AWS cli documentation change
Summary
Added new '--web-content-filtering-policy' parameter to configure URL/category-based web access restrictions for enhanced security
Security assessment
The change introduces documentation for a new security feature allowing administrators to block categories like hacking, illegal software, and malicious domains. While this enhances security controls, there is no evidence it addresses a specific existing vulnerability.
Diff
diff --git a/cli/latest/reference/workspaces-web/update-browser-settings.md b/cli/latest/reference/workspaces-web/update-browser-settings.md index abd9511a5..03fd06af4 100644 --- a//cli/latest/reference/workspaces-web/update-browser-settings.md +++ b//cli/latest/reference/workspaces-web/update-browser-settings.md @@ -15 +15 @@ - * [AWS CLI 2.31.35 Command Reference](../../index.html) » + * [AWS CLI 2.31.37 Command Reference](../../index.html) » @@ -69,0 +70 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/worksp + [--web-content-filtering-policy <value>] @@ -130,0 +132,103 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/worksp +`--web-content-filtering-policy` (structure) + +> The policy that specifies which URLs end users are allowed to access or which URLs or domain categories they are restricted from accessing for enhanced security. +> +> blockedCategories -> (list) +> +>> Categories of websites that are blocked on the end user’s browsers. +>> +>> Constraints: +>> +>> * min: `1` +>> * max: `100` +>> + +>> +>> (string) +>> +>>> Possible values: +>>> +>>> * `Cults` +>>> * `Gambling` +>>> * `Nudity` +>>> * `Pornography` +>>> * `SexEducation` +>>> * `Tasteless` +>>> * `Violence` +>>> * `DownloadSites` +>>> * `ImageSharing` +>>> * `PeerToPeer` +>>> * `StreamingMediaAndDownloads` +>>> * `GenerativeAI` +>>> * `CriminalActivity` +>>> * `Hacking` +>>> * `HateAndIntolerance` +>>> * `IllegalDrug` +>>> * `IllegalSoftware` +>>> * `SchoolCheating` +>>> * `SelfHarm` +>>> * `Weapons` +>>> * `Chat` +>>> * `Games` +>>> * `InstantMessaging` +>>> * `ProfessionalNetwork` +>>> * `SocialNetworking` +>>> * `WebBasedEmail` +>>> * `ParkedDomains` +>>> + +> +> allowedUrls -> (list) +> +>> URLs and domains that are always accessible to end users. +>> +>> Constraints: +>> +>> * min: `1` +>> * max: `1000` +>> + +>> +>> (string) +>> +>>> Constraints: +>>> +>>> * pattern: `((([a-zA-Z][a-zA-Z0-9+.-]*):\/\/(\*|[\w%._\-\+~#=@]+)?(\/[^@\s]*)?(?:\?([^*\s]+(?:\*?)))?)|(\*|[\w%._\-\+~#=@]+\.[\w%._\-\+~#=@]+)(?::(\d{1,5}))?(\/[^@\s]*)?(?:\?([^*\s]+(?:\*?)))?|(([a-zA-Z][a-zA-Z0-9+.-]*):(\/\/)?\*))` +>>> + +> +> blockedUrls -> (list) +> +>> URLs and domains that end users cannot access. +>> +>> Constraints: +>> +>> * min: `1` +>> * max: `1000` +>> + +>> +>> (string) +>> +>>> Constraints: +>>> +>>> * pattern: `((([a-zA-Z][a-zA-Z0-9+.-]*):\/\/(\*|[\w%._\-\+~#=@]+)?