We have implemented a NEFilterDataProvider in our Network Extension. We want to utilize the WebContentFilter payload within the Device Management Configuration profile to allow the functionality of our content filter.
In the Device Management Profile documentation, there are three properties that are related and seems to have some conditions around them: FilterBrowsers, FilterPackets and FilterSockets.
It stated that
- "At least one of
FilterBrowsersorFilterSocketsneeds to be true" forFilterBrowsers, - "At least one of
FilterPacketsorFilterSocketsneeds to be true" forFilterPackets, and - At least one of
FilterBrowsersorFilterSocketsneeds to be true" forFilterSockets.
Based on the above conditions, if we only set FilterPackets to true and ignore the other two properties, it would not satisfy the condition for FilterSockets as both FilterBrowsers and FilterSockets are false. However, during testing we found out that this still works and our content filter is filtering traffic as expected.
Does this mean only ONE of the THREE properties need to be true? Or should we make changes according to the documentation to have it align with all conditions and requirements?
Any clarifications of the properties and their requirements are much appreciated!
It appears there's a mistake in the documentation. Thanks for pointing out this issue so we can get that corrected.
It's valid to only set FilterPackets to true if the filter provider is only interested in filtering traffic at the packet level (layer 2). No other key is required.
If the provider also wants to see traffic at socket or webkit level, then also set FilterSockets and/or FilterBrowsers to true.