Allow or block access to websites

Applies to managed Chrome Browsers and Chrome devices.

As a Chrome Enterprise administrator, you can blacklist and whitelist URLs so that users can only visit certain websites. Restricting users’ internet access can increase productivity and protect your organization from viruses and malicious content found on some websites.

When to blacklist and whitelist URLs

Use the blacklist and whitelist for basic URL management. If you need stronger filtering, use a content-filtering, web-proxy server or extension.

Use the URL blacklist and whitelist to:

  • Allow access to all URLs except the ones you block—Use the blacklist to prevent users from visiting certain websites, while allowing them access to the rest of the web.
  • Block access to all URLs except the ones you allow—Use the blacklist to block access to all URLs. Then, use the whitelist to allow access to a limited list of URLs. 
  • Define exceptions to very restrictive blacklists—Use the blacklist to block access to all URLs. Then, use the whitelist to let users access certain schemes, subdomains of other domains, ports, or specific paths.
  • Allow Chrome Browser to open apps—Whitelist specific external protocol handlers so that Chrome Browser can automatically open certain apps.

Sometimes, the blacklist and whitelist does not work as expected. For example, if you blacklist an entire website and whitelist a specific webpage URL for that site, users might be able to access other content on that website.

Step 1: Review policies

Policy Description

URLBlacklist

Prevent users from accessing a list of blocked URLs. Users can access all URLs except those that you blacklist.

Unset: Users can access all website URLs without restriction.

URLWhitelist

Use it with URLBlacklist to allow users to access specific URLs as exceptions to the URL blacklist. The whitelist takes precedence over the blacklist. To work, you need at least one entry in the blacklist. 

Unset: There are no exceptions to the URL blacklist.

Step 2: Specify URLs Chrome users can visit

Click below for the steps, based on how you want to manage these policies.

Admin console

Applies when users sign in to a managed Google Account on Chrome Browser or a Chrome device.

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Device managementand thenChrome management.

    If you don't see Device management on the Home page, click More controls at the bottom.

  3. Click User settings.
  4. On the left, select the organization where you want to configure policies.

    For all users, select the top-level organization. Otherwise, select a child organization.

  5. Scroll to URL Blocking and enter URLs as needed:
    • URL Blacklist—URLs that you want to prevent users from accessing.

      For syntax and examples, see User settings > URL Blacklist.

    • URL Blacklist Exception—URLs that you want to allow users to access (whitelist). Access is allowed even if the URLs are also defined in URL Blacklist.

      For syntax and examples, see User settings > URL Blacklist Exceptions.

    You can blacklist and whitelist up to 1,000 URLs.

  6. Click Save.
  • URL Blacklist is not recognized by apps that use Android System WebView. To enforce a blacklist on these apps, define the blacklisted URLs in a text file and apply the blacklist to the Android apps on an app-by-app basis. For apps that don’t use Android System WebView, see the app documentation for information on how to restrict access in a similar way.
  • URL Blacklist Exception is usually recognized by Android apps that use Android System WebView. However, other apps might not respect the blacklist. You can whitelist the apps that use Android System WebView and omit the ones that don’t. For information on whitelisting Android apps, see Allow the installation of approved apps.
Windows

Applies to Windows users who sign in to a managed account on Chrome Browser.

Using Group Policy

In your Microsoft Windows Group Policy Editor (Computer or User Configuration folder):

  1. Go to Policiesand thenAdministrative Templatesand thenGoogleand thenGoogle Chrome.
  2. Enable Block access to a list of URLs.
    Tip: If you don't see this policy, download the latest policy template.
  3. Add the URLs that you want to block.
    Leaving this policy Not configured uses the Unset behavior described above.
  4. Enable Allows access to a list of URLs.
  5. Add the URLs that you want users to access.
    Leaving this policy Not configured uses the Unset behavior described above.
  6. Deploy the update to your users.

You can blacklist and whitelist up to 1,000 URLs. For URL syntax, see URL Blacklist filter format.

Mac

Applies to Mac users who sign in to a managed account on Chrome Browser.

In your Chrome policy configuration profile (.plist file):

  1. Add or update the following keys.
    • Add the URLs that you want to block to the URLBlacklist key.
    • Add the URLs that you want users to access to the URLWhitelist key.
  2. Deploy the changes to your users.

You can blacklist and whitelist up to 1,000 URLs. For URL syntax, see URL Blacklist filter format.

The example shows how to block all URLs except mail.example.com, wikipedia.org, and google.com.

<key>URLBlacklist</key>
<dict>
 <array>
  <string>*</string>
</array>
</dict>
<key>URLWhitelist</key>
<dict>
<array>
  <string>mail.example.com</string>
  <string>wikipedia.org</string>
  <string>google.com</string>
</array>
</dict>

Linux

Applies to Linux users who sign in to a managed account on Chrome Browser.

Using your preferred JSON file editor:

  1. Go to your /etc/opt/chrome/policies/managed folder.
  2. Create or update a JSON file and enter URLs as needed:
    • In URLBlacklist, add the URLs that you want to block.
    • In URLWhitelist, add the URLs that you want users to access.
  3. Deploy the update to your users.

You can blacklist and whitelist up to 1,000 URLs. For URL syntax, see URL Blacklist filter format.

The example shows how to block all URLs except mail.example.com, wikipedia.org, and google.com.

First, create a file that contains the blacklisted URLs.

{
  "URLBlacklist": ["*"]
}

Then, create a file that contains the whitelisted URLs.

{
    "URLWhitelist": ["mail.example.com", "wikipedia.org", "google.com"]
}

Step 3 : Verify policies are applied

After you apply any Chrome policies, users need to restart Chrome Browser for the settings to take effect. You can check users’ devices to make sure the policy was applied correctly.

  1. On a managed device, go to chrome://policy.
  2. Click Reload policies.
  3. For URLBlacklist and URLWhitelist, make sure Status is set to OK.
  4. For URLBlacklist and URLWhitelist, click Show value and make sure that the value fields are the same as what you set in the policy.
Was this article helpful?
How can we improve it?