Issues accessing iTunes when using the Client Site Proxy (CSP)
search cancel

Issues accessing iTunes when using the Client Site Proxy (CSP)


Article ID: 161326


Updated On:




Attempting to access iTunes through the Client Site Proxy (CSP) results in authentication prompts or displays a connection failure error message.


iTunes doesn't work with authenticating proxies and does not have any settings to allow you to bypass the IE connection settings used to access the ITunes store.


 Currently there are three solutions to resolve this issue:

Option 1:
Add the following entries within the IE exceptions page via Tools > Internet Options > Connections > LAN Settings > Advanced 
> Exceptions: *;*;*;*;*;*
This will allow you to use ITunes without an authentication login prompt being displayed. A bypass within the Client Site Proxy's squid.conf file will not work as ITunes is unable to authenticate with the CSP, s an authentication conflict occurs.
Warning: * is used in conjuction with Web Streaming sites such as the, as such we do not recommend they bypass this site if you wish to block such content, as any Web Streaming relating policy rules will not apply. As such Option 2 is recommended in this instance.
Option 2:
If Option 1 is either not acceptable, or does not work for you(as ITunes does regularly change their data sources). You need to point directly out to the trips from the browser, for example
From testing conducted, iTunes ignores any PAC file that the IE settings are point to (please see
Option 3:
The last option is to apply an agent bypass into the squid.conf file. This should allow for the traffic to pass through to the CSP server and send the traffic out by listening to the agent requests.
The following line will need to be added into the squid.conf file:
acl Itunes browser regexp iTunes
http_access allow Itunes
always_direct allow Itunes
In addition the following URL's will need to be added the squid.conf file as a URL exception:
*;*;*;*;*;* as a domain bypass.
#Bypass for
acl customname dstdomain

#TAG: Bypass NTLM & Trip
http_access allow customname
always_direct allow customname