Kaspersky Secure Mobility Management

Configuring user access to websites

This section contains instructions on how to configure access to websites on Android and iOS devices.

In this section

Configuring access to websites on Android devices

Configuring access to websites on iOS MDM devices

Page top
[Topic 136563]

Configuring access to websites on Android devices

You can use Web Protection to configure access of Android device users to websites. Web Protection supports website filtering by categories defined in Kaspersky Security Network cloud service. Filtering allows you to restrict user access to certain websites or categories of websites (for example, those from the "Gambling, lotteries, sweepstakes", or "Internet communication" categories). Web Protection also protects the personal data of users on the internet.

To enable Web Protection:

  • The Statement regarding data processing for the purpose of using Web Protection (Web Protection Statement) must be accepted. Kaspersky Endpoint Security uses Kaspersky Security Network (KSN) to scan websites. The Web Protection Statement contains the terms of data exchange with KSN.

    You can accept the Web Protection Statement for the user in Kaspersky Security Center. In this case, the user is not required to take any action.

    If you have not accepted the Web Protection Statement and prompt the user to do this, the user must read and accept the Web Protection Statement in the app settings.

    If you have not accepted the Web Protection Statement, Web Protection is not available.

Web Protection on Android devices is supported only by Google Chrome, HUAWEI Browser, Samsung Internet, and Yandex Browser.

If the Kaspersky Endpoint Security for Android app in device owner mode is not enabled as an Accessibility Features service, Web Protection is supported only by the Google Chrome browser and checks only the domain of a website. To allow other browsers (Samsung Internet Browser, Yandex Browser, and HUAWEI Browser) support Web Protection, enable Kaspersky Endpoint Security as an Accessibility Features service. This will also enable the Custom Tabs feature operation.

The Custom Tabs feature is supported by Google Chrome, HUAWEI Browser, and Samsung Internet Browser.

Web Protection for HUAWEI Browser, Samsung Internet Browser, and Yandex Browser does not block sites on a mobile device if a work profile is used and Web Protection is enabled only for the work profile.

Web Protection is enabled by default: user access to websites in the Phishing and Malware categories is blocked. On devices managed by the Kaspersky Endpoint Security for Android app in device owner mode, Web Protection is supported only by the Google Chrome browser and checks only the domain of a website. To allow other browsers (Samsung Internet Browser, Yandex Browser, and HUAWEI Browser) to support Web Protection, Kaspersky Endpoint Security must be enabled as an Accessibility Features service.

To configure the settings of the device user's access to websites:

  1. In the console tree, in the Managed devices folder, select the administration group to which the Android devices belong.
  2. In the workspace of the group, select the Policies tab.
  3. Open the policy properties window by double-clicking any column.

    Complete the following steps within 15 minutes. Otherwise, you may face an error when saving changes to the policy.

  4. In the policy Properties window, select the Web Protection.
  5. To use Web Protection, you or device user must read and accept the Statement regarding data processing for the purpose of using Web Protection (Web Protection Statement):
    1. Click the Web Protection Statement link at the top of the section.

      This opens Statement regarding data processing for purpose of using Web Protection window.

    2. Read and accept Privacy Policy by selecting the corresponding check box. To view Privacy Policy, click the Privacy Policy link.

      If you do not accept Privacy Policy, mobile device user can accept Privacy Policy in the Initial Configuration Wizard or in the app (ks4android_settings_buttonAboutTerms and conditionsPrivacy Policy).

    3. Select the Web Protection Statement acceptance mode:
      • I have read and accept the Web Protection Statement
      • Request acceptance of the Web Protection Statement from the device user
      • I do not accept the Web Protection Statement

        If you select I do not accept the Web Protection Statement, the Web Protection does not block sites on a mobile device. Mobile device user cannot enable Web Protection in the Kaspersky Endpoint Security.

    4. Click OK to close the window.

    Screenshot of Statement regarding data processing for purpose of using Web Protection window. Users can select to accept, request acceptance from the user, or decline the Web Protection Statement.

    Step 5. Accept the Statement regarding data processing for purpose of using Web Protection.

  6. Select the Enable Web Protection check box.
  7. If you want the app to check a full URL when opening a website in Custom Tabs, select the Check full URL when using Custom Tabs check box.

    Custom Tabs is an in-app browser that allows the user to view web pages without having to leave the app and switch to a full web browser version. This option provides better detection of a URL and its check against the configured Web Protection rules. If the check box is selected, Kaspersky Endpoint Security for Android opens the website in a full version of the browser and checks whole web address of the website. If the check box is cleared, Kaspersky Endpoint Security for Android checks only the domain of a website in Custom Tabs.

  8. Select one of the following options:
    • If you want the app to restrict user access to websites depending on their content, do the following:
      1. In the Web Protection section, in the drop-down list select Websites of selected categories are forbidden.
      2. Create a list of blocked categories by selecting check boxes next to the categories of websites to which the app will block access.

    Screenshot of the Web Protection section. You can select checkboxes for the categories of websites you want to block access to.

    Step 8. Web Protection section. Select the categories of websites to block access to.

    • If you want the app to allow or restrict user access only to websites specified by the administrator, do the following:
      1. In the Web Protection section, in the drop-down list select Only listed websites are allowed or Only listed websites are blocked.

        If Kaspersky Endpoint Security for Android is not set as an Accessibility feature, Web Protection may block an allowed website that loads some elements from a website with a domain that is not in the list of allowed domains.

