+ Post New Thread
Results 1 to 9 of 9
Netbooks, PDA and Phones Thread, Does the itunes app store work behind a proxy in Technical; I'm having a bad day Are Ipads normally able to connect to the App Store in schools behind proxies? Mine ...
  1. #1

    SimpleSi's Avatar
    Join Date
    Jun 2005
    Location
    Lancashire
    Posts
    5,720
    Thank Post
    1,451
    Thanked 580 Times in 434 Posts
    Rep Power
    165

    Does the itunes app store work behind a proxy

    I'm having a bad day
    Are Ipads normally able to connect to the App Store in schools behind proxies?

    Mine wouldn't connect via school wifi (yes - I set the proxy settings in wifi and it browses internet fine using Safarii) so I used my phone as portable hotspot and it connected to the App Store OK.

    I've switched back to school wifi and although I'm not getting cannot connect to itunes msgs now - half the apps are greyed out (as if its using some sort of half-filled cache!)

    regards
    Simon
    PS This is in Lancs CLEO land BTW

  2. #2

    tmcd35's Avatar
    Join Date
    Jul 2005
    Location
    Norfolk
    Posts
    5,243
    Thank Post
    772
    Thanked 804 Times in 670 Posts
    Blog Entries
    9
    Rep Power
    299
    Just double-checked on my iPhone and it's working here. I can browse the app store and I just did a quick update for 1 app to test downloading, all fine. Behind a several proxies.

  3. #3

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    10,691
    Thank Post
    824
    Thanked 2,570 Times in 2,187 Posts
    Blog Entries
    9
    Rep Power
    731
    If I recall correctly it does not work and requires exceptions to prevent needing auth and maybe even transparent proxy:
    3.Test using another network. ◾Connect your computer or device to another network and testing helps determine the next step. This is also helpful if multiple devices are affected.
    ◾If your device can connect to Wi-Fi and a cellular network, larger downloads may not be possible over the cellular network.
    ◾If the issue disappears while connected to another network, you may need to work with your support options to open access to: ◾itunes.apple.com
    ◾ax.itunes.apple.com
    ◾ax.init.itunes.apple.com
    ◾albert.apple.com
    ◾gs.apple.com
    ◾ax.phobos.apple.com.edgesuite.net
    ◾mzstatic.com

    ◾Note: iTunes may use the fully qualified version of these addresses for additional security.

    4.iTunes uses well known ports and these ports may need to be opened for iTunes: 80, 443, 3689, 5297, 5298, 5353, 8000-8999, and 42000-42999.
    iTunes: Advanced iTunes Store troubleshooting

    plus:

    I had a similar experience when blocking "Entertainment - MP3 and Audio Download services" which blocked Apple devices accessing the App Store and iTunes. Allowing the category wasn't an option so we added http://itunes.apple.com and http://phobos.itunes.com under a custom allowed category.

    This got the apple store working but purchases wouldn't go through.

    We're using the Network Agent and blocks were occurring for subnets in 17.X.X.X networks at the time of testing. Supposedly the whole of 17.0.0.0/8 is allocated to Apple. Apple use a whole heap of different addresses on different subnets of that scope so we couldn’t just add each of them as an exception. i.e. https://17.8.25.94:443, https://17.8.79.45:443 etc.

    We ended up using “Recategorize URL” and then “Advanced” to add a Regular Expression of “^https://17\.” (without quotation marks) .This allowed all of 17.0.0.0 as a custom allow category.

    If you want to be more security conscious you can do a “Investigative Report” and use the search for textbox for “Destination IP” of “17.” and maybe track down the main subnets in use. Bear in mind that the running too many Regular Expressions may have a performance impact.

    My logs so far indicate that the Apple stores use ~140 unique ip addresses, on 23 different /24 networks, on 8 different /16 networks.

    If you wanted to go the route of only allowing the smaller subnets such as the 17.149.156.0/24 subnet you’d use a Regular Expression of “^https://17\.149\.156\.” (without quotation marks).

