Solution: Squid Transparent Proxy and Apple App Stores OSX & iOS Problems



  • I was having issues with our Squid Transparent Proxy and the Apple App stores for OSX and iOS. I found a few posts on this forum (https://forum.pfsense.org/index.php?topic=90908.0) but none of them fixed my issue. I have to give credit to another post (http://www.enterpriseios.com/forum/topic/Apple_Firewall_Issues#comment-15997) for help with this. Additionally I used NTOP to find hostnames while downloading outside the proxy. I would highly recommend this as a way of finding hostnames if the ones below don't work. Here is what I did:

    Got a list of hostnames I would need. This is tricky because Apple uses its own servers along with offloading to Edgesuite and Akami networks. Thus, for every hostname you get you need to NSLOOKUP on it and copy all the variations. This is important because some of the are geolocated and will be based on your country. Here is a list of host names to NSLOOKUP and add to your list of host names:

    albert.apple.com
    ax.itunes.apple.com
    buy.itunes.com
    deimos.apple.com
    gs.apple.com
    itunes.apple.com
    metrics.apple.com
    ocsp.apple.com
    phobos.apple.com
    su.itunes.apple.com
    ax.su.itunesapple.com
    osxapps.itunes.apple.com
    

    I then added all the above hostnames along with their NSLOOKUP hostnames into an Alias. After which I went to "Proxy server: General Settings" and added the Alias to: "Bypass proxy for these destination IPs". This has worked great so far for us.

    Hope this helps someone.


Log in to reply