      2. Create a list of websites by adding addresses of websites to which the app will allow or block access, depending on the value selected in the drop-down list. You can add websites by link (full URL, including the protocol, e.g. https://example.com).

        To make sure that the app allows or blocks access to the specified website in all supported versions of Google Chrome, HUAWEI Browser, Samsung Internet Browser, and Yandex Browser, include the same URL twice, once with the HTTP protocol (e.g., http://example.com) and once with the HTTPS protocol (e.g., https://example.com).

        For example:

        • https://example.com—The main page of the website is either allowed or blocked. This URL can only be accessed through the HTTPS protocol.
        • http://example.com—The main page of the website is either allowed or blocked, but only when accessed through the HTTP protocol. Other protocols like HTTPS are not affected.
        • https://example.com/page/index.html—Only the index.html page of the website will be allowed or blocked. The rest of the website is not affected by this entry.

        The app also supports regular expressions. When entering the address of an allowed or blocked website, use the following templates:

        • https://example\.com/.*—This template blocks or allows all child pages of the website, accessed via the HTTPS protocol (for example, https://example.com/about).
        • https?://example\.com/.*—This template blocks or allows all child pages of the website, accessed via both the HTTP and HTTPS protocols.
        • https?://.*\.example\.com—This template blocks or allows all subdomain pages of the website (e.g., https://pictures.example.com).
        • https?://example\.com/[abc]/.*—This template blocks or allows all child pages of the website where the URL path begins with 'a', 'b', or 'c' as the first directory (e.g., https://example.com/b/about).
        • https?://\w{3,5}.example\.com/.*—This template blocks or allows all child pages of the website where the subdomain consists of a word with 3 to 5 characters (e.g., http://abde.example.com/about).

        Use the expression https? to select both the HTTP and HTTPS protocols. For more details on regular expressions, please refer to the Oracle Technical Support website.

    Screenshot of the Web Protection section with a drop-down list on the 'Only listed websites are allowed' option. You can add website addresses to the list of websites you want to allow access to.

    Step 9. Web Protection section. Specify the list of websites to allow access to.

    • If you want the app to block user access to all websites, in the Web Protection section, in the drop-down list, select All websites are blocked.
  9. To lift content-based restrictions on user access to websites, clear the Enable Web Protection check box.
  10. Click the Apply button to save the changes you have made.

Mobile device settings are changed after the next device synchronization with Kaspersky Security Center.

Managing the website list

You can manage the list of websites with the following buttons:

  • Add - Click to add a website to the list by entering a URL or regular expression.
  • Import - Click to add multiple websites to the list by specifying a TXT file which contains the required URLs or regular expressions. The file must be encoded in UTF-8. URLs or regular expressions in the file must be separated by semicolons or by line breaks.
  • Edit - Click to change the address of a website.
  • Delete - Click to remove a website from the list. To remove multiple websites from the list, select them with the CTRL+A, CTRL+left-click, or SHIFT+left-click hotkeys, and then click Delete.
Page top
[Topic 89905]

Configuring access to websites on iOS MDM devices

Configure Web Protection settings to control access to websites for iOS MDM device users. Web Protection controls a user's access to websites based on lists of allowed and blocked websites. Web Protection also lets you add website bookmarks on the bookmark panel in Safari.

By default, access to websites is not restricted.

If a URL is redirected to a different website, Web Protection checks only the redirect target.

Web Protection settings can be configured for supervised devices only.

To configure access to websites on the user's iOS MDM device:

  1. In the console tree, in the Managed devices folder, select the administration group to which the iOS MDM devices belong.
  2. In the workspace of the group, select the Policies tab.
  3. Open the policy properties window by double-clicking any column.

    Complete the following steps within 15 minutes. Otherwise, you may face an error when saving changes to the policy.

  4. In the policy Properties window, select the Web Protection section.
  5. In the Web Protection settings section, select the Apply settings on device check box.
  6. To block access to blocked websites and allow access to allowed websites:
    1. In the Web Filter Mode drop-down list, select the Limit adult content mode.
    2. In the Allowed websites section, create a list of allowed websites.

      The website address should begin with "http://" or "https://". Kaspersky Device Management for iOS allows access to all websites in the domain. For example, if you have added http://www.example.com to the list of allowed websites, access is allowed to http://pictures.example.com and http://example.com/movies. If the list of allowed websites is empty, the application allows access to all websites other than those included in the list of blocked websites.

    3. In the Forbidden websites section, create a list of blocked websites.

      The website address should begin with "http://" or "https://". Kaspersky Device Management for iOS blocks access to all websites in the domain.

  7. To block access to all websites other than allowed websites on the tab list:
    1. In the Web Filter Mode drop-down list, select the Allow bookmarked websites only mode.
    2. In the Bookmarks section, create a list of bookmarks of allowed websites.

      The website address should begin with "http://" or "https://". Kaspersky Device Management for iOS allows access to all websites in the domain. If the bookmark list is empty, the application allows access to all websites. Kaspersky Device Management for iOS adds websites from the list of bookmarks on the bookmarks tab in Safari in the user's mobile device.

  8. Click the Apply button to save the changes you have made.

As a result, once the policy is applied, Web Protection will be configured on the user's mobile device according to the mode selected and lists created.

Page top
[Topic 88661]