ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Issues accessing iTunes when using the Client Site Proxy (CSP)

book

Article ID: 161326

calendar_today

Updated On:

Products

Web Security.cloud

Issue/Introduction

Attempting to access iTunes through the Client Site Proxy (CSP) results in authentication prompts or displays a connection failure error message.

Cause

iTunes doesn't work with authenticating proxies and does not have any settings to allow you to bypass the IE connection settings used to access the ITunes store.

Resolution

 Currently there are three solutions to resolve this issue:

 
 
Option 1:
 
Add the following entries within the IE exceptions page via Tools > Internet Options > Connections > LAN Settings > Advanced 
> Exceptions: *.apple.com;*.mzstatic.com;*.edgesuite.net;*.akadns.net;*.akamai.net;*.edgekey.net
 
This will allow you to use ITunes without an authentication login prompt being displayed. A bypass within the Client Site Proxy's squid.conf file will not work as ITunes is unable to authenticate with the CSP, s an authentication conflict occurs.
 
Warning: *.akamai.net is used in conjuction with Web Streaming sites such as the bbc.co.uk, as such we do not recommend they bypass this site if you wish to block such content, as any Web Streaming relating policy rules will not apply. As such Option 2 is recommended in this instance.
 
 
 
Option 2:
 
If Option 1 is either not acceptable, or does not work for you(as ITunes does regularly change their data sources). You need to point directly out to the trips from the browser, for example proxy1.eu.webscanningservice.com.
 
From testing conducted, iTunes ignores any PAC file that the IE settings are point to (please see https://discussions.apple.com/thread/2530700?start=0&tstart=0).
 
 
 
Option 3:
 
The last option is to apply an agent bypass into the squid.conf file. This should allow for the traffic to pass through to the CSP server and send the traffic out by listening to the agent requests.
 
The following line will need to be added into the squid.conf file:
 
acl Itunes browser regexp iTunes
http_access allow Itunes
always_direct allow Itunes
 
In addition the following URL's will need to be added the squid.conf file as a URL exception:
*.apple.com;*.mzstatic.com;*.edgesuite.net;*.akadns.net;*.akamai.net;*.edgekey.net as a domain bypass.
 
#Bypass for domain.com
acl customname dstdomain .apple.com .mzstatic.com .edgesuite.net .akadns.net.akamai.net .edgekey.net

#TAG: Bypass NTLM & Trip
http_access allow customname
always_direct allow customname