Https filtering - iTunes, iPhones?
-
I have implemented the https filtering tutorial as found here https://docs.diladele.com/tutorials/filtering_https_traffic_squid_pfsense/
I have gotten everything to work EXCEPT for itunes, icloud, and my iphones and ipad.
I have tried the iphones both with and without putting the proxy in the general settings for the wifi. I have added the websites for iOS, macOS, etc. that apple gives. https://support.apple.com/en-us/HT201999 But I am still unable to reach the iTunes store or to update any apps on our iphones.
I am sure I am not the first person to experience this problem, but I haven’t been able to find any solutions online. Can anyone please help me with this problem?
Thanks.
-
The apple products (and most mobile ones) use so called SSL pinning when application refuses to accept any other HTTPS certificate except the one known to it,
See https://docs.diladele.com/faq/squid/sslbump_exlusions/apple_app_store.htmlHope it helps.
(here in the test lab I had to add .mzstatic to make the iTunes work though proxy). -
I found that adding
apple.com
icloud.com
mzstatic.comto the whitelist at Services>Squid Proxy Server>ACLs seems to work for me (in addition to the FAQ from diladele from sichent above, if you are using the Diladele Web Safety.)