Blocked Access to iPhone/iPad App Store (Squid3, squidGuard-Develop, & ClamD)
-
did you end up solving the issue?
i am having the same issue.i needed to turn off squid to have access to itunes
-
Unfortunately, I have not. I believe I have narrowed it down to the C-ICAP inteface for squiclamav as being the culprit creating the issue. I removed squid & squidguard, manually deleted the folders & then reinstalled it. Squid worked fine with the Apple Store, until I configured the Antivirus section & turned it on. After squidclamav went live, apple store stopped working again. The ACL whitelist does not appear to have any affect either.
Anyone out there have any thoughts on this?
-
i have fixed the issue on my system by using the websites ip address in lieu of the websites names.
added
54.214.28.210; 17.158.28.83; 17.172.116.74; 17.172.116.75; 17.158.10.52; 17.172.116.36; 17.154.66.156; 23.9.237.102; 150.101.152.240; 17.173.255.108; 17.167.138.24; 150.101.98.211; 150.101.98.200; 150.101.98.226; 150.101.98.211; 150.101.98.234; 150.101.213.173; 150.101.98.211; 17.151.36.30; 17.142.160.7; 208.72.242.165; 173.192.76.134; 66.235.139.206; 150.101.96.224; 150.101.96.232; 17.154.66.11; 69.54.181.89; 17.111.65.223; 23.37.139.27; 23.37.139.27; 150.101.98.200; 23.7.18.217; 17.151.36.30; 17.149.240.70; 151.101.152.219; 150.101.152.234; 17.154.66.38;
to both
Bypass proxy for these source IPs and Bypass proxy for these destination IPslet me know if this was useful
-
this is only working halve the time i must be missing more ip address does anyone have a complete list
-
Did u try adding the itunes.apple.com or apple.com to the "Target Categories" in the squidguard and then white-listing that on "Group-ACL's."
-
Hey, what's up, I read that you were looking for a complete ip ranges of Apple, in this case of iTunes. I obtained the following ranges with the help of a tool in linux, whois:
17.0.0.0/8
192.35.50.0/24
198.183.17.0/24
198.183.16.0/24
204.179.120.0/24
204.79.190.0/24
205.180.175.0/24
209.144.162.0/24Actually, I used the ranges above to block the access from a LAN to the App Store. The users are available to search for apps but they're not able to download them. It works. You can use them to allow the access, just establishing in the rule "Pass" instead of "Block".
I hope this post help someone. Regards.
-
Hello everyone
I have the same problem, but nothing of the solution above works for me. :'(My system is a Pfsense Release 2.2.5 with a squid3 transparent proxy and squid guard on the latest PFsense Version
At this time I have Antivirus on squidgard disabled.
Has anyone a solution?
thx, Andre
-
Now i found a solution
when i put "akamaihd.net" in the "Bypass Proxy for These Destination IPs" field, then it works…
Hope this works for you, too. :)
-
Hey guys,
I added "akamaihd.net" in the bypass proxy in Squid. This also did the trick for me. Now it is nice it works but i want to understand why !
Greets,
HJ
-
I added "akamaihd.net" in the bypass proxy in Squid. This also did the trick for me. Now it is nice it works but i want to understand why !
by adding an adress that doesnt resolve to an IP you've effectively DISABLED squid passthrough.
check outpfctl -snoutput before and after the change ;)
-
Hi, can someone confirm which addresses we need to allow?
is it just
akamaihd.netor is it the above plus the following
17.0.0.0/8 192.35.50.0/24 198.183.17.0/24 198.183.16.0/24 204.179.120.0/24 204.79.190.0/24 205.180.175.0/24 209.144.162.0/24or is it the above 2 plus the following
54.214.28.210; 17.158.28.83; 17.172.116.74; 17.172.116.75; 17.158.10.52; 17.172.116.36; 17.154.66.156; 23.9.237.102; 150.101.152.240; 17.173.255.108; 17.167.138.24; 150.101.98.211; 150.101.98.200; 150.101.98.226; 150.101.98.211; 150.101.98.234; 150.101.213.173; 150.101.98.211; 17.151.36.30; 17.142.160.7; 208.72.242.165; 173.192.76.134; 66.235.139.206; 150.101.96.224; 150.101.96.232; 17.154.66.11; 69.54.181.89; 17.111.65.223; 23.37.139.27; 23.37.139.27; 150.101.98.200; 23.7.18.217; 17.151.36.30; 17.149.240.70; 151.101.152.219; 150.101.152.234; 17.154.66.38;Or is it the above 3 plus the OP.
Very confused here.
-
show advanced options
url_rewrite_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf;url_rewrite_children 16 startup=8 idle=4 concurrency=0and deleted
url_rewrite_bypass off; -
If using a non transparent proxy keep in mind that with android and IOS that not all apps will use the proxy and need to use port 80 and 443. So an exception for mobile devices needs to be made in the firewall if port 80 and 443 is blocked.
-
url_rewrite_bypass off;how can i remove this code from squid permanently when rebooted pfsense my settings cleaning.