URL Restrictions

There are three types of restrictions that can be applied to URLs:

list: To control whether a directory listing is allowed.
open: To control whether certain URLs can be opened
Redirect: To control whether one URL can open another URL, either automatically or via a hyperlink.

Rules are checked in the order in which they are defined. The last rule that is applicable to a URL defines whether the URL may be accessed.

The following rules disable opening http and https URLs outside .ourcompany.com:

[KDE URL Restrictions]
rule_count=2
rule_1=open,,,,http,,,false
rule_2=open,,,,http,*.ourcompany.com,,true

	The first four commas skip over the selection criteria with respect to the originating URL. This part is only needed with redirect type rules.
	`rule_1` forbids the opening of any http or https URL
	`rule_2` allows the opening of any http and https URL in the `.ourcompany.com` domain. Note the wildcard * is only allowed at the start of a domain.

The following rules makes that the user can no longer browse directories on the local file system that are outside his $HOME directory:

[KDE URL Restrictions]
rule_count=2
rule_1=list,,,,file,,,false
rule_2=list,,,,file,,$HOME,true

	`rule_1` forbids the listing of any local directory
	`rule_2` allows listing directories under the users own $`HOME` directory.

$HOME and $TMP are special values to indicate the users home directory and the KDE temporary directory of the user, e.g. /tmp/kde-bastian

The following rules makes that the user can no longer open local files that are outside his $HOME directory:

[KDE URL Restrictions]
rule_count=3
rule_1=open,,,,file,,,false
rule_2=open,,,,file,,$HOME,true
rule_3=open,,,,file,,$TMP,true

	`rule_1` forbids the opening of any local file
	`rule_2` allows opening files under the users own $`HOME` directory.
	`rule_3` allows opening files in the KDE temporary directory of the user. This is needed by certain KDE applications that first download a file or document to the temporary directory and then open it in an application.

The redirection option controls whether documents from a certain location can refer, either automatically or manually via a hyperlink, to a certain other location. A set of default rules is present as a general security measure. For example documents located on the Internet may not refer to locally stored documents.

For example, if we want to give the intranet-server www.mycompany.com the possibility to refer to local files we could add the following rule:

[KDE URL Restrictions]
rule_count=1
rule_1=redirect,http,www.mycompany.com,,file,,,true

Instead of listing a protocol by name, it is also possible to specify a whole group of protocols. For that the following groups have been defined:

:local: Protocols that access locally stored information, examples are file:/, man:/, fonts:/, floppy:/
:internet: Common internet protocols such as http and ftp

Information about protocols is stored in *.protocol files stored in $KDEDIR/share/services.

The Class= entry defines the group a protocol is part of: grep Class= $KDEDIR/share/services/*.protocol

General rules:

The :local protocols may refer to any other protocol
It's always allowed to refer to an :internet protocol
Not all protocols are part of a group, fish:/ for example.