AWS Security ChangesHomeSearch

AWS cli documentation change

Service: cli · 2025-11-16 · Documentation medium

File: cli/latest/reference/workspaces-web/update-browser-settings.md

Summary

Added new '--web-content-filtering-policy' parameter to configure URL/category-based web access restrictions for enhanced security

Security assessment

The change introduces documentation for a new security feature allowing administrators to block categories like hacking, illegal software, and malicious domains. While this enhances security controls, there is no evidence it addresses a specific existing vulnerability.

Diff

diff --git a/cli/latest/reference/workspaces-web/update-browser-settings.md b/cli/latest/reference/workspaces-web/update-browser-settings.md
index abd9511a5..03fd06af4 100644
--- a//cli/latest/reference/workspaces-web/update-browser-settings.md
+++ b//cli/latest/reference/workspaces-web/update-browser-settings.md
@@ -15 +15 @@
-  * [AWS CLI 2.31.35 Command Reference](../../index.html) »
+  * [AWS CLI 2.31.37 Command Reference](../../index.html) »
@@ -69,0 +70 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/worksp
+    [--web-content-filtering-policy <value>]
@@ -130,0 +132,103 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/worksp
+`--web-content-filtering-policy` (structure)
+
+> The policy that specifies which URLs end users are allowed to access or which URLs or domain categories they are restricted from accessing for enhanced security.
+> 
+> blockedCategories -> (list)
+>
+>> Categories of websites that are blocked on the end user’s browsers.
+>> 
+>> Constraints:
+>> 
+>>   * min: `1`
+>>   * max: `100`
+>> 
+
+>> 
+>> (string)
+>>
+>>> Possible values:
+>>> 
+>>>   * `Cults`
+>>>   * `Gambling`
+>>>   * `Nudity`
+>>>   * `Pornography`
+>>>   * `SexEducation`
+>>>   * `Tasteless`
+>>>   * `Violence`
+>>>   * `DownloadSites`
+>>>   * `ImageSharing`
+>>>   * `PeerToPeer`
+>>>   * `StreamingMediaAndDownloads`
+>>>   * `GenerativeAI`
+>>>   * `CriminalActivity`
+>>>   * `Hacking`
+>>>   * `HateAndIntolerance`
+>>>   * `IllegalDrug`
+>>>   * `IllegalSoftware`
+>>>   * `SchoolCheating`
+>>>   * `SelfHarm`
+>>>   * `Weapons`
+>>>   * `Chat`
+>>>   * `Games`
+>>>   * `InstantMessaging`
+>>>   * `ProfessionalNetwork`
+>>>   * `SocialNetworking`
+>>>   * `WebBasedEmail`
+>>>   * `ParkedDomains`
+>>> 
+
+> 
+> allowedUrls -> (list)
+>
+>> URLs and domains that are always accessible to end users.
+>> 
+>> Constraints:
+>> 
+>>   * min: `1`
+>>   * max: `1000`
+>> 
+
+>> 
+>> (string)
+>>
+>>> Constraints:
+>>> 
+>>>   * pattern: `((([a-zA-Z][a-zA-Z0-9+.-]*):\/\/(\*|[\w%._\-\+~#=@]+)?(\/[^@\s]*)?(?:\?([^*\s]+(?:\*?)))?)|(\*|[\w%._\-\+~#=@]+\.[\w%._\-\+~#=@]+)(?::(\d{1,5}))?(\/[^@\s]*)?(?:\?([^*\s]+(?:\*?)))?|(([a-zA-Z][a-zA-Z0-9+.-]*):(\/\/)?\*))`
+>>> 
+
+> 
+> blockedUrls -> (list)
+>
+>> URLs and domains that end users cannot access.
+>> 
+>> Constraints:
+>> 
+>>   * min: `1`
+>>   * max: `1000`
+>> 
+
+>> 
+>> (string)
+>>
+>>> Constraints:
+>>> 
