iTunes blocked

[One_Minute_Hero]

Good morning all,

The network I inherited has iTunes blocked, i have added a few URL's to the unfiltered list but this doesnt seem to have helped. Apparently it used to work but doesnt now.

Does anyone have an idea how I can get this working? We have some iPads that need setting up and apps installing.

Thanks

[jinnantonnixx]

I use Squid on Linux, but here are my user-agent headers which need to go through:
iTunes oscpd QuickTime GCSL GCSP InetURL/1.0 AppleCoreMedia

Here' are the URLs
.apple.com .gcsp.cddbp.net .icloud.com ax.phobos.apple.com.edgesuite.net .mzstatic.com .verisign.com

[Tsonga]

What filtering system do you use?

If its smoothie they have an entire content category just for itunes, they have many many urls.

[X-13]

Apparently it used to work but doesnt now.

Used to work or "Used to work"?

There's a difference.

[One_Minute_Hero]

cheers

just testing the domains that @jinnantonnixx suggested it seems that OPENDNS is blocking them. just waiting the 3 mins now.

also we are using smoothwall and will checkout the category for them, cheers @Tsonga

[One_Minute_Hero]

Getting there now. I can browser iTunes on the iPad now just cant download apps still get the "Cannot connect to iTunes store"

[jinnantonnixx]

iPad apps are OK here. I use ACLs to define the headers and URLs, then use Squid's http_access rules to combine the header ACL with URL ACLs. This works OK.
On the URLs, have you wild-carded the URLs?

e.g., in Squid,

Code:

.gcsp.cddbp.net

means

Code:

*.gcsp.cddbp.net

[AMLightfoot]

If you are using Smoothwall, Please configure the following:

Browse to Web proxy > Authentication > Exceptions

Add the following categories to Auth exceptions:

SSL/CRL
Software Updates
Authentication Exceptions
iTunes

Save.

Browse to Guardian > Web Filter > Policy Wizard

Create a policy with the following conditions:

Who: Everyone
What: Authentication Exceptions, SSL/CRL, Software Updates, itunes
Action: Whitelist
Where: Everywhere
When: Always
Action: Enabled

Confirm and save this rule.

Browse to Guardian > Web Filter > Policies

Move the policy you created up the table until it is above any block or blanket block in place for the group Unauthenticated IPs. You may have this group in a policy folder in position 2 in the table by default if you did not have Unauthenticated IPs allowed to use the web proxy prior to migrating. If this is a fresh install please check whether Unauthenticated IPs is included in the aforementioned policy folder.

Please then edit the 'Recommended security rules' content modification category group and remove 'IE remote code execution'.

Save and restart the web proxy.

[Tsonga]

If you are using Smoothwall, Please configure the following:

Browse to Web proxy > Authentication > Exceptions

Add the following categories to Auth exceptions:

SSL/CRL
Software Updates
Authentication Exceptions
iTunes

Save.

Browse to Guardian > Web Filter > Policy Wizard

Create a policy with the following conditions:

Who: Everyone
What: Authentication Exceptions, SSL/CRL, Software Updates, itunes
Action: Whitelist
Where: Everywhere
When: Always
Action: Enabled

Confirm and save this rule.

Browse to Guardian > Web Filter > Policies

Move the policy you created up the table until it is above any block or blanket block in place for the group Unauthenticated IPs. You may have this group in a policy folder in position 2 in the table by default if you did not have Unauthenticated IPs allowed to use the web proxy prior to migrating. If this is a fresh install please check whether Unauthenticated IPs is included in the aforementioned policy folder.

Please then edit the 'Recommended security rules' content modification category group and remove 'IE remote code execution'.

Save and restart the web proxy.

That's kinda what I said .

Kidding, obviously.

[One_Minute_Hero]

If you are using Smoothwall, Please configure the following:

Browse to Web proxy > Authentication > Exceptions

Add the following categories to Auth exceptions:

SSL/CRL
Software Updates
Authentication Exceptions
iTunes

Save.

Browse to Guardian > Web Filter > Policy Wizard

Create a policy with the following conditions:

Who: Everyone
What: Authentication Exceptions, SSL/CRL, Software Updates, itunes
Action: Whitelist
Where: Everywhere
When: Always
Action: Enabled

Confirm and save this rule.

Browse to Guardian > Web Filter > Policies

Move the policy you created up the table until it is above any block or blanket block in place for the group Unauthenticated IPs. You may have this group in a policy folder in position 2 in the table by default if you did not have Unauthenticated IPs allowed to use the web proxy prior to migrating. If this is a fresh install please check whether Unauthenticated IPs is included in the aforementioned policy folder.

Please then edit the 'Recommended security rules' content modification category group and remove 'IE remote code execution'.

Save and restart the web proxy.

cheers i have followed this and i am still having the issue with installing app updates

additionally i have noticed that i can browse the store on my phone but not on an ipad

edit: btw i moved the policy to the very top to ensure it would work but nada

[Tsonga]

I think you might need to restart the proxy (not the entire box) to make it work.

If not, ring 08701 999500. It's what they are there for!

Edit: I see that Alex actually put that anyway.

[One_Minute_Hero]

I think you might need to restart the proxy (not the entire box) to make it work.

If not, ring 08701 999500. It's what they are there for!

Edit: I see that Alex actually put that anyway.

i did this morning lol, awaiting a call back

just to test i disabled the openDNS filters for 10 minutes to see if anything was getting blocked there....still same.

[Tsonga]

Yea smoothwall blocks it unless you have it setup right.

To do a very quick test, use a machine with a static IP (yours?). Add the IP into the exception list (you will need to change to port 801 on LAN settings) and see if it works then. With these settings it allows the machine with that IP to bore a hole straight through smoothwall. This will at least confirm it is smoothwall as the guilty party.

[andyfield]

If I remember correctly I setup a policy in smoothwall to allow itunes and had the same result. Was only when policy was near the top of priorities did it work. Even smoothwall support couldnt say why it needed to be there. Think I have mine 3rd in list just below ntlm exceptions

[One_Minute_Hero]

Yea smoothwall blocks it unless you have it setup right.

To do a very quick test, use a machine with a static IP (yours?). Add the IP into the exception list (you will need to change to port 801 on LAN settings) and see if it works then. With these settings it allows the machine with that IP to bore a hole straight through smoothwall. This will at least confirm it is smoothwall as the guilty party.

iTunes seems to be working ok on my PC with the exception