Blocked Access to iPhone/iPad App Store (Squid3, squidGuard-Develop, & ClamD)

namm

this is only working halve the time i must be missing more ip address does anyone have a complete list

srk3461

Did u try adding the itunes.apple.com or apple.com to the "Target Categories" in the squidguard and then white-listing that on "Group-ACL's."

scorpNapster

Hey, what's up, I read that you were looking for a complete ip ranges of Apple, in this case of iTunes. I obtained the following ranges with the help of a tool in linux, whois:

17.0.0.0/8
192.35.50.0/24
198.183.17.0/24
198.183.16.0/24
204.179.120.0/24
204.79.190.0/24
205.180.175.0/24
209.144.162.0/24

Actually, I used the ranges above to block the access from a LAN to the App Store. The users are available to search for apps but they're not able to download them. It works. You can use them to allow the access, just establishing in the rule "Pass" instead of "Block".

I hope this post help someone. Regards.

Minukanthara

Hello everyone
I have the same problem, but nothing of the solution above works for me. :'(

My system is a Pfsense Release 2.2.5 with a squid3 transparent proxy and squid guard on the latest PFsense Version

At this time I have Antivirus on squidgard disabled.

Has anyone a solution?

thx, Andre

Minukanthara

Now i found a solution

when i put "akamaihd.net" in the  "Bypass Proxy for These Destination IPs" field, then it works…

Hope this works for you, too.  :)

captain1980

Hey guys,

I added "akamaihd.net" in the bypass proxy in Squid. This also did the trick for me. Now it is nice it works but i want to understand why !

Greets,

HJ

biGdada

@captain1980:

I added "akamaihd.net" in the bypass proxy in Squid. This also did the trick for me. Now it is nice it works but i want to understand why !

by adding an adress that doesnt resolve to an IP you've effectively DISABLED squid passthrough.
check out

pfctl -sn

output before and after the change ;)

aGeekhere

Hi, can someone confirm which addresses we need to allow?

is it just

akamaihd.net

or is it the above plus the following

17.0.0.0/8
192.35.50.0/24
198.183.17.0/24
198.183.16.0/24
204.179.120.0/24
204.79.190.0/24
205.180.175.0/24
209.144.162.0/24

or is it the above 2 plus the following

54.214.28.210; 17.158.28.83; 17.172.116.74; 17.172.116.75; 17.158.10.52; 17.172.116.36; 17.154.66.156; 23.9.237.102; 150.101.152.240; 17.173.255.108; 17.167.138.24; 150.101.98.211; 150.101.98.200; 150.101.98.226; 150.101.98.211; 150.101.98.234; 150.101.213.173; 150.101.98.211; 17.151.36.30; 17.142.160.7; 208.72.242.165; 173.192.76.134; 66.235.139.206; 150.101.96.224; 150.101.96.232; 17.154.66.11; 69.54.181.89; 17.111.65.223; 23.37.139.27; 23.37.139.27; 150.101.98.200; 23.7.18.217; 17.151.36.30; 17.149.240.70; 151.101.152.219; 150.101.152.234; 17.154.66.38;

Or is it the above 3 plus the OP.

Very confused here.

kidalabama

show advanced options

url_rewrite_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf;url_rewrite_children 16 startup=8 idle=4 concurrency=0

and deleted

url_rewrite_bypass off;

aGeekhere

If using a non transparent proxy keep in mind that with android and IOS that not all apps will use the proxy and need to use port 80 and 443. So an exception for mobile devices needs to be made in the firewall if port 80 and 443 is blocked.

kidalabama

url_rewrite_bypass off;

how can i remove this code from squid permanently when rebooted pfsense my settings cleaning.