Content filter providers
Create an on-device network content filter.
Overview
An on-device network content filter examines user network content as it passes through the network stack and determines if it should block that content or allow it to pass on to its final destination. You might create a content filter and sell it to organizations, like schools and businesses, that want to prevent users from accessing specific Internet content.
A content filter consists of two providers that work in close cooperation:
A filter data provider receives user network content and examines that content to determine whether to block or allow it.
A filter control provider passes configuration information to the filter data provider to allow that provider to do its job.
This separation exists to guarantee user privacy. The filter data provider runs in a very restrictive sandbox that prevents user network content from escaping that provider. The filter control provider has a less restrictive sandbox but doesn’t have access to user network content. By combining these providers, your content filter has access to the network but can’t use that access to export user network content.
For example, your filter control provider might download a set of filtering rules and save them to a shared app group. Your filter data provider has read-only access to that app group, allowing it use those rules to filter content but still preventing it from exporting user network content.
For detailed information about content filter provider deployment options, see TN3134: Network Extension provider deployment.
Topics
Essentials
Data and control providers
Flow handling
NEFilterFlowNEFilterBrowserFlowNEFilterSocketFlowNEFilterNewFlowVerdictNEFilterDataVerdictNEFilterControlVerdictNEFilterRemediationVerdictNEFilterVerdictNEFilterReport