Skip to content

Web Filtering configuration (Chrome Security policy)

With the Web Filtering configuration you manage the Web Filtering feature of the Sophos Chrome Security extension. This protects users from browsing sites with malicious, undesirable or illegal content.

Tip

For the purpose of testing website filtering, Sophos has created the site sophostest.com containing example pages for each category. Although some of these pages are classified as potentially offensive or dangerous, the page content itself is harmless in all cases.

When you turn on Web Filtering, Sophos Mobile always blocks web pages categorized as highly objectionable criminal activity, such as child pornography. To prevent others from accessing these pages, Sophos Mobile masks the URLs in logs, events, and reports.

Settings

Setting Description
Filter malicious websites Select whether users can access websites with malicious content.
Create events When the user tries to open a filtered website, Sophos Mobile creates an alert.

You can select whether Sophos Mobile creates alerts only when a site is blocked or also for sites that produce a warning.

Check embedded content Web pages are filtered based on their own content and on embedded content like ads. For example if you set the Gambling category to Block, all gambling websites and all pages containing gambling-related ads are blocked.

If you turn off this option, Web Filtering ignores embedded content unless it’s malicious.

Filter websites by category Select whether users can access types of websites.

Websites are categorized based on data from SophosLabs. The data is updated constantly.

Website exceptions Configure exceptions to the category filters:
  • Allowed domains: Websites that are allowed, even though the category they belong to is blocked.
  • Blocked domains: Websites that are blocked, even though the category they belong to is allowed.

Website exceptions

In Allowed domains and Blocked domains, enter one of the following per line (without separator):

  • IPv4 or IPv6 address

    203.0.113.0

    2001:db8:85a3:0:0:8a2e:370:7334

  • IPv4 or IPv6 subnet

    203.0.113.0/24

    2001:db8::/32

  • Domain

    www.example.com

  • Wildcard domain. The wildcard * must be the leftmost character.

    *.example.com

    *example.com

In Blocked domains, you can use a single wildcard * to block all websites.

IP addresses and subnets are ignored if the user refers to a website by its domain name.

Filtering logic

When Web Filtering evaluates whether a website must be allowed or blocked, the allow list takes precedence over the block list, and policy-defined lists take precedence over user-defined lists.

Filtering rules are applied in the following sequence:

  1. If the website is included in Allowed domains, it is allowed.
  2. If the website is included in Blocked domains, it is blocked.
  3. If the user has added the website to the allow list, it is allowed.
  4. If the user has added the website to the block list, it is blocked.
  5. The website is allowed or blocked based on its category.