming on this either so, just to be clear, this must be the bundle ID of the container app.

When I want to set up stuff like this I lean heavily on Apple Configurator. The following is an example of what it generates when you supply all the required parameters and nothing else:

Code Block  
<dict>
    <key>FilterBrowsers</key>
    <true/>
    <key>FilterSockets</key>
    <true/>
    <key>FilterType</key>
    <string>Plugin</string>
    <key>PayloadDescription</key>
    <string>Configures content filtering settings</string>
    <key>PayloadDisplayName</key>
    <string>My Filter Config</string>
    <key>PayloadIdentifier</key>
    <string>com.apple.webcontent-filter.2EF1184F-FC41-4477-BA81-D46AB318D8BB</string>
    <key>PayloadType</key>
    <string>com.apple.webcontent-filter</string>
    <key>PayloadUUID</key>
    <string>2EF1184F-FC41-4477-BA81-D46AB318D8BB</string>
    <key>PayloadVersion</key>
    <integer>1</integer>
    <key>PluginBundleID</key>
    <string>com.example.apple-samplecode.Test667016</string>
    <key>UserDefinedName</key>
    <string>Test667016 Filter Config</string>
</dict>


Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
1
borisestrada OP
Nov ’20
Hi, thanks for your answers.
We have verified our Network Extension plugin now, using a profile configuration as described here and made in Apple Configurator 2, our iOS app is downloaded via TestFlight on a supervised iOS device. Works as expected :)

Thanks!
0
Enable web content filter from configuration profile
First post date Last post date
 
 
Q