+>>>   * pattern: `((([a-zA-Z][a-zA-Z0-9+.-]*):\/\/(\*|[\w%._\-\+~#=@]+)?(\/[^@\s]*)?(?:\?([^*\s]+(?:\*?)))?)|(\*|[\w%._\-\+~#=@]+\.[\w%._\-\+~#=@]+)(?::(\d{1,5}))?(\/[^@\s]*)?(?:\?([^*\s]+(?:\*?)))?|(([a-zA-Z][a-zA-Z0-9+.-]*):(\/\/)?\*))`
+>>> 
+
+
+Shorthand Syntax:
+    
+    
+    blockedCategories=string,string,allowedUrls=string,string,blockedUrls=string,string
+    
+
+JSON Syntax:
+    
+    
+    {
+      "blockedCategories": ["Cults"|"Gambling"|"Nudity"|"Pornography"|"SexEducation"|"Tasteless"|"Violence"|"DownloadSites"|"ImageSharing"|"PeerToPeer"|"StreamingMediaAndDownloads"|"GenerativeAI"|"CriminalActivity"|"Hacking"|"HateAndIntolerance"|"IllegalDrug"|"IllegalSoftware"|"SchoolCheating"|"SelfHarm"|"Weapons"|"Chat"|"Games"|"InstantMessaging"|"ProfessionalNetwork"|"SocialNetworking"|"WebBasedEmail"|"ParkedDomains", ...],
+      "allowedUrls": ["string", ...],
+      "blockedUrls": ["string", ...]
+    }
+    
+
@@ -306,0 +411,87 @@ browserSettings -> (structure)
+> 
+> webContentFilteringPolicy -> (structure)
+>
+>> The policy that specifies which URLs end users are allowed to access or which URLs or domain categories they are restricted from accessing for enhanced security.
+>> 
+>> blockedCategories -> (list)
+>>
+>>> Categories of websites that are blocked on the end user’s browsers.
+>>> 
+>>> Constraints:
+>>> 
+>>>   * min: `1`
+>>>   * max: `100`
+>>> 
+
+>>> 
+>>> (string)
+>>>
+>>>> Possible values:
+>>>> 
+>>>>   * `Cults`
+>>>>   * `Gambling`
+>>>>   * `Nudity`
+>>>>   * `Pornography`
+>>>>   * `SexEducation`
+>>>>   * `Tasteless`
+>>>>   * `Violence`
+>>>>   * `DownloadSites`
+>>>>   * `ImageSharing`
+>>>>   * `PeerToPeer`
+>>>>   * `StreamingMediaAndDownloads`
+>>>>   * `GenerativeAI`
+>>>>   * `CriminalActivity`
+>>>>   * `Hacking`
+>>>>   * `HateAndIntolerance`
+>>>>   * `IllegalDrug`
+>>>>   * `IllegalSoftware`
+>>>>   * `SchoolCheating`
+>>>>   * `SelfHarm`
+>>>>   * `Weapons`
+>>>>   * `Chat`
+>>>>   * `Games`
+>>>>   * `InstantMessaging`
+>>>>   * `ProfessionalNetwork`
+>>>>   * `SocialNetworking`
+>>>>   * `WebBasedEmail`
+>>>>   * `ParkedDomains`
+>>>> 
+
+>> 
+>> allowedUrls -> (list)
+>>
+>>> URLs and domains that are always accessible to end users.
+>>> 
+>>> Constraints:
+>>> 
+>>>   * min: `1`
+>>>   * max: `1000`
+>>> 
+
+>>> 
+>>> (string)
+>>>
+>>>> Constraints:
+>>>> 
+>>>>   * pattern: `((([a-zA-Z][a-zA-Z0-9+.-]*):\/\/(\*|[\w%._\-\+~#=@]+)?(\/[^@\s]*)?(?:\?([^*\s]+(?:\*?)))?)|(\*|[\w%._\-\+~#=@]+\.[\w%._\-\+~#=@]+)(?::(\d{1,5}))?(\/[^@\s]*)?(?:\?([^*\s]+(?:\*?)))?|(([a-zA-Z][a-zA-Z0-9+.-]*):(\/\/)?\*))`
+>>>> 
+
+>> 
+>> blockedUrls -> (list)
+>>
+>>> URLs and domains that end users cannot access.
+>>> 
+>>> Constraints:
+>>> 
+>>>   * min: `1`
+>>>   * max: `1000`
+>>> 
+
+>>> 
+>>> (string)
+>>>
+>>>> Constraints:
+>>>> 
+>>>>   * pattern: `((([a-zA-Z][a-zA-Z0-9+.-]*):\/\/(\*|[\w%._\-\+~#=@]+)?(\/[^@\s]*)?(?:\?([^*\s]+(?:\*?)))?)|(\*|[\w%._\-\+~#=@]+\.[\w%._\-\+~#=@]+)(?::(\d{1,5}))?(\/[^@\s]*)?(?:\?([^*\s]+(?:\*?)))?|(([a-zA-Z][a-zA-Z0-9+.-]*):(\/\/)?\*))`
+>>>>