What can a URL whitelist do?
A URL whitelist is a sub-function of the connection of a web application that allows the setter to specify the domains and resources that the connector can connect to. This means that only websites on the whitelist can communicate with your browser and computer. All other websites will be blocked.
How to set up a URL whitelist
- Click on any web application, click Edit, and switch to the URL whitelist tab.
- After enabling the whitelist, you can enter the allowed domains or domain resources here.
- You can further check whether to fully match. If you do not check fully match, the subdomains under the domain will also be included in the whitelist.
For example: www.domain.com/resource
When "Exact Match" is not toggled, the following domains will also be included in the whitelist.
www.domain.com/resoce/sub-resource
www.domain.com/resoce/sub-resource/pic
Please note that currently Azure, GCP, AWS cloud doesn't support this feature, due the cross site security checking.
Frequently Asked Questions
Q: Can anyone set up a URL whitelist?
A: Any user with edit permission for a web application in RBAC can edit it.
Q: Are administrators also subject to URL restrictions?
A: Yes, they are.