Facebook app on iOS does not connect

Article #:

Product

Castle

1851

 

 

Summary

On iOS devices (iPhone, iPod, iPad) the Facebook app may not connect. Usually this is when you are performing HTTPS inspection or certificate validation. The app reports no connection with a Tap to retry button.

Problem

Facebook app on iOS does not connect

The Facebook app makes a HTTPS connection, which is non-standard, implementing its own certificate validation.  This conflicts with the standards-based validation which Smoothwall performs.

The app makes connections to plain-IP HTTPS URLs, for example, https://66.220.158.23, but validates these against the *.facebook.com HTTPS certificate.

To resolve this issue, you will need to exclude these sites from HTTPS Inspection and/or certificate validation. Doing so will still allow the rest of Facebook to be inspected; this is just an initial connection and authentication stage. Users who are denied access to Facebook in the main web filter policy will still continue to be blocked.

Each of these servers is accessed by the app as a plain IP, which resolves via reverse DNS to an address such as:

edge-z-m-shv-03-ash5.facebook.com

These addresses vary, often based on geolocation, hence the following URL pattern matches all of these:

edge.+?\.facebook\.com

Solution

1. Go to Guardian > Policy objects > Categories.
2. Create a new custom category, named Facebook Edge Servers or similar.
3. Add edge.+?\.facebook\.com to URL patterns. (Click Advanced first to expand the view.)
4. Go to Guardian > HTTPS Inspection > Policy wizard.
5. Create a new rule:
Who — Add the users or groups you wish it to apply to, or select Everyone
What — Facebook Edge Servers (which you have just created)
Where — Add the locations you wish it to apply to, or Everywhere
When — Add the times you wish it to apply at, or Always
Action — Do not inspect
6. Ensure that this rule is above any other Decrypt and Inspect or Validate Certificate only rules in the HTTPS inspection policies table.

Tip: If you have changed the order of rules in the table remember to click Save.

Note: The Social Networking category and/or the Facebook category are allowed in this configuration and users can access Facebook through a browser. If Facebook is blocked in the browser then this issue may not be affecting you and you should refer to the relevant Web Filter policy and the Policy Test Tool to establish if the filtering policy in place is denying this.

Attribution:

Last updated:

Author:

Contributions by:

23 August 2016

 

DMT

 

Copyright © 2000-2016 Smoothwall All rights reserved.