Administration Guide

Local Navigation

Restricting user access to content on web servers

You can prevent users from accessing specific web servers using the BlackBerry® Browser or applications on their BlackBerry devices. To specify the web servers that you want users to access, you can turn on pull authorization to restrict access to all types of web content, and create pull rules to specify a list of web servers that you permit users to access. Alternatively, you can create pull rules that specify a list of restricted web servers.

Restrict requests for content on web servers from BlackBerry devices

Turn on pull authorization for a BlackBerry® MDS Connection Service to restrict the web addresses that users assigned to that BlackBerry MDS Connection Service can request when the users connect to the Internet or to your organization's intranet from their BlackBerry devices.
  1. In the BlackBerry Administration Service, in the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > MDS Connection Service.
  2. Click the instance that you want to change.
  3. Click Edit instance.
  4. In the Access control section, in the Pull authorization drop-down list, click Yes.
  5. Click Save all.
Users cannot access web content on their BlackBerry devices until you permit the users to access specific web servers using pull rules.
After you finish: To permit users to access specific web servers, specify allowed web address patterns and assign the web address patterns to a pull rule, and assign the pull rule to a user account or group.

Specify web address patterns

You can create pull rules that specify which web address patterns users can and cannot use to access web servers from the BlackBerry® Browser and other applications on their BlackBerry devices. To create a pull rule, you must first specify web address patterns (for example, specify addresses with domains that are allowed). You can assign the web address patterns to a pull rule that you create, and specify whether access to web servers that match the web address patterns is permitted or restricted on BlackBerry devices. After you create a pull rule, you must assign it to user accounts or groups.

A web site that uses DNS load balancing returns a single IP address to the BlackBerry MDS Connection Service but might use multiple IP addresses to provide access to the web site. As a result, the BlackBerry MDS Connection Service might not be able to restrict BlackBerry devices from accessing the web site.

  1. In the BlackBerry Administration Service, in the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view.
  2. Click MDS Connection Service.
  3. Click Edit component.
  4. On the Pull URL patterns tab, in the appropriate protocol section, type the web address pattern of a web server that you want to control access to. The web address patterns are based on Java® regular expressions (for example, .*\..*domain.*).
  5. Click the Add icon.
  6. Click Save all.
After you finish: Create web address patterns for each web server that you want to permit users to access. Create a pull rule that permits users to access the web servers that match the web address patterns.

Create a pull rule

  1. In the BlackBerry® Administration Service, in the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view.
  2. Click MDS Connection Service.
  3. Click Edit component.
  4. On the Access control rules tab, in the Rule name field, type a name for the pull rule.
  5. In the Control type drop-down list, click Pull.
  6. Click the Add icon.
  7. Click Save all.
After you finish: Restrict or permit web address patterns using a pull rule.

Restrict or permit web address patterns using a pull rule

Before you begin: Create a pull rule.
  1. In the BlackBerry® Administration Service, in the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view.
  2. Click MDS Connection Service.
  3. Click Edit component.
  4. On the Access control rules tab, click the Edit icon for a pull rule.
  5. In the URL pattern group drop-down list, click the URL pattern group of the web address pattern that you want to assign to the pull rule.
  6. In the URL pattern drop-down list, click the web address pattern that you want to assign to the pull rule.
  7. In the Allowed drop-down list, perform one of the following actions:
    • To prevent users from accessing web servers that match the specified web address pattern, click Deny.
    • To permit users to access web servers that match the specified web address pattern, click Allow.
  8. Click the Add icon.
  9. Repeat steps 5 to 8 for each web address pattern that you want to assign to the pull rule.
  10. Click Save all.
After you finish: Assign the pull rule to a group or user account.

Assign a pull rule to the members of a group

Before you begin: Create a pull rule. Assign web address patterns to the pull rule.
  1. In the BlackBerry® Administration Service, in the BlackBerry solution management menu, expand User.
  2. Click Manage users.
  3. Click Advanced search.
  4. Search for a group.
  5. Click Manage multiple users.
  6. Select all users.
  7. In the Add to user configuration list, click Add pull rule.
  8. In the Available pull rules list, click a pull rule.
  9. Click Add.
  10. Click Save.

Assign a pull rule to user accounts

Before you begin: Create a pull rule. Assign web address patterns to the pull rule.
  1. In the BlackBerry® Administration Service, in the BlackBerry solution management menu, expand User.
  2. Click Manage users.
  3. Search for one or more user accounts.
  4. Click Manage multiple users.
  5. Select the appropriate user accounts.
  6. In the Add to user configuration list, click Add pull rule.
  7. In the Available pull rules list, click a pull rule.
  8. Click Add.
  9. Click Save.

Was this information helpful? Send us your comments.