(\/[^@\s]*)?(?:\?([^*\s]+(?:\*?)))?)|(\*|[\w%._\-\+~#=@]+\.[\w%._\-\+~#=@]+)(?::(\d{1,5}))?(\/[^@\s]*)?(?:\?([^*\s]+(?:\*?)))?|(([a-zA-Z][a-zA-Z0-9+.-]*):(\/\/)?\*))` +>>> + + +Shorthand Syntax: + + + blockedCategories=string,string,allowedUrls=string,string,blockedUrls=string,string + + +JSON Syntax: + + + { + "blockedCategories": ["Cults"|"Gambling"|"Nudity"|"Pornography"|"SexEducation"|"Tasteless"|"Violence"|"DownloadSites"|"ImageSharing"|"PeerToPeer"|"StreamingMediaAndDownloads"|"GenerativeAI"|"CriminalActivity"|"Hacking"|"HateAndIntolerance"|"IllegalDrug"|"IllegalSoftware"|"SchoolCheating"|"SelfHarm"|"Weapons"|"Chat"|"Games"|"InstantMessaging"|"ProfessionalNetwork"|"SocialNetworking"|"WebBasedEmail"|"ParkedDomains", ...], + "allowedUrls": ["string", ...], + "blockedUrls": ["string", ...] + } + + @@ -306,0 +411,87 @@ browserSettings -> (structure) +> +> webContentFilteringPolicy -> (structure) +> +>> The policy that specifies which URLs end users are allowed to access or which URLs or domain categories they are restricted from accessing for enhanced security. +>> +>> blockedCategories -> (list) +>> +>>> Categories of websites that are blocked on the end user’s browsers. +>>> +>>> Constraints: +>>> +>>> * min: `1` +>>> * max: `100` +>>> + +>>> +>>> (string) +>>> +>>>> Possible values: +>>>> +>>>> * `Cults` +>>>> * `Gambling` +>>>> * `Nudity` +>>>> * `Pornography` +>>>> * `SexEducation` +>>>> * `Tasteless` +>>>> * `Violence` +>>>> * `DownloadSites` +>>>> * `ImageSharing` +>>>> * `PeerToPeer` +>>>> * `StreamingMediaAndDownloads` +>>>> * `GenerativeAI` +>>>> * `CriminalActivity` +>>>> * `Hacking` +>>>> * `HateAndIntolerance` +>>>> * `IllegalDrug` +>>>> * `IllegalSoftware` +>>>> * `SchoolCheating` +>>>> * `SelfHarm` +>>>> * `Weapons` +>>>> * `Chat` +>>>> * `Games` +>>>> * `InstantMessaging` +>>>> * `ProfessionalNetwork` +>>>> * `SocialNetworking` +>>>> * `WebBasedEmail` +>>>> * `ParkedDomains` +>>>> + +>> +>> allowedUrls -> (list) +>> +>>> URLs and domains that are always accessible to end users. +>>> +>>> Constraints: +>>> +>>> * min: `1` +>>> * max: `1000` +>>> + +>>> +>>> (string) +>>> +>>>> Constraints: +>>>> +>>>> * pattern: `((([a-zA-Z][a-zA-Z0-9+.-]*):\/\/(\*|[\w%._\-\+~#=@]+)?(\/[^@\s]*)?(?:\?([^*\s]+(?:\*?)))?)|(\*|[\w%._\-\+~#=@]+\.[\w%._\-\+~#=@]+)(?::(\d{1,5}))?(\/[^@\s]*)?(?:\?([^*\s]+(?:\*?)))?|(([a-zA-Z][a-zA-Z0-9+.-]*):(\/\/)?\*))` +>>>> + +>> +>> blockedUrls -> (list) +>> +>>> URLs and domains that end users cannot access. +>>> +>>> Constraints: +>>> +>>> * min: `1` +>>> * max: `1000` +>>> + +>>> +>>> (string) +>>> +>>>> Constraints: +>>>> +>>>> * pattern: `((([a-zA-Z][a-zA-Z0-9+.-]*):\/\/(\*|[\w%._\-\+~#=@]+)?(\/[^@\s]*)?(?:\?([^*\s]+(?:\*?)))?)|(\*|[\w%._\-\+~#=@]+\.[\w%._\-\+~#=@]+)(?::(\d{1,5}))?(\/[^@\s]*)?(?:\?([^*\s]+(?:\*?)))?|(([a-zA-Z][a-zA-Z0-9+.-]*):(\/\/)?\*))` +>>>>