Skip to content

Web Filtering configuration (Mobile Threat Defense policy for iOS)


This configuration only applies to supervised devices.

With the Web Filtering configuration you manage the Web Filtering feature of Sophos Intercept X for Mobile. This protects users from browsing sites with malicious, undesirable or illegal content.

Web Filtering blocks a website when the user opens it in Safari or another web browser and also when an app connects to it.


Web Filtering uses the Sophos website classification service If Web Filtering can’t connect to this service, it blocks all websites.


For the purpose of testing website filtering, Sophos has created the site containing example pages for each category. Although some of these pages are classified as potentially offensive or dangerous, the page content itself is harmless in all cases.

When you turn on Web Filtering, Sophos Mobile always blocks web pages categorized as highly objectionable criminal activity, such as child pornography. To prevent others from accessing these pages, Sophos Mobile masks the URLs in logs, events, and reports.


Setting Description
Filter malicious websites Select whether users and apps can access websites with malicious content.
Create events

When users or apps try to open a filtered website, Sophos Mobile creates an event, which you can see on the device’s details page.

You can select whether Sophos Mobile creates events only when a site is blocked or also for sites that produce a warning.

Filter websites by category

Select whether users and apps can access types of websites.

Websites are categorized based on data from SophosLabs. The data is updated constantly.

Website exceptions

Configure exceptions to the category filters:

  • Allowed domains: Websites that are allowed, even though the category they belong to is blocked.
  • Blocked domains: Websites that are blocked, even though the category they belong to is allowed.

Website exceptions


Web Filtering filters all web traffic, including traffic from third-party and system apps. Be careful not to block domains these apps depend on.

In Allowed domains and Blocked domains, enter one of the following per line (without separator):

  • IPv4 or IPv6 address


  • IPv4 or IPv6 subnet


  • Domain

  • Wildcard domain. The wildcard * must be the leftmost character.



In Blocked domains, you can use a single wildcard * to block all websites.


Adding wildcard domains to your Blocked domains list can have unexpected effects. Many websites contain third-party resources, such as fonts or JavaScript code, that are hosted on other domains. If you block these domains, websites might not open correctly.

Filtering logic

When Web Filtering evaluates whether a website must be allowed or blocked, the allow list takes precedence over the block list, and policy-defined lists take precedence over user-defined lists.

Filtering rules are applied in the following sequence:

  1. If the website is included in Allowed domains, it is allowed.
  2. If the website is included in Blocked domains, it is blocked.
  3. If the user has added the website to the allow list, it is allowed.
  4. If the user has added the website to the block list, it is blocked.
  5. If the website belongs to a category that’s forbidden, it’s blocked.