Hi all.
I'm exploring the new URL Filter framework that supports filtering URLs in encrypted HTTPS traffic. I'm particularly interested in understanding how we can leverage this in System Extensions on macOS.
-
Can URL Filter be implemented within a macOS System Extension? The documentation seems to focus primarily on iOS implementations.
-
I've attempted to evaluate the "Filtering traffic by URL" sample code by running PIRService on localhost (tried both macOS native binary, and Linux container) and SimpleURLFilter on the iOS simulator (26.0 23A5260l). However, the app fails to apply the configuration with NetworkExtension.NEURLFilterManager.Error 8, and PIRService doesn't receive any requests. Is this functionality supported in the simulator environment?
-
Does Keyword Private Information Retrieval support pattern matching or wildcards? For example, would it be possible to create rules that block URLs like "object-storage.example[.]org/malicious-user/*"?
-
Regarding enterprise use cases: While I understand URL filtering uses Private Information Retrieval to enhance user privacy, enterprise security teams often need visibility into network traffic for security monitoring and incident response. Are there supported approaches for enterprises to monitor HTTPS URLs?
Any insights or clarification would be greatly appreciated.
Shay
1. Can URL Filter be implemented within a macOS System Extension?
I believe that’s the case, but I’m working to nail down the details. Once I do, I’ll update TN3134 accordingly.
2. … Is this functionality supported in the simulator environment?
No. In general you have to test NE providers on a real device, and URL Filter providers are no exception.
3. Does Keyword Private Information Retrieval support pattern matching or wildcards? For example, would it be possible to create rules that block URLs like "object-storage.example[.]org/malicious-user/*"?
Not specifically, but there is some fuzzy matching. For example, if an app fetches https://www.example.com/somepath?query=user1, NE will run the following through the filter:
https://example.comhttps://www.example.comhttps://example.com/somepathhttps://www.example.com/somepathhttps://example.com/somepath?query=user1https://www.example.com/somepath?query=user1
If you need more than that, please file an enhancement request with the details. The NE team is very interested in learning more about real world use cases so that they can take them into account as they envolve this feature.
Please post your bug number, just for the record.
4. … Are there supported approaches for enterprises to monitor HTTPS URLs?
No. Again, this would make a fine enhancement request.
Keep in mind that URL Filter was specifically designed with consumer privacy in mind. Any sort of reporting feature will either need to support that goal or be specifically limited to managed environments or supervised devices.
Again, if you file this ER, please do post its bug number.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"