+ Post New Thread
Results 1 to 6 of 6
Internet Related/Filtering/Firewall Thread, iPads and filters!! in Technical; Hi Does anyone know what exceptions you have to make to allow ipads to update and download apps etc? I ...
  1. #1

    Join Date
    May 2011
    Location
    United Kingdom
    Posts
    520
    Thank Post
    126
    Thanked 18 Times in 18 Posts
    Rep Power
    11

    iPads and filters!!

    Hi

    Does anyone know what exceptions you have to make to allow ipads to update and download apps etc?

    I have had a look through the forums and added these but still no luck.


    itunes.apple.com
    ax.itunes.apple.com
    ax.init.itunes.apple.com
    albert.apple.com
    gs.apple.com
    ax.phobos.apple.com.edgesuite.net
    mzstatic.com
    apple.com
    evintl-ocsp.verisign.com
    evsecure-ocsp.verisign.com

    Thanks

  2. #2

    jinnantonnixx's Avatar
    Join Date
    Mar 2011
    Location
    In the Calamatorium.
    Posts
    2,017
    Thank Post
    118
    Thanked 512 Times in 346 Posts
    Blog Entries
    2
    Rep Power
    288
    You'll need to add the user agent 'ocspd' direct access. I have a feeling that you'll need to allow the agent 'iTunes' as well, as neither of these provide user credentials when they bang on the door of the proxy. FPITA.
    Last edited by jinnantonnixx; 21st September 2012 at 12:03 PM.

  3. #3

    Join Date
    May 2011
    Location
    United Kingdom
    Posts
    520
    Thank Post
    126
    Thanked 18 Times in 18 Posts
    Rep Power
    11
    Quote Originally Posted by jinnantonnixx View Post
    You'll need to add the user agent 'ocspd' direct access.
    Hi thanks for the reply. Could you elaborate a bit more please.

  4. #4

    jinnantonnixx's Avatar
    Join Date
    Mar 2011
    Location
    In the Calamatorium.
    Posts
    2,017
    Thank Post
    118
    Thanked 512 Times in 346 Posts
    Blog Entries
    2
    Rep Power
    288
    Certainly. When an app talks to the proxy, it provides a user agent, which is normally related to the application. The Mac update service uses the user-agent called 'ocspd'. We know that this doesn't provide credentials to the proxy server (on my Squid servers I get unauthenticated users when the Macs update) so I allow this service out without authentication. I'm not a Mac expert, this is from analysing my Squid logs on my Linux servers. If anybody knows of a better way to get Macs to update through proxies I'm all ears, but this works for me.
    Last edited by jinnantonnixx; 21st September 2012 at 12:09 PM.

  5. Thanks to jinnantonnixx from:

    tj2419 (21st September 2012)

  6. #5

    Join Date
    Sep 2012
    Location
    United Kingdom
    Posts
    95
    Thank Post
    22
    Thanked 4 Times in 4 Posts
    Rep Power
    5
    Quote Originally Posted by jinnantonnixx View Post
    Certainly. When an app talks to the proxy, it provides a user agent, which is normally related to the application. The Mac update service uses the user-agent called 'ocspd'. We know that this doesn't provide credentials to the proxy server (on my Squid servers I get unauthenticated users when the Macs update) so I allow this service out without authentication. I'm not a Mac expert, this is from analysing my Squid logs on my Linux servers. If anybody knows of a better way to get Macs to update through proxies I'm all ears, but this works for me.
    Is this the same with Microsoft TMG 2010? We have a bank of iPads which all pop-up asking about HTTPS authentication, got me thinking if this has anything to do with it?

    Thanks

  7. #6

    jinnantonnixx's Avatar
    Join Date
    Mar 2011
    Location
    In the Calamatorium.
    Posts
    2,017
    Thank Post
    118
    Thanked 512 Times in 346 Posts
    Blog Entries
    2
    Rep Power
    288
    Quote Originally Posted by OhDear View Post
    Is this the same with Microsoft TMG 2010? We have a bank of iPads which all pop-up asking about HTTPS authentication, got me thinking if this has anything to do with it?

    Thanks
    It could be that you have SSL inspection turned on and a certificate problem. Proxies can't peek into encrypted (SSL) traffic, so they create two sessions - one from the client to the proxy (with an internal certificate), the other from the proxy to the target website (with the 'real' certificate). It impersonates the end-point web sites by generating a certificate used within your organisation. You'll have to install this on the Macs. It's effectively a man-in-the-middle attack, but done by your proxy to check your https traffic, albeit with a certificate issued by your organisation. If you don't have this certificate on the machines, you'll get problems.

    This might help.
    Mac OS Clients fail to access SSL Websites after you enable HTTPS Inspection in Forefront TMG 2010 - Forefront TMG Product Team Blog - Site Home - TechNet Blogs
    Last edited by jinnantonnixx; 22nd September 2012 at 12:58 AM.

SHARE:
+ Post New Thread

Similar Threads

  1. IPad and Proxy Problems
    By timbo343 in forum Hardware
    Replies: 9
    Last Post: 28th February 2014, 11:51 AM
  2. Smoothwall iPad and Apps
    By LukeC64 in forum Internet Related/Filtering/Firewall
    Replies: 31
    Last Post: 30th January 2012, 09:20 PM
  3. IPADs and Outlook Calendar
    By marvin in forum Windows
    Replies: 33
    Last Post: 24th June 2011, 11:07 AM
  4. [iPad] iPads and proxies
    By GrumbleDook in forum Netbooks, PDA and Phones
    Replies: 5
    Last Post: 24th November 2010, 03:53 PM
  5. Replies: 2
    Last Post: 25th May 2007, 07:55 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •