+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 19
General Chat Thread, iTunes blocked in General; Good morning all, The network I inherited has iTunes blocked, i have added a few URL's to the unfiltered list ...
  1. #1

    Join Date
    Sep 2012
    Location
    Staffordshire
    Posts
    111
    Thank Post
    31
    Thanked 15 Times in 9 Posts
    Rep Power
    15

    iTunes blocked

    Good morning all,

    The network I inherited has iTunes blocked, i have added a few URL's to the unfiltered list but this doesnt seem to have helped. Apparently it used to work but doesnt now.

    Does anyone have an idea how I can get this working? We have some iPads that need setting up and apps installing.

    Thanks

  2. #2

    jinnantonnixx's Avatar
    Join Date
    Mar 2011
    Location
    In the Calamatorium.
    Posts
    1,826
    Thank Post
    104
    Thanked 449 Times in 308 Posts
    Blog Entries
    2
    Rep Power
    262
    I use Squid on Linux, but here are my user-agent headers which need to go through:
    iTunes oscpd QuickTime GCSL GCSP InetURL/1.0 AppleCoreMedia

    Here' are the URLs
    .apple.com .gcsp.cddbp.net .icloud.com ax.phobos.apple.com.edgesuite.net .mzstatic.com .verisign.com
    Last edited by jinnantonnixx; 8th February 2013 at 09:11 AM.

  3. Thanks to jinnantonnixx from:

    One_Minute_Hero (8th February 2013)

  4. #3
    Tsonga's Avatar
    Join Date
    Oct 2012
    Location
    Dorset
    Posts
    151
    Thank Post
    8
    Thanked 19 Times in 16 Posts
    Rep Power
    7
    What filtering system do you use?

    If its smoothie they have an entire content category just for itunes, they have many many urls.

  5. Thanks to Tsonga from:

    One_Minute_Hero (8th February 2013)

  6. #4

    X-13's Avatar
    Join Date
    Jan 2011
    Location
    /dev/null
    Posts
    8,004
    Thank Post
    508
    Thanked 1,591 Times in 1,122 Posts
    Blog Entries
    19
    Rep Power
    700
    Quote Originally Posted by One_Minute_Hero View Post
    Apparently it used to work but doesnt now.
    Used to work or "Used to work"?

    There's a difference.

  7. #5

    Join Date
    Sep 2012
    Location
    Staffordshire
    Posts
    111
    Thank Post
    31
    Thanked 15 Times in 9 Posts
    Rep Power
    15
    cheers

    just testing the domains that @jinnantonnixx suggested it seems that OPENDNS is blocking them. just waiting the 3 mins now.

    also we are using smoothwall and will checkout the category for them, cheers @Tsonga

  8. #6

    Join Date
    Sep 2012
    Location
    Staffordshire
    Posts
    111
    Thank Post
    31
    Thanked 15 Times in 9 Posts
    Rep Power
    15
    Getting there now. I can browser iTunes on the iPad now just cant download apps still get the "Cannot connect to iTunes store"

  9. #7

    jinnantonnixx's Avatar
    Join Date
    Mar 2011
    Location
    In the Calamatorium.
    Posts
    1,826
    Thank Post
    104
    Thanked 449 Times in 308 Posts
    Blog Entries
    2
    Rep Power
    262
    iPad apps are OK here. I use ACLs to define the headers and URLs, then use Squid's http_access rules to combine the header ACL with URL ACLs. This works OK.
    On the URLs, have you wild-carded the URLs?

    e.g., in Squid,
    Code:
    .gcsp.cddbp.net
    means
    Code:
    *.gcsp.cddbp.net
    Last edited by jinnantonnixx; 8th February 2013 at 11:15 AM.

  10. #8

    AMLightfoot's Avatar
    Join Date
    Feb 2011
    Location
    Hampshire, England
    Posts
    1,757
    Thank Post
    317
    Thanked 499 Times in 303 Posts
    Rep Power
    228
    If you are using Smoothwall, Please configure the following:

    Browse to Web proxy > Authentication > Exceptions

    Add the following categories to Auth exceptions:

    SSL/CRL
    Software Updates
    Authentication Exceptions
    iTunes

    Save.

    Browse to Guardian > Web Filter > Policy Wizard

    Create a policy with the following conditions:

    Who: Everyone
    What: Authentication Exceptions, SSL/CRL, Software Updates, itunes
    Action: Whitelist
    Where: Everywhere
    When: Always
    Action: Enabled

    Confirm and save this rule.

    Browse to Guardian > Web Filter > Policies

    Move the policy you created up the table until it is above any block or blanket block in place for the group Unauthenticated IPs. You may have this group in a policy folder in position 2 in the table by default if you did not have Unauthenticated IPs allowed to use the web proxy prior to migrating. If this is a fresh install please check whether Unauthenticated IPs is included in the aforementioned policy folder.

    Please then edit the 'Recommended security rules' content modification category group and remove 'IE remote code execution'.

    Save and restart the web proxy.

  11. 2 Thanks to AMLightfoot:

    mwbutler (15th May 2013), One_Minute_Hero (8th February 2013)

  12. #9
    Tsonga's Avatar
    Join Date
    Oct 2012
    Location
    Dorset
    Posts
    151
    Thank Post
    8
    Thanked 19 Times in 16 Posts
    Rep Power
    7
    Quote Originally Posted by AMLightfoot View Post
    If you are using Smoothwall, Please configure the following:

    Browse to Web proxy > Authentication > Exceptions

    Add the following categories to Auth exceptions:

    SSL/CRL
    Software Updates
    Authentication Exceptions
    iTunes

    Save.

