Getting a basic URL Filter to work

App & System Services Networking
KayleeSC OP
Created Jul ’25
Replies 38
Boosts 1
Views 3.1k
Participants 8

I haven’t been able to get this to work at any level! I’m running into multiple issues, any light shed on any of these would be nice:

  1. I can’t implement a bloom filter that produces the same output as can be found in the SimpleURLFilter sample project, after following the textual description of it that’s available in the documentation. No clue what my implementation is doing wrong, and because of the nature of hashing, there is no way to know. Specifically:
    1. The web is full of implementations of FNV-1a and MurmurHash3, and they all produce different hashes for the same input. Can we get the proper hashes for some sample strings, so we know which is the “correct” one?
    2. Similarly, different implementations use different encodings for the strings to hash. Which should we use here?
    3. The formulas for numberOfBits and numberOfHashes give Doubles and assign them to Ints. It seems we should do this conversing by rounding them, is this correct?
    4. Can we get a sample correct value for the combined hash, so we can verify our implementations against it?
    5. Or ignoring all of the above, can we have the actual code instead of a textual description of it? 😓
  2. I managed to get Settings to register my first attempt at this extension in beta 1. Now, in beta 2, any other project (including the sample code) will redirect to Settings, show the Allow/Deny message box, I tap Allow, and then nothing happens. This must be a bug, right?
  3. Whenever I try to enable the only extension that Settings accepted (by setting its isEnabled to true), its status goes to .stopped and the error is, of course, .unknown. How do I debug this?
  4. While the extension is .stopped, ALL URL LOADS are blocked on the device. Is this to be expected? (shouldFailClosed is set to false)
  5. Is there any way to manually reload the bloom filter? My app ships blocklist updates with background push, so it would be wasteful to fetch the filter at a fixed interval. If so, can we opt out of the periodic fetch altogether?
  6. I initially believed the API to be near useless because I didn’t know of its “fuzzy matching” capabilities, which I’ve discovered by accident in a forum post. It’d be nice if those were documented somewhere!

Thanks!!

Replies  38
Boosts  1
Views  3.1k
Participants  8
KayleeSC OP
Jan ’26

Wow, a) I’d assumed they’d tell me something if I was approved, and b) I cannot believe I got the configuration right on the first try without being able to test 😅

0
DTS Engineer OP
Apple
Jan ’26
I’d assumed they’d tell me something if I was approved

Indeed. We’re still working out the kinks in this process.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
beacham OP
5d

It's mid February and I am trying to upload an app (just to TestFlight) with a url-content-filter. I am getting the same error:

Your application bundle's signature contains code signing entitlements that are not supported on iOS. Specifically, value 'url-filter-provider' for key 'com.apple.developer.networking.networkextension'

Is this just still not available? How do we proceed with using this entitlement?

0
beacham OP
5d

@DTS Engineer It's mid February and I am trying to upload an app (just to TestFlight) with a url-content-filter. I am getting the same error: Your application bundle's signature contains code signing entitlements that are not supported on iOS. Specifically, value 'url-filter-provider' for key 'com.apple.developer.networking.networkextension' Is this just still not available? How do we proceed with using this entitlement?

0
beacham OP
5d

I figured this out I think:

  26 -    <string>com.apple.networkextension.url-filter            
     --control</string>                                        
  26 +    <string>com.apple.networkextension.url-filter            
     +</string>
0
DTS Engineer OP
Apple
3d

The correct value to put in the entitlement is url-filter-provider. Annoyingly, this hasn’t yet made it to the documentation (r. 164079609) but Xcode’s Signing & Capabilities editor does the right thing.

Regarding KayleeSC’s bug about app submission (FB19582905) I continue to monitor that internally, but I’ve nothing concrete about its status other than that it remains un-fixed )-:

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
krpaul OP
3d

@KayleeSC How did you get the bloomFilter hash correct? I followed your process from earlier in this thread. I used the MurmurHash3 swift library, but the standard FNV-1a implementation instead of the inverted order of operations you suggested. (An apple dev told me to do it this way)

The hash this produces still isn't blocking sites for me.

Is this the hash you got for the 10 example websites in the starter code? UzDsxTWvY7Y/grhkQS1KZe8SslPAGOFK

0
KayleeSC OP
2d

@DTS Engineer I think that was the EXExtensionPointIdentifier in the info.plist of the URL FIlter, not entitlements.

@beacham haven’t had a chance to try this, but wouldn’t changing the extension point identifier prevent the extension from being recognized at all? Like, can you upload the app to TestFlight and have the extension function?

0
Getting a basic URL Filter to work
First post date Last post date
 
 
Q