You can allow or prevent end users from accessing specific URLs using a Web browser by configuring a Web content filter payload that is applied to devices. All URLs must begin with http:// or https://. If necessary, you must create separate entries for both the HTTP and HTTPS versions of the same URL. The Web content filter payload requires iOS 7+ supervised devices.

  1. Navigate to Devices > Profiles & Resources > Profiles > Add. Select iOS.

  2. Configure the profile's General settings.

    These settings determine how the profile deploys and who receives it. For more information on General settings, see Add General Profile Settings.

  3. Select the Content Filter payload.
  4. Select Filter Type drop-down menu:

Built-in: Allow Web sites

Configure a whitelist of URLs to allow end users to access only these specific Web sites on the list and prevent them from accessing any other Web sites.

  1. Select Built-in: Allow Websites in the Filter Type drop-down menu to choose what plug-ins can be accessed.

  2. Select Add and configure a list of allowed Web sites:

    Setting Description
    Allowed URLs The URL of a whitelisted site.
    Title The bookmark title.
    Bookmark Path The folder into which the bookmark is added in Safari.

Built-in: Deny Web sites

Configure a blacklist of URLs to prevent users from accessing the specified Web sites. However, all other Web sites remain available to end users. Also, Web sites with profanity are automatically filtered unless an exception is permitted.

  1. Select Built-in: Deny Website in the Filter Type drop-down menu and configure blacklisted Web sites:

    Setting Description
    Blacklisted URLs Enter Blacklisted URLs and separate with new lines, spaces, or commas.
    Automatically filter inappropriate Web sites Select to filter adult Web sites.
    Bookmark Path Enter the folder path into which the bookmark is added in Safari.
    Permitted URLs Enter any Web sites that may be allowed as exceptions to the automatic filter.


This payload allows you to integrate with a third-party Web content filtering plug-in with Safari. If you want to integrate specifically with Forcepoint or Blue Coat content filters, see the appropriate sections in this guide.

  1. Select Plug-in in the Filter Type drop-down menu to choose what plug-ins can be accessed. You must enable either Webkit or Socket traffic needs in order for the payload to work

    Setting Description
    Filter Name Enter the name of filter that displays on the device.
    Identifier Enter the bundle ID of the identifier of the plug-in that provides filtering service.
    Service Address Enter the hostname, IP address, or URL for service.
    Organization Choose the organization string that is passed to the third party plug-in.
    Filter WebKit Traffic Select to choose whether to filter Webkit traffic.
    Filter Socket Traffic

    Select to choose whether to filter SocKet traffic.

  2. Configure the Authentication information including:

    Setting Description
    Username Use look-up values to pull directly from the user account record. Ensure your AirWatch user accounts have an email address and email user name defined.
    Password Enter the password for this account.
    Payload Certificate Choose the authentication certificate.
  3. Add Custom Data which includes keys required by the third-party filtering service. This information goes into the vendor config dictionary.
  4. Select Save & Publish.