-
Notifications
You must be signed in to change notification settings - Fork 0
/
Apple_Domain_List.txt
185 lines (185 loc) · 8.71 KB
/
Apple_Domain_List.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
[AdBlock]
! Homepage: https://github.com/nguyenvanquoctrung/Adblock/
! Title: ADL
! Expires: 1 days
! Version: 0.1
! Last modified: 03/12/2023
! Tham khao: https://support.apple.com/en-mt/HT210060
! ====================== Apple Push Notifications =====================
! ====================== Device Setup =====================
! Apple devices need access to the following hosts during setup, or when installing, updating, or restoring the operating system.
albert.apple.com
captive.apple.com
gs.apple.com
humb.apple.com
static.ips.apple.com
sq-device.apple.com
tbsc.apple.com
time-ios.apple.com
time.apple.com
time-macos.apple.com
! ====================== Device management =====================
! Apple devices enrolled in MDM need access to the following hosts and domains.
*.push.apple.com
deviceenrollment.apple.com
deviceservices-external.apple.com
gdmf.apple.com
identity.apple.com
iprofiles.apple.com
mdmenrollment.apple.com
setup.icloud.com
vpp.itunes.apple.com
! ====================== Apple Business Manager and Apple School Manager =====================
! Administrators and managers need access to the following hosts and domains in order to administer and manage Apple Business Manager and Apple School Manager.
*.business.apple.com
*.school.apple.com
appleid.cdn-apple.com
idmsa.apple.com
*.itunes.apple.com
*.mzstatic.com
api.ent.apple.com
api.edu.apple.com
statici.icloud.com
*.vertexsmb.com
www.apple.com
upload.appleschoolcontent.com
! Employees and students using Managed Apple IDs need access to the following host in order to look up others in their business or school when composing messages or sharing documents.
ws-ee-maidsvc.icloud.com
! ====================== Apple Business Essentials device management =====================
! Administrators and devices managed by Apple Business Essentials need access to the following hosts and domains, along with those listed above for Apple Business Manager.
axm-adm-enroll.apple.com
axm-adm-mdm.apple.com
axm-adm-scep.apple.com
axm-app.apple.com
*.apple-mapkit.com
icons.axm-usercontent-apple.com
! ====================== Classroom and Schoolwork =====================
! Student and Teacher devices using the Classroom or Schoolwork apps need access to the following hosts, as well as those listed in the Apple ID and iCloud sections below.
s.mzstatic.com
play.itunes.apple.com
ws-ee-maidsvc.icloud.com
ws.school.apple.com
pg-bootstrap.itunes.apple.com
cls-iosclient.itunes.apple.com
cls-ingest.itunes.apple.com
! ====================== Software updates =====================
! Make sure you can access the following ports for updating macOS, apps from the Mac App Store, and for using content caching.
! === macOS, iOS, iPadOS, watchOS, and tvOS ===
! Apple devices need access to the following hosts when installing, restoring, and updating iOS, iPadOS, macOS, watchOS, and tvOS.
appldnld.apple.com
configuration.apple.com
gdmf.apple.com
gg.apple.com
gs.apple.com
ig.apple.com
mesu.apple.com
ns.itunes.apple.com
oscdn.apple.com
osrecovery.apple.com
skl.apple.com
swcdn.apple.com
swdist.apple.com
swdownload.apple.com
swscan.apple.com
updates-http.cdn-apple.com
updates.cdn-apple.com
xp.apple.com
! === App Store ===
! Apple devices need access to the following hosts and domains for installing and updating apps.
*.itunes.apple.com
*.apps.apple.com
*.mzstatic.com
itunes.apple.com
ppq.apple.com
! === Carrier updates ===
! Cellular devices need access to the following hosts to install carrier bundle updates.
appldnld.apple.com
appldnld.apple.com.edgesuite.net
itunes.com
itunes.apple.com
updates-http.cdn-apple.com
updates.cdn-apple.com
! === Content caching ===
! A Mac that provides content caching needs access to the following hosts, as well as the hosts listed in this document that provide Apple content such as software updates, apps, and additional content.
lcdn-registration.apple.com
suconfig.apple.com
xp-cdn.apple.com
! Clients of macOS content caching need access to the following hosts.
lcdn-locator.apple.com
serverstatus.apple.com
! ====================== App features =====================
! Apple devices may need access to the following hosts to use certain app features.
api.apple-cloudkit.com
*.appattest.apple.com
! ====================== Beta updates =====================
! Apple devices need access to the following hosts to sign in to Beta Updates and report feedback using the Feedback Assistant app.
bpapi.apple.com
cssubmissions.apple.com
fba.apple.com
! ====================== Apple diagnostics =====================
! Apple devices might access the following host in order to perform diagnostics used to detect a possible hardware issue.
diagassets.apple.com
! ====================== Domain Name System resolution =====================
! Encrypted Domain Name System (DNS) resolution in iOS 14, iPadOS 14, tvOS 14, and macOS Big Sur and later uses the following host.
doh.dns.apple.com
! ====================== Certificate validation =====================
! Apple devices must be able to connect to the following hosts to validate digital certificates used by the hosts in this article.
certs.apple.com
crl.apple.com
crl.entrust.net
crl3.digicert.com
crl4.digicert.com
ocsp.apple.com
ocsp.digicert.cn
ocsp.digicert.com
ocsp.entrust.net
ocsp2.apple.com
valid.apple.com
! ====================== Apple ID =====================
! Apple devices must be able to connect to the following hosts in order to authenticate an Apple ID. This is required for all services that use an Apple ID, such as iCloud, app installation, and Xcode.
appleid.apple.com
appleid.cdn-apple.com
idmsa.apple.com
gsa.apple.com
! ====================== iCloud =====================
! In addition to the Apple ID hosts listed above, Apple devices must be able to connect to hosts in the following domains to use iCloud services.
*.apple-cloudkit.com
*.apple-livephotoskit.com
*.apzones.com
*.cdn-apple.com
*.gc.apple.com
*.icloud.com
*.icloud.com.cn
*.icloud.apple.com
*.icloud-content.com
*.iwork.apple.com
mask.icloud.com
mask-h2.icloud.com
mask-api.icloud.com
! ====================== Siri and Search =====================
! Apple devices must be able to connect to the following hosts to process Siri requests, including dictation and searching in Apple apps.
guzzoni.apple.com
*.smoot.apple.com
! ====================== Associated Domains =====================
! Apple devices must be able to connect to the following hosts to use Associated Domains in iOS 14, iPadOS 14, and macOS Big Sur and later. Associated Domains underpin universal links, a feature that allows an app to present content in place of all or part of its website. Handoff, App Clips, and single sign-on extensions all use Associated Domains.
app-site-association.cdn-apple.com
app-site-association.networking.apple
! ====================== Tap to Pay on iPhone =====================
! To use a payment app to accept contactless payments, an iPhone must be able to reach the following hosts.
pos-device.apple.com
humb.apple.com
phonesubmissions.apple.com
! ====================== Additional content =====================
! Apple devices must be able to connect to the following hosts to download additional content. Some additional content might also be hosted on third-party content distribution networks.
audiocontentdownload.apple.com
devimages-cdn.apple.com
download.developer.apple.com
playgrounds-assets-cdn.apple.com
playgrounds-cdn.apple.com
sylvan.apple.com
! ====================== Firewalls =====================
! If your firewall supports using hostnames, you might be able to use most Apple services above by allowing outbound connections to *.apple.com. If your firewall can only be configured with IP addresses, allow outbound connections to 17.0.0.0/8. The entire 17.0.0.0/8 address block is assigned to Apple.
! ====================== HTTP proxy =====================
! You can use Apple services through a proxy if you disable packet inspection and authentication for traffic to and from the listed hosts. Exceptions to this are noted above. Attempts to perform content inspection on encrypted communications between Apple devices and services will result in a dropped connection to preserve platform security and user privacy.
! ====================== Content Distribution Networks and DNS Resolution =====================
! Some of the hosts listed in this article may have CNAME records in DNS instead of A or AAAA records. These CNAME records may refer to other CNAME records in a chain before ultimately resolving to an IP address. This DNS resolution allows Apple to provide fast and reliable content delivery to users in all regions and is transparent to devices and proxy servers. Apple doesn't publish a list of these CNAME records because they are subject to change. You shouldn't need to configure your firewall or proxy server to allow them as long as you don't block DNS lookups and allow access to the hosts and domains named above.