True, however, it wouldn't open neither in Firefox ESR nor in Safari.
I don't know whether it would make sense to try to block incoming connections at OSX firewall for Squid at this point. Please let me know if you want me to check anything, I'll be glad to help on my side. Do I need to revert squid.conf back or it's okay to leave it as it is now?
- Do you have entries in the hosts file? Examing those if they have domains to which you lost a connection. When you run any proxy, you have to exclude these domains from proxying by typing them in the excluded hosts box at the bottom of the Proxy tab in System Preferences-->Network-->Advanced. By doing that you make your system hosts file effective because, otherwise, a proxy-server overrides them by default.
- Do you run any VPN software or the related CLI utilities to enable VPN? If yes, then disable them. Little Snitch belongs to this category too.
- Here's my configuration file in macOS Lion
The ''iphone-services.apple.com" is how I restored my Mac's geolocation functioning by perusing
access.log.
"mzstatic.com
" apparently had no effect so can be removed from squid.conf: I added it by trying to resolve a non-critical issue with some thumbnails in MAS being empty (a square with a question mark).
That's in Lion. In Mavericks I added the following domains to rectify connection failures in Facetime/iMessage:
- .configuration.apple.com
- .profiles.ess.apple.com or .ess.apple.com
- .icloud.com
I even don't remember why I added iCloud, probably, just in case. In both Lion and Mavericks, I left everything in place for Squid to act on. In Lion, I discovered that excluding everything
.itunes knocks iTunes Store and Genius connectivity out of its feet, so I refrained from tampering with
this domain.
Now, onto the question of why it works differently for you and for me. The probable answer is that depending on your location, the macOS connects to different server networks. E.g. if you live in Paris
, it scans for the nearest servers (say, in London or Bologne) and cell network stations to make the connection, determine your location etc. It's probable that where in one place it needs 2 domains to query
, it needs 5 in another place and they are different: it looks like to be able to "determine"
my geolocation it needs to make a connection to the host beginning with "iphone" which was quite a revelation for me.
The only way is to try by trial and error by excluding exposed domains one by one.
NB. Neither in iTunes 11 nor iTunes 10 you still
can't buy apps or download updates, I didn't try to buy music since I don't like iTunes audio quality, and you can't play previews of audio-tracks either. You can play and download podcasts and videos, though.
The previous state of things changed with the release of Catalina a year ago and Music superseding iTunes.
