Spotify and "Decrypt & Scan HTTPS"

Question

Hi. 
 When I use Decrypt & Scan HTTPS in my firewall, spotify web site (I did not try the app) stops playing. 
 I cannot find a workarround how to exclude those to allow the play. 
 I can reach the site, I can logon, but play won't work. 
 The logs show all "green". 
 I did install the certificate in the workstation (no alerts when I use https) 
 Thanks,

PaulThijs · Accepted Answer

Hi , 
 You could try to create a FQDN host for Spotify and use wildcard * > *.spotify.com to resolve all subdomains. 
 Tried for two minutes and these are the results after connection established with website and webplayer :

FQDN 
 IP Address

pixel-static.spotify.com 
 104.199.64.136

gew-dealer-ssl.spotify.com 
 35.186.224.45

gew-dealer.spotify.com 
 35.186.224.45

apresolve.spotify.com 
 104.199.64.136

api.spotify.com 
 35.186.224.53

open.spotify.com 
 104.199.64.136

global-dealer-ssl.spotify.com 
 35.186.224.47

pixel.spotify.com 
 104.199.64.136

gew-spclient.spotify.com 
 35.186.224.53

weblb-wg.dual-gslb.spotify.com 
 104.199.64.136

wg.spotify.com 
 35.186.224.53

spclient.wg.spotify.com 
 35.186.224.53

dealer.spotify.com 
 35.186.224.47

From there you could try to figure out how to get on..........well the answer is : create an web exception ''spotify.com'' and exclude these : 
 
 HTTPS Decryption 
 Malware and Content Scanning 
 Sandstorm 
 Policy Checks 
 
 Create a new rule on top for Spotify and use the Spotify FQDN host to connect to ( all subdomains are resolved automatically ) , and of course do not check Scan and Decrypt HTTPS 
 
 Then Spotify webplayer works >

FloSupport · Answer

Hi Hayim Caspy 
 Have you tried creating a web exception for the entries discussed here ? 
 Regards,

CrossRoad IT · Answer

I've been struggling to solve this as well and have finally gotten this to work. The only exception necessary was: ^([A-Za-z0-9.-]*\.)?scdn\.co/? for HTTPS decryption.