    My limited explanation of this is that the ^ means ‘at the start of the line’. It then matches https://17. Next comes the \, in regular expression use the full stop is a special character so there’s a backslash before it to say ‘the next character should be taken literally’. Then it matches 149, and then another full stop, etc, etc.

    Alternately you can keep checking the logs and put all of the hits you see in the format previously suggested by Susie, https://X.X.X.X:443. You'd have to make sure to keep an eye on this though, if you miss an address or a new server is added then users will have intermittent issues until you add it.
    iTunes Store


    I think I remember Smoothwall having to scramble to add a new category when people started deciding to try and use iPads in schools.


    The exception on the managed provider may not be global so you may have to ask them to enable the hole to allow Apple stuff to through without supervision.
    Last edited by SYNACK; 23rd November 2012 at 11:01 AM.

  4. Thanks to SYNACK from:

    SWICT (28th November 2012)

  5. #4

    SimpleSi's Avatar
    Join Date
    Jun 2005
    Location
    Lancashire
    Posts
    5,720
    Thank Post
    1,451
    Thanked 580 Times in 434 Posts
    Rep Power
    165
    I've come to another school and it works there so must have been something specific to this mornings school
    Simon

  6. #5

    Join Date
    Sep 2012
    Posts
    138
    Thank Post
    4
    Thanked 18 Times in 18 Posts
    Rep Power
    7
    Hi SimpleSi,

    We don't have iPads but our Touches work with the app store when connected to the school proxy connection. I can download apps from the device.

    However, I was having trouble downloading apps from my laptop (connected to the same wifi). I'm having to use Proxomitron to get around the issue that the proxy server is creating.

  7. #6

    sparkeh's Avatar
    Join Date
    May 2007
    Posts
    6,259
    Thank Post
    1,138
    Thanked 1,463 Times in 980 Posts
    Blog Entries
    22
    Rep Power
    457
    Yeah iTunes and proxies are not a happy combination.
    I know from looking into a simlilar problem last week, authenticating proxies are a particular issue.

  8. #7
    Marci's Avatar
    Join Date
    Jun 2008
    Location
    Wakefield, West Yorkshire
    Posts
    842
    Thank Post
    76
    Thanked 225 Times in 185 Posts
    Rep Power
    80
    HTTPS for the AppStore, so down to how the proxy is configured (bearing in mind that iOS only asks for details for HTTP proxy, not HTTPS, thus there is no username / password sent for HTTPS queries until your proxy rejects HTTPS without the auth, thus causing device to prompt for auth, which will be stored for a relatively short amount of time - 20 mins or so)

  9. #8
    zag
    zag is offline
    zag's Avatar
    Join Date
    Mar 2007
    Posts
    3,530
    Thank Post
    815
    Thanked 380 Times in 317 Posts
    Blog Entries
    12
    Rep Power
    80
    Works fine on our sophos proxy

  10. #9

    SimpleSi's Avatar
    Join Date
    Jun 2005
    Location
    Lancashire
    Posts
    5,720
    Thank Post
    1,451
    Thanked 580 Times in 434 Posts
    Rep Power
    165
    Came back to orig non-working school and still not working so I've given county support a call and we'll see what they say.

    Must remember to try it out in all my schools to see if any pattern.

    Simon

SHARE:
+ Post New Thread

Similar Threads

  1. Apps store and itunes through MS TMG
    By ful56_uk in forum Internet Related/Filtering/Firewall
    Replies: 1
    Last Post: 30th March 2012, 12:51 PM
  2. Replies: 6
    Last Post: 8th March 2011, 08:43 AM
  3. iPad's and the App Store
    By karls5 in forum East Midlands Broadband Consortium (EMBC)
    Replies: 22
    Last Post: 12th October 2010, 07:03 PM
  4. How does the system work?
    By Matthewstuart in forum General Chat
    Replies: 21
    Last Post: 15th February 2009, 03:13 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •