URLs to unblock in a firewall
What specific URLs should be unblocked in a network firewall for access to the iTunes Store from iOS devices and iTunes software?
A very dated article from 2009 (http://support.apple.com/kb/TS1379) suggests these:
itunes.apple.com
ax.itunes.apple.com
albert.apple.com
gs.apple.com
However, this is NOT an exhaustive list. iTunes Store access still does not work properly, even with these sites unblocked.
Another post here recommends including phobos.apple.com. That still doesn't make everything work.
I've even allowed all apple.com sites, and that also doesn't work. I believe the issue is with the third party content distributors Apple is using, such as Akamai.
Anyone have any better ideas on this, or know how we can get Apple to update their outdated support document on this?
Thanks.
Those domains are still current according to this article updated just last month:
http://support.apple.com/kb/HT3204
If allowing all apple.com sites still isn't working, something's amiss with your firewall. You might try the network diagnostics mentioned in that article and see if that provides any clues.
Regards.
Similar Messages
-
Hi,
Myself and
other Microsoft customers have been experiencing a problem behind our corporate firewalls with accessing Microsoft services (Microsoft.com, most Microsoft Support pages, Microsoft Downloads, etc.). I previously had the same problem early August with SharePoint
Online but that appears to have been corrected (at least for now).
The symptom:
Microsoft Webpage contents load but then the whole pages appear blank (in Chrome and IE 11). The body style is set to "visibility:hidden;".
The cause:
Many Microsoft websites use scripts/libraries from http://ots.optimize.webtrends.com and these particular URL's are extremely long and in a bizarre way. In this instance, it's sending Chrome and IE 11 webclients to a URL that is 3472 characters in length (that's
over 3.3KB for just the URL) and the URL retrieves a JS function call that's 157 characters in length.
Our corporate firewall is blocking HTTP GET requests to URL lengths greater than a particular length (to prevent infected web-clients from exploiting external web servers). I believe it's set to 2048 characters by default.
The workaround:
Set useragent string to IE 10 or lower. It doesn't serve pages that include such long URL lengths in these cases.
Modify the style of the page in developer mode and set visibility:visible on the body. Works in IE or Chrome then.
Convince IT to change our corporate firewall to ignore URL Path Length restrictions
I'm convinced that this is a bug from Microsoft for many reasons:
Microsoft claims IE's maximum URL length is 2083 characters. See
here.
It's arguably poor form to be requiring kilobytes of data just to locate a resource(such as a .js file)
It's wasting Microsoft's bandwidth. Using 3472 bytes to retrieve 157 bytes that run a function (in another .js file from MS) that sets the body style.
It's preventing Microsoft customers that are using IE11 on Windows 7/8, who are behind firewalls that check URL Path Length's, from using Microsoft services.
It does appear to serve content that is unique to the request but there's got to be a better way to accomplish whatever it is MS is actually trying to accomplish with the contents:
WTOptimize.fireEvent(new WTEvent(WTEvent.CONTROL_PART, WTEvent.STATUS_SUCCESS, {control:"WT3VtgdmLPVOceeXKd8U15PFuYs7rn2UxwpN_67li21nuTEqahNZFhhiLz-KXk~"}));
Is it trying to display the content on modern browsers only after the page has successfully loaded? I'm not sure, but that's what it's looking like to me.Hi,
I do need more time to make test for your problem. Please be patient.
Thanks for your understanding.
Roger Lu
TechNet Community Support -
Webauth url redirection fail with firewall between host and switch
Hi All,
I noticed some old posts (2012) on this specific issue (thanks Tarik) - this is exactly our problem. Web auth redirect URL gets dropped if stateful firewall is between webauth host and switch management interface. Aaron at Cisco live london kinda hinted about maybe Cisco working on this ? We can't disable stateful inspection
Is there any other solutions or workarounds ?
"Although this approach introduces additional hops in the return path from the switch to the host, it produces negligible load on the default router and intervening infrastructure since only the WebAuth traffic from the switch to the host follows this path. In campus designs that do not use SVIs on the data VLAN,6 a default route is typically already configured. In this case, no additional configuration is required to support WebAuth. However, problems may arise in the case in which traffic to the default router is bridged through a stateful firewall. The original SYN packet in the TCP handshake is consumed by the access switch, so the first packet that the firewall sees is the SYN-ACK packet from the access switch. Stateful firewalls typically drop SYN-ACK packets if they have not seen the original SYN packet.
In this case, you will need to turn off stateful inspection for ports 80 and 443 on the firewall."
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6638/app_note_c27-577494.html
Cheers
Peter.There is workaround i haven't tested which is available from 15.0 i think, which is the option to create svi's on your access layer switches for the guest/user vlans, without actually enabling routing between them, it sounds weird, but i have been told that this combined is a possible woraround, that will cause the switch to use the svi interfaces when responding with the SYN-ACK, thus not being sent to its ip default-gateway.
-
What url is used to send videos in camera roll to youtube?
Our school blocks youtube.com on the wireless network, which is fine, but my students need to send videos they create on 4g iPod Touches to YouTube and currently can't. School personnel says if I can tell them url to unblock, they will allow the upload. Uploading videos in Camera Roll works successfully from home, but I see no url and don't know how to track it.
I know they log blocked traffic at school and could look this up, but they don't want to take the time to do this; they want a url they can paste into their filtering appliance.Your photos are included with your photos in iPhoto. They display with a small videocamera icon at the bottom left of the thumbnail and the elasped time at the bottom right.
Look at this for more: Copying personal photos and videos from iPhone, iPad, or iPod Touch to your computer, http://support.apple.com/kb/HT4083 -
We currently have a PIX firewall and I am wondering what would be a good real time log anaylzer. Currently we are using ManageEngine's Firewall Analyzer but have run into some issues with the product.
ThanksCraig,
Thank you for the post. I believe you must have used Firewall Analyzer's basic edition (Firewall Analyzer 4), and the application has reached various milestones in the past. The latest version of ManageEngine Firewall Analyzer is 7.2
The product almost support all the leading vendors in the industry. Our application is segregated in to the three categories and they are,
1.Traffic
2.Security
3.Management
1. Traffic Statistics:
This will give you the complete bandwidth information that was transacted through out the network with multiple drill analysis such as Source, Destination, Protocol, Hits, Bytes Sent, Bytes Received etc.
You can even do capacity planning and forecasting with the product.
2. Security Statistics:
Security Statistics (Reports) will display all malicious events in your network. It will help you to know the various threats and attacks to the company from outside to inside and vice versa.
3. Management Statistics:
This will help you to do audit and security configuration analysis which includes change management, compliance report. This will point out the loop holes of the network and assist you to fix it.
Why Firewall Analyzer?
Support for Firewall and security devices from multiple vendors
Real-time bandwidth monitoring
Employee internet usage with URL monitoring
Real-time alerting
Firewall Change Management reports
Security Audit & Configuration Analysis reports
Diagnose live connections
Capability to view traffic trends and usage patterns (Capacity Planning)
Powerful search for forensic and security analysis
Multi-level drill down into top hosts, protocols, web sites and more
Network security reports
Firewall compliance reports
Flexible and secured log data archiving
Rebranding, User based views and dashboard for MSSP Support
and more
http://www.manageengine.com/products/firewall/features.html
I recommend you to evaluate the fully functioned 30 days evaluation copy and check if it helps you to acheive your use case.
Regards,
Vignesh.K
Firewall Analyzer -
Firewall Log Management Software
Can anyone recommend any firewall log management software that are proven?
Adam,
I suggest you to try ManageEngine Firewall Analyzer.
The product almost support all the leading vendors in the industry. The product is segregated in to the three categories and they are,
1.Traffic
2.Security
3.Management
1. Traffic Statistics:
This will give you the complete bandwidth information that was transacted through out the network with multiple drill analysis such as Source, Destination, Protocol, Hits, Bytes Sent, Bytes Received etc. You can even do capacity planning and forecasting with the product.
2. Security Statistics:
Security Statistics (Reports) will display all malicious events in your network. It will help you to know the various threats and attacks to the company from outside to inside and vice versa.
3. Management Statistics:
This will help you to do audit and security configuration analysis which includes change management, compliance report. This will point out the loop holes of the network and assist you to fix it.
Why Firewall Analyzer?
*Support for Firewall and security devices from multiple vendors
*Real-time bandwidth monitoring
*Employee internet usage with URL monitoring
*Real-time alerting
*Firewall Change Management reports
*Security Audit & Configuration Analysis reports
*Diagnose live connections
*Capability to view traffic trends and usage patterns (Capacity Planning)
*Powerful search for forensic and security analysis
*Multi-level drill down into top hosts, protocols, web sites and more
*Network security reports
*Firewall compliance reports
*Flexible and secured log data archiving
*Rebranding, User based views and dashboard for MSSP Support
and more
http://www.manageengine.com/products/firewall/features.html
I recommend you to evaluate the fully functioned 30 days evaluation copy and check if it helps you to acheive your use case.
Regards,
Vignesh.K
Firewall Analyzer -
Remote Logon with Internet Explorer
Using SAPNW7.0ABAPTrialSP12.
I'm trying to logon in a network by using Internet Explorer but every thing fails.
Remote and local Gui Logon is Ok and local logon true URL http://localhost:8000/sap/bc/gui/sap/its/webgui?sap-client=000 is Ok.
I don't know the Url for remote logon and firewall and/or server settings.
Used following:
firewall enable Port 3300 and 8000
http://saphome:8000/sap/bc/gui/sap/its/webgui?sap-client=000
http://saphome:3300/sap/bc/gui/sap/its/webgui?sap-client=000
Could someone point me in the right direction?> http://saphome:8000/sap/bc/gui/sap/its/webgui?sap-client=000
> http://saphome:3300/sap/bc/gui/sap/its/webgui?sap-client=000
If you ping your "saphome" from the network, do you get any reply? One of the things I can think of is the loopback adapter bothering other network traffic. I know of some occasions where my loopback adapter acts as default gateway preventing all outgoing network traffic from reaching the 'real' network adapter.
If your SAP machine is on the network with a name that can be properly resolved (either a proper network name or a fully qualified domain name or fqdn) try to start your SAP instance without the loopback adapter running and see if you can still reach SAP locally (using the machines network name or fqdn instead of "localhost"). Maybe that'll give some network clues....
EDIT: typo found and corrected
Edited by: Jurjen Heeck on Aug 28, 2008 11:43 AM -
Hi All,
The thread that i posted under the topic 'Access Denied' yesterday is missing in the database forum. This is the link of my thread that i posted yesterday
http://forums.oracle.com/forums/thread.jspa?threadID=2227549&tstart=0
since as i have received replies from the three users for that thread yesterday.. But now it is missing.
This is the error which reported for me
ORA-24247: network access denied by access control list (ACL)
ORA-06512: at "SYS.UTL_TCP", line 17
ORA-06512: at "SYS.UTL_TCP", line 246
ORA-06512: at "SYS.UTL_SMTP", line 115
ORA-06512: at "SYS.UTL_SMTP", line 138
ORA-06512: at "BITECH1.SEND_MAIL", line 23
ORA-06512: at line 2For that the users said of enabling the ACL and this is the reply that i got from the three users
Hi Mini,
There are actually a lot of discussions existing on this topic: you can search this forum and use Google as well.
you may want to refer to the following link:
http://www.oracle-base.com/articles/11g/FineGrainedAccessToNetworkServices_11gR1.php
HTH,
Thierry
In 11g the user running utl_smtp et. al. packages needs a grant for network ACLs (access control list), see
http://download.oracle.com/docs/cd/B28359_01/network.111/b28531/authorization.htm#DBSEG40012
Support note 1209644.1 is also one of the hits on the ora-24247 error.
Sounds like you haven't setup the ACL correctly.
Can you post the code that you used?I have also enabled the ACL by following the referred link by the user.
After that i tried to access the URL which is outside the firewall. If i enabled the ACL means then the URL has to be accessible and this is the way that i tried
Firstly i connected to the user that i have enabled ACL, and after that i executed the below command
SQL> SET SERVEROUTPUT ON SIZE 1000000
SQL> DECLARE
2 l_url VARCHAR2(32767) := 'http://mail.yahoo.com';
3 l_conn utl_http.req;
4 BEGIN
5 l_conn := utl_http.begin_request(url => l_url, method => 'POST', http_version=> 'HTTP/1.0');
6 dbms_output.put_line('URL ' || l_url || ' was reached successfully.');
7 END;
8 / But the error that is returned for the above query is
ERROR at line 1:
ORA-29273: HTTP request failed
ORA-06512: at "SYS.UTL_HTTP", line 1029
ORA-12535: TNS:operation timed out
ORA-06512: at line 5what is the error over here?? i couldnt guess. And also where is my missing thread in DB forum
Thanks
Regards,
Mini
Edited by: Mini on May 25, 2011 2:29 AMYou write that the test worked "before development implemented security" and now you are getting a message that says "access denied". You need to present the error details to the developers and ask them what aspect of
security or permissions are now required. The error message quoted is not complete, there is nothing after "errorType" and no closing curly brace, so we cannot really tell what the problem is.
It is possible that a log within the web site has more details of the request and the failure reason. Ask the developers to check the web site logs and tell them the exact date and time of when the error occurred.
Regards
Adrian -
I Found the Ip-address of my Domain name in the site http://www.ip-details.com/domain-host-search/ Now i want the Details is there any software to find out the ip-address of the Domain name without using the site ..I know there is a software for hide ip-address,but i wanaa a s/w to find ip-address help me please?
Message Edited by sasitharoor on 10-27-2009 03:04 AM
Message Edited by sasitharoor on 10-27-2009 03:05 AM
Message Edited by sasitharoor on 10-27-2009 03:05 AMMonth or two ago here close by, I saw not the IP it connects to, but the URL.
Some question about Firewall, Server, or like things. -
Software Updates (advanced)
I am looking for an in-depth explanation of how Apple Software Updates works. Especially, how does it talk to Apple's servers to download updates? What URL does it connect to (if it does)?
I work at an institution that uses an internet filter. We desire to create an exception, but need a specific URL to unblock, if possible.
Many thanksHi
Although specific for Apple's OSX Server's Software Update Service this support kb should have enough information in it to help you out?
http://support.apple.com/kb/HT3923
Tony -
Connecting a Mac Pro to A printer on local windows network
I apologize in advance if this question has been asked/answered before. I couldn't find in forum.
I am trying to connect my MacPro to a network printer on a windows computer set up for printer sharing.
I have tried everything [all OSX help files, network setup, even purchased a printer server, etc] but nothing works. I've installed windows xp pro with boot camp and while in windows, I can use the network printer, but not from Mac OSX.
I'd appreciate any help. Thanks in advanceHow about OS X System Preferences => Sharing.
You need to enable the services you want to use which will also open the ports used and unblock in the firewall.
Mac OS X: About File Sharing
http://docs.info.apple.com/article.html?artnum=106461
Mac OS X: Sharing your files with non-Apple computers
http://docs.info.apple.com/article.html?artnum=106660
Mac OS X: Setting up Windows File Sharing
http://docs.info.apple.com/article.html?artnum=107083
Mac OS X/Windows Vista file sharing, printer sharing issues:
fixesMacFixit (subscription for archived articles)
+It appears that there are some issues with file sharing between Mac OS X and Windows Vista systems. Several users are reporting problems with seeing shared files in both directions via Samba (SMB) networking. Users are also reporting issues with previously used (under Windows XP) printer sharing methods.+
has some helpful documents. -
Runtime error SpryData.js
Hello,
I have an error at line 1727 in the SpryData.js (the previous
version, not the latest version).
It's the line : this.regionNode.innerHTML = str;
in the function : Spry.Data.Region.prototype.updateContent
The problem is that the str var is empty, and JavaScript
seems not to like it.
I only have the problem under Internet Explorer I don't know
why....
The function code is executed two times. The first time, the
different tokens are well recognized. I have an array of tokens
that need to be replaced.
The second time the function is executed, the tokens are
empty so the str var is also empty causing my runtime error.
I used the SplineTech JavaScript debugger to understand it.
What could I do ? What should I look for to understand the
error source ?
Could you help me ?
Thank you
RenaudHello,
Use this url to log on the firewall :
http://81.188.6.11:8088
with the user : bayardwebdev and pass : bayardwebdev
Keep the window opened.
Open a new browser window with the following url :
http://www.bayardwebdev.bayard.be
(should be
http://81.188.6.28)
The problem only appears with Internet Explorer :
Navigate to the second menu (Livres Jeunesse), to the first
submenu item (Crèche et maternelle : 1-5 ans).
When the page is loaded, choose in the "Léo et Popi"
section the "Histoires de Léo et Popi" link. This brings to
the Spry page.
An other sample is in the third menu item (Presse Jeunesse)
in the fisrt submenu item (Petite Enfance). This page lists the
different Bayard magazines.
Each click on a magazine makes detail appear on the right
column.
Thank you -
While attempting to 'Login' to a webservice, I'm getting this error:
(The test site has been 'unblocked' from the firewall)
Exception in Login
com.bea.control.ServiceControlException: SERVICE FAULT:
Code:java.net.ConnectException
String:Tried all: 1 addresses, but could not connect over HTTPS to server: 'thedomainname' port: 443
Detail:
END SERVICE FAULT
at com.bea.wlw.runtime.core.control.ServiceControlImpl.invoke(ServiceControlImpl.jcs:1268)
at com.bea.wlw.runtime.core.dispatcher.DispMethod.invoke(DispMethod.java:377)
at com.bea.wlw.runtime.core.container.Invocable.invoke(Invocable.java:433)
at com.bea.wlw.runtime.core.container.Invocable.invoke(Invocable.java:406)
at com.bea.wlw.runtime.jcs.container.JcsProxy.invoke(JcsProxy.java:388)
at $Proxy60.Login(Unknown Source)
atOK, here's what I've tried - any comments or suggestions?
1. Create async token, set it equal to ws1_send(), set
original parameters as dynamic properties
2. In ws1_onFault, pass token as property to the loginPanel
3. loginPanel raises a loginEvent with a property equal to
the token
4. ws1_onLoginEvent gets token, calls ws1_send with stored
parameters
Thanks. -
Need help with unblocking a url in firefox
I blocked an image in photobucket storing site and found that instead of one particular image I had block the url http://s208.photobucket.com/home/Gibelgirl/index while in Firefox and while images are in there I can not see them. This only happens in F irefox as in other browser there is no problem. Photobucket has informed me that I have blocked the site with the FireFox browseer. Can you tell me how to unblock please as I need these images. Thanks JanUK
If that didn't help then:
*Open the <i>Media</i> tab of the "Page Info" window.
*Select the first image and scroll down though the list with the Down arrow key.
*If an image in the list is grayed and there is a check-mark in the box "<i>Block Images from...</i>" then remove that mark to unblock the images from that domain. -
Sharing Internet With Windows XP - Firewall Off Only (How to unblock UDP)
Hi
I can share my Mac connection with my windows PC but only if the firewall is off.
On the Tiger forums it says go onto services and click the advanced tab and unblock UDP traffic - and then firewall can be turned on.
This option doesn't seem to be available in Panther - so until I upgrade can anyone tell me how I unblock UDP traffic in Panther?
ThanksHello albertoPeralta. Welcome to the Apple Discussions!
To open ports on the Time Capsule, you would use the AirPort Utility to configure Port Mapping.
AEBSn - Port Mapping Setup
To setup port mapping on an 802.11n AirPort Extreme Base Station (AEBSn), either connect to the AEBSn's wireless network or temporarily connect directly, using an Ethernet cable, to one of the LAN port of the AEBSn, and then use the AirPort Utility, in Manual Setup, to make these settings:
1. Reserve a DHCP-provided IP address for the Shakespeer host device.
Internet > DHCP tab
o On the DHCP tab, click the "+" (Add) button to enter DHCP Reservations.
o Description: <enter the desired description of the host device>
o Reserve address by: MAC Address
o Click Continue.
o MAC Address: <enter the MAC (what Apple calls Ethernet ID if you are using wired or AirPort ID if wireless) hardware address of the host computer>
o IPv4 Address: <enter the desired IP address>
o Click Done.
2. Setup Port Mapping on the AEBSn.
Advanced > Port Mapping tab
o Click the "+" (Add) button
o Public UDP Port(s): 4000
o Private IP Address: <enter the IP address of the host server>
o Private UDP Port(s): 4000
o Click "Continue"
Maybe you are looking for
-
I'm not sure how to use weatherHD??
Please help me w/weather HD.
-
Apple TV / TV optimal settings?
Hi I love my gadgets but I'm a little bit thick when it comes to some parts of operation / set-up. I've got an Apple TV and Toshiba Regza AV Series HD Ready TV. I've set it up to what I think is the optimal setting for screen etc but I'm now doubting
-
How to upgrade from OS 10.5.8 Leopard to OS 10.6.4 Snow Leopard?
How to upgrade from OS 10.5.8 Leopard to OS 10.6.4 Snow Leopard?
-
Is there a place to get the font "New York 18"?
I need the font New York 18 for a program to run, and I don't have a Mac running the older version of software. Does anyone know a source for this font?
-
New tab with sidebar slow to load
I updated to Mavericks on my Macbook Pro Retina yesterday. Safari 7 has an issue with loading a new tab, when the sidebar is on for new tabs. When I click the plus symbol for a new tab, there is a pause: the new tab takes 2 - 3 seconds to load. When