Whitelist URLs and external protocol handlers

As a Microsoft® Windows® administrator, you can use the Windows registry to allow users to access specific URLs on their Windows computer, even if they’re blacklisted. You can also use the registry to specify which local Windows apps webpages can open.

You use the URLWhitelist policy to define exceptions to restrictive blacklists. For example, If '*' is included in the blacklist to block all requests, then this policy can be used to allow access to a limited list of URLs. You can also use it to open exceptions to certain schemes, subdomains of other domains, ports, or specific paths.

For detailed information on the policy, see URLWhitelist policy.

External protocol handlers

The Chrome external protocol prevents a browser from automatically opening an application. You can use the URLWhitelist policy to specify which applications the browser is allowed to open. You do this by adding a list of allowed external protocol handlers to the whitelist.

Note: To configure the URLWhitelist policy, computers must be joined to a domain using Microsoft® Active Directory®.

Update the Windows registry

You can use .reg files to make the same registry changes on multiple computers. You can use any text editor tool to view or edit them. To import a .reg file into the Windows Registry, double-click the file. You can set the default scope or individual extension scopes in the .reg file.

The following example shows a list of whitelisted URLs as they would appear in the .reg file:

Software\Policies\Google\Chrome\URLWhitelist\1 = "example.com" Software\Policies\Google\Chrome\URLWhitelist\2 = "https://ssl.server.com" Software\Policies\Google\Chrome\URLWhitelist\3 = "hosting.com/good_path" Software\Policies\Google\Chrome\URLWhitelist\4 = "https://server:8080/path" Software\Policies\Google\Chrome\URLWhitelist\5 = ".exact.hostname.com"

The following example shows how to add the external app store protocol handler to the whitelist, to allow links to the ExternalAppStore to pop up in the local Windows app:

Software\Policies\Google\Chrome\URLWhitelist\1 = ExternalAppStore:*

You need to set the URLWhitelist policy on each computer where you want the new setting to take effect. You might need to restart the computer to see changes take effect.

Known Issue

There is currently a known issue that requires you to have at least one entry in the URLBlacklist policy for the whitelist to work. This can be any entry, even one such as http://example.com. We will correct this issue in a future Chrome release.

Was this article helpful?
How can we improve it?