Web Content Filter set on "Allow-list bookmarks" doesn't work anymore

nmf69
Conversationalist

Web Content Filter set on "Allow-list bookmarks" doesn't work anymore

Web Content Filter set on "Allow-list bookmarks" doesn't work anymore, tested on different iOS versions (ipadOS 14.3, ipadOS 14.81 en ipadOS 15.1). Did anyone else encounter the same behavior lately? I was forced to disable Safari which was not a problem, actually all restrictions and settings are still in place and running but the Web Content Filter!

5 Replies 5
Ray0
Conversationalist

having the same issue with their Web Content Filter 

they need to verify their Property fields are updated
https://developer.apple.com/documentation/devicemanagement/webcontentfilter

wyllan
Conversationalist

We have also run into this issue and took the same measure (disabling Safari) to temporarily stop bad behaviors.

 

We noticed that on the iOS devices, the web content filter restriction is pushed, but there are no filters applied.  When deployed direct to a device using Configurator, the web content filters are applied appropriately.

 

Looking at the config file from Configurator (v2.15), Apple is still using and supporting the WhitelistedBookmarks key.  The issue is that per the Apple developer docs (WebContentFilter | Apple Developer Documentation), they're supposed to be using AllowListBookmarks now (with WhiltelistedBookmarks being deprecated), which is what Meraki SM has apparently switched to using.

 

I manually updated a mobileconfig file to test the AllowListBookmarks key and pushed it with Configurator.  It broke in the same way as if SM pushed it.

 

Looks like there's no quick answer here as Apple will probably roll out support for the new key at some point soon (maybe 15.2?), so not sure if there will be a fix in SM for it.

 

In the mean time, we'll be testing a stop-gap measure by manually creating a web content filter in Configurator and deploying the mobileconifig file using a custom Apple profile.  Hopefully, I won't have to have 2 settings profiles for devices pre and post 15.2 (or whenever they switch)...

Ray0
Conversationalist

the issue is Apple has yet to push out their updated Property Fields and is still using their 'deprecated' ones 

we tested through configurator with the deprecated Property Fields (WhiltelistedBookmarks) and it worked. 

 

per Meraki support their devs discovered the same issue and are working on a plan to reverse the Property Fields back to the Apple deprecated ones  

wyllan
Conversationalist

Quick update to this thread:

 

  1. Using the manually created mobileconfig worked like a charm!  We were able to deploy it rapidly through SM and turn Safari back on.  I can provide details if needed, but it was pretty straight forward profile setup, just a very manual process.
  2. It looks like there are no plans as yet to support the older iOS/iPadOS versions as 15.2 beta is confirmed as working with SM's current implementation of the allowlist.  It appears we'll have to look at our environment and figure out how to best approach older devices below 15.2 and devices with 15.2 and above when considering the whitelist/allowlist scenario.

 

nmf69
Conversationalist

Wow, please provide details///I will probably have to walk the path. Many thanks!

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels