App Store blocked
So I’m running a vpn server on my linode and it seems the iOS App Store no longer works.
I tried creating a new linode with new it but it’s the same.
Anyone have the same issue? I’m wondering if all linode ranges are now blocked?
More info, it seems if you open this url directly it shows 2 links. Using linode as a vpn it shows service unavailable.
I observed the same issue since a few weeks, it can also be observed from the shell:
$ curl search.itunes.apple.com
My linode is running in the Frankfurt data center.
I wonder if it’s only linode ips or apple doing it for all data center iOS as and when they identify them.
Anyway I handled it by proxy into those domains through a different server. Not ideal tho!
After asking around it seems to be due to bots and abuse where scripts query the App Store directly bypassing the API. Usually it’s to fake installs and reviews etc etc.
Apparently Apple got a lot more aggressive recently. This is all unconfirmed really as Apple are always secretive about this stuff.
Anyway we routed certain domains through other networks to get around it, but it’s still an ongoing pain.
Forgot to mention, it’s not only linode, it’s a lot of VPN endpoints and IP ranges which seem to belong to quick turn around server providers like VPS providers.
Personally, the solution to this problem can only be negotiated with apple by the Linode officials, but now Linode officials think that this issue is not within their service, which makes me very uncomfortable.
I have precisely the same problem. iOS App Store, as well as search in Podcast are all down, however, I can still upgrade apps/podcasts. It seems that it's just the search function that's being blocked by Apple.
So far I've noticed that these 2 websites that blocked my Fremont server (there could be more):
search.itunes.apple.com (iOS app store)
camelcamelcamel.com (amazon price tracking)
I tried Wireguard, OpenVPN, shadowsocks, v2ray, all the same.
$ curl search.itunes.apple.com Service Unavailable $ curl camelcamelcamel.com curl: (7) Failed to connect to camelcamelcamel.com port 80: Connection refused
$ curl google.com <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"> <TITLE>301 Moved</TITLE></HEAD><BODY> <H1>301 Moved</H1> The document has moved <A HREF="http://www.google.com/">here</A>. </BODY></HTML>
am suffering from the same issue , i run IOS VPN server in linode and now all access to apple app store is blocked .
please share if any one managed to overcome this issue .
I have same issue with VPN on my linode (hosted in Newark, NJ). I can't open App Store when it is on
Hi everyone, I wanted to give an update here:
Yes, we are aware of connectivity issues with Apple's App Store, and we're working to resolve this. I don't have anything I can share about a timeline, nor am I aware of a current workaround for Linode customers. When we have more info, we'll be sure to update this thread.
Any updates with resolving this issue? Still having this issue with Linodes in Newark and Atlanta.
The same issue. My server locates in Tokyo. Could someone tell me how to solve it or recommend other web-server providers?
Would you be able to share the list of companies blocking you (that you know of)?
I'm experiencing issues with the entire Google ecosystem (using my Linode as a VPN), search, mail, playstore, etc
For us it’s mainly the App Store. But it sounds like your IP is blacklisted - maybe from a previous user of the IP.
Clone your linode to a new one to get a new IP and check.
I just wanted to jump in here and thank you all for your patience. We know you've been waiting for some time, and we really appreciate you sticking with us. We're still investigating the connectivity issues with Apple's App Store, and while we don't have a timeline to share, we wanted you to know this is still on our radar.
Linode, are you serious? It’s been 7 months!!! It does NOT take 7 months to investigate this.
It sounds to me like some of your customers have been running bots or scripts that Apple don’t like and your entire IP ranges have been banned.
If that is indeed the case then you probably haven’t been able to convince them that you’re dealing with that to get unbanned. In any case you are the ONLY provider with this issue.
Almost out of patience here, it’s beginning to affect the bottom line.
We hear you and we understand the frustration this has caused. As noted, this issue is likely because of abuse on our platform, which we handle as quickly as possible. Our Trust & Safety team has reached out to Apple and Google multiple times over the last few months to little affect. We’ve got some new contacts to whom we can escalate this, and we’re hopeful they’ll help us resolve this.
We appreciate the feedback – keep it coming. The instant we have a resolution for this, we'll be sure to update this thread.
I'd like to update that as of Jul 1, 2020, the issue is still there.
@jackley Please do escalate this issue with Apple.
Hi @rdaniels, I still see the issue (Frankfurt data center), CentOS8, with a "curl https://search.itunes.apple.com/", I still get "Service Unavailable".
The same curl from my Mac shows the itunesConnect calls that are the expected result.
I have an IPv6 /56 from Linode, routed to my Linode, with a /64 from this routed around our LAN from our Linode, and have the same problem. We have iPhones on the network which pick up a v6 address via SLAAC and route advertisement, and can't get updates from, or do searches on the Apple Store.
Hosts on the LAN also have RFC-1918 v4 addresses assigend via DHCP, masqueraded behind a dynamically assigned public address from Spectrum. I did a bit of jiggery-pokery on the network router (Linux) and so I can turn on and off IPv6 routing with a web script and everything falls back to v4 - and voila! The Apple Store is once again available!
I thought the problem might be something like a MTU issue, but this didn't compute, so it's at least good to hear that it's not MY problem.
Search.itunes.apple.com and other apple domains seem to be unblocked but their entire CDN edge is blocked still - the following fails.
For god sakes didn't you test this?! Given how long it's taken to find someone at apple who takes you seriously it would have been prudent to make sure it's working while you had them responding.
@jackley and @rdaniels, could you please escalate this issue and have it fixed?
As OP said, other Apple subdomain(s) is(are) still blocked.
When I open App Store on iPhone, I'm very much blocked everywhere other than under the "Search" tab.
Also, I'm not getting any iOS updates unless I disconnect my Linode VPN server.
On my linode server:
$ curl https://api-edge.apps.apple.com Service Unavailable
This is really annoying now. I’m proxying *.Apple.com using dns or https proxy to another host with a different provider. But in the end what’s the point, why not just switch to the other provider completely.
I’ll wait 48 hours for a substantial answer after which we will start migrating our 140 Linodes to another provider.
No substantive changes in this issue, unfortunately. We've recently heard from a contact at Apple who gave us some insight and new directions to pursue.
If you're a registered Apple Developer, our contact recommend that you reach out to Apple Developer Support and report that Linode's IPs are blocked (our ASN is 63949).
Just a follow-up question – I get inconsistent results when I attempt to curl certain URLs on or off my Linode's VPN. For example, I get this result no matter what:
~> curl api-edge.apps.apple.com <HTML><HEAD><TITLE>Error</TITLE></HEAD><BODY> An error occurred while processing your request.<p> Reference #97.6d321cb8.1612380572.e10688d </BODY></HTML>
Likewise, I can also access this URL (and curl it) on or off the VPN:
~> curl search.itunes.apple.com <html> <body> <p><a href="/WebObjects/MZAdmin.woa/">DJ</a> <p><a href="/WebObjects/iTunesConnect.woa/">iTC</a>
Can someone attempt these and let me know what happens?
I understand how frustrating this is. We'll continue working on this.
This is what I get from my Linode in Fremont, CA:
stevewi@dave:~$ curl search.itunes.apple.com <html> <body> <p><a href="/WebObjects/MZAdmin.woa/">DJ</a> <p><a href="/WebObjects/iTunesConnect.woa/">iTC</a> stevewi@dave:~$ curl api-edge.apps.apple.com Service Unavailable stevewi@dave:~$
I added the two LFs at the end for clarity.
This works on my linodes with https, without it returns 302.
This returns Service Unavailable on Linodes. From my own network it hangs.
You should be trying:
Which returns Service Unavailable on Linodes, but a html page with not found on a normal network.
.... <h3>Not Found</h3> <p>The requested page could not be found.</p> ....
So it looks like a policy on the Akamai cdn setup by Apple.
It’s possible it’s a reputation problem with linode and Apple have a reputation policy. It would be strange if they targeted linode directly.
@jackley have you contacted Akamai to check your ‘reputation’ with them and try to address that?
Ok so I ran the reputation tool from that site and it timed out for linode. It works fine on my own home network.
Seems like Akamai are blocking linode. I opened a ticket with more info. Let’s see what happens
So as of today (Feb. 23, 2021) I can access the Apple App Store through my linode wireguard vpn! This was still not working just a few days ago. Great work whoever got this sorted out! Thank you! This was the only mild annoyance I have encountered with your service. Now I give you a full five stars and 100% in customer satisfaction.
Yay! We (myself and Linode) sent emails to Akamai regarding the issue. I also sent an email to someone I know at Apple.
Neither side told me they had fixed it, so either linode did something or it’s a typical Apple response, fix but don’t acknowledge!
It finally works with most of Apple services, but the verification service is still not working unfortunately.