    Browse to Guardian > Web Filter > Policy Wizard

    Create a policy with the following conditions:

    Who: Everyone
    What: Authentication Exceptions, SSL/CRL, Software Updates, itunes
    Action: Whitelist
    Where: Everywhere
    When: Always
    Action: Enabled

    Confirm and save this rule.

    Browse to Guardian > Web Filter > Policies

    Move the policy you created up the table until it is above any block or blanket block in place for the group Unauthenticated IPs. You may have this group in a policy folder in position 2 in the table by default if you did not have Unauthenticated IPs allowed to use the web proxy prior to migrating. If this is a fresh install please check whether Unauthenticated IPs is included in the aforementioned policy folder.

    Please then edit the 'Recommended security rules' content modification category group and remove 'IE remote code execution'.

    Save and restart the web proxy.
    That's kinda what I said .

    Kidding, obviously.

  13. #10

    Join Date
    Sep 2012
    Location
    Staffordshire
    Posts
    111
    Thank Post
    31
    Thanked 15 Times in 9 Posts
    Rep Power
    15
    Quote Originally Posted by AMLightfoot View Post
    If you are using Smoothwall, Please configure the following:

    Browse to Web proxy > Authentication > Exceptions

    Add the following categories to Auth exceptions:

    SSL/CRL
    Software Updates
    Authentication Exceptions
    iTunes

    Save.

    Browse to Guardian > Web Filter > Policy Wizard

    Create a policy with the following conditions:

    Who: Everyone
    What: Authentication Exceptions, SSL/CRL, Software Updates, itunes
    Action: Whitelist
    Where: Everywhere
    When: Always
    Action: Enabled

    Confirm and save this rule.

    Browse to Guardian > Web Filter > Policies

    Move the policy you created up the table until it is above any block or blanket block in place for the group Unauthenticated IPs. You may have this group in a policy folder in position 2 in the table by default if you did not have Unauthenticated IPs allowed to use the web proxy prior to migrating. If this is a fresh install please check whether Unauthenticated IPs is included in the aforementioned policy folder.

    Please then edit the 'Recommended security rules' content modification category group and remove 'IE remote code execution'.

    Save and restart the web proxy.
    cheers i have followed this and i am still having the issue with installing app updates

    additionally i have noticed that i can browse the store on my phone but not on an ipad

    edit: btw i moved the policy to the very top to ensure it would work but nada
    Last edited by One_Minute_Hero; 8th February 2013 at 12:30 PM.

  14. #11
    Tsonga's Avatar
    Join Date
    Oct 2012
    Location
    Dorset
    Posts
    151
    Thank Post
    8
    Thanked 19 Times in 16 Posts
    Rep Power
    7
    I think you might need to restart the proxy (not the entire box) to make it work.

    If not, ring 08701 999500. It's what they are there for!

    Edit: I see that Alex actually put that anyway.
    Last edited by Tsonga; 8th February 2013 at 12:36 PM.

  15. #12

    Join Date
    Sep 2012
    Location
    Staffordshire
    Posts
    111
    Thank Post
    31
    Thanked 15 Times in 9 Posts
    Rep Power
    15
    Quote Originally Posted by Tsonga View Post
    I think you might need to restart the proxy (not the entire box) to make it work.

    If not, ring 08701 999500. It's what they are there for!

    Edit: I see that Alex actually put that anyway.
    i did this morning lol, awaiting a call back

    just to test i disabled the openDNS filters for 10 minutes to see if anything was getting blocked there....still same.

  16. #13
    Tsonga's Avatar
    Join Date
    Oct 2012
    Location
    Dorset
    Posts
    151
    Thank Post
    8
    Thanked 19 Times in 16 Posts
    Rep Power
    7
    Yea smoothwall blocks it unless you have it setup right.

    To do a very quick test, use a machine with a static IP (yours?). Add the IP into the exception list (you will need to change to port 801 on LAN settings) and see if it works then. With these settings it allows the machine with that IP to bore a hole straight through smoothwall. This will at least confirm it is smoothwall as the guilty party.

  17. #14

    Join Date
    Apr 2007
    Location
    Bishop's Stortford
    Posts
    15
    Thank Post
    0
    Thanked 3 Times in 3 Posts
    Rep Power
    15
    If I remember correctly I setup a policy in smoothwall to allow itunes and had the same result. Was only when policy was near the top of priorities did it work. Even smoothwall support couldnt say why it needed to be there. Think I have mine 3rd in list just below ntlm exceptions

  18. #15

    Join Date
    Sep 2012
    Location
    Staffordshire
    Posts
    111
    Thank Post
    31
    Thanked 15 Times in 9 Posts
    Rep Power
    15
    Quote Originally Posted by Tsonga View Post
    Yea smoothwall blocks it unless you have it setup right.

    To do a very quick test, use a machine with a static IP (yours?). Add the IP into the exception list (you will need to change to port 801 on LAN settings) and see if it works then. With these settings it allows the machine with that IP to bore a hole straight through smoothwall. This will at least confirm it is smoothwall as the guilty party.
    iTunes seems to be working ok on my PC with the exception

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Forefront TMG and Itunes blocked
    By jembayliss in forum Internet Related/Filtering/Firewall
    Replies: 2
    Last Post: 30th August 2012, 03:52 PM
  2. Allow staff to see a website but block students
    By adamyoung in forum How do you do....it?
    Replies: 9
    Last Post: 7th October 2005, 08:58 AM
  3. Blocking Batch Files using Group Policy in Server 2003
    By markwilliamson2001 in forum Windows
    Replies: 13
    Last Post: 4th October 2005, 05:28 PM
  4. Replies: 0
    Last Post: 26th August 2005, 01:29 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •