Problem
Environment
- Chrome OS
- Chrome Browser for Windows, Mac and Linux
Solution
Blocked URLs
Prevents Chrome browser users from accessing specific URLs.
To configure this setting, enter up to 1,000 URLs on separate lines.
Blocked URL exceptions
Specifies exceptions to the list of blocked URL. To configure the setting, enter up to 1,000 URLs on separate lines.
URL syntax
Each URL must have a valid hostname (such as google.com), an IP address, or an asterisk (*) in place of the host. The asterisk functions like a wildcard, representing all hostnames and IP addresses.
URLs can also include:
- The URL scheme, which is http, https, or ftp, followed by ://
- A valid port value from 1 to 65,535
- The path to the resource
- Query parameters
Notes:
- To disable subdomain matching, put an extra period before the host.
- You cannot use user:pass fields, such as http://user:pass@ftp.example.com/pub/bigfile.iso. Instead, enter http://ftp.example.com/pub/bigfile.iso.
- When both blocked URLs and blocked URLs exception filters apply (with the same path length), the exception filter takes precedence.
- If an extra period precedes the host, the policy filters exact host matches only.
- You cannot use a wildcard at the end of a URL, such as https://www.google.com/* and https://google.com/*.
- The policy searches wildcards (*) last.
- The optional query is a set of key-value and key-only tokens delimited by '&'.
- The key-value tokens are separated by '='.
- A query token can optionally end with a '*' to indicate prefix match. Token order is ignored during matching.
- locking internal chrome://* and chrome-untrusted://* URLs can lead to unexpected errors or can be circumvented in some cases. Instead of blocking certain internal URLs, see if there are more specific policies available.
Examples
Blocked URLs entry | Result |
---|---|
example.com | Blocks all requests to example.com, www.example.com, and sub.www.example.com |
http://example.com | Blocks all HTTP requests to example.com and any of its subdomains, but allows HTTPS and FTP requests |
https://* | Blocks all HTTPS requests to any domain |
mail.example.com | Blocks requests to mail.example.com but not to www.example.com or example.com |
.example.com | Blocks example.com but not its subdomains, like example.com/docs |
.www.example.com | Blocks www.example.com but not its subdomains |
* | Blocks all requests to URLs except for those listed as a blocked URL exception. This includes any URL scheme, such as http://google.com, https://gmail.com, and chrome://policy. |
*:8080 | Blocks all requests to port 8080 |
*/html/crosh.html | Blocks Chrome Secure Shell (Also known as Crosh Shell) |
chrome://settings chrome://os-settings |
Blocks all requests to chrome://os-settings |
example.com/stuff | Blocks all requests to example.com/stuff and its subdomains |
192.168.1.2 | Blocks requests to 192.168.1.2 |
youtube.com/watch?v=V1 | Blocks youtube video with id V1 |