Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 69 replies
  • Subscribers 1 subscriber
  • Views 114869 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Netflix for Android now being blocked - why?

Astaro Commando
Currently have a transparent HTTP Proxy enabled. When I try to access Netflix over the android app, I get an error that the service is unavailable. Disabling the proxy fixes it, so it's definitely not an IPS issue.

I was previously able to get this to work by adding the following exceptions:
^https?://[A-Za-z0-9.-]*netflix.com/
^https?://[A-Za-z0-9.-]*llnwd.net/
^https?://[A-Za-z0-9.-]*edgesuite.net/
^https?://[A-Za-z0-9.-]*nflximg.com/
^https?://[A-Za-z0-9.-]*nflxvideo.net

This worked for years but stopped working this week. From what I can tell from the live logs, it looks like Netflix is now using new content servers at the 108.x.x.x address block. From what my traceroutes tell me, there is no DNS name attached to these servers so there is no way for me to mass add them like I did above.

Has anyone else noticed issues? Streaming via HTTP browser works fine.


This thread was automatically locked due to age.
Parents
  • 0
    An older thread, but I'll add my 2cts. Just bought an Android Stick to watch Netflix on my TV. And found that the following exception (HTTPS scanning and AV) in Web Filtering works (for now):

    ^http?://([A-Za-z0-9.-]*\.)?netflix\.com/.*
    ^http?://([A-Za-z0-9.-_]*\.)?nflximg\.com/.*
    ^http?://([A-Za-z0-9.-]*\.)?netflix-*.vo.llnwd.net/.*
    ^http?://([A-Za-z0-9.-]*\.)?nflxvideo\.net/.*
    ^http?://([A-Za-z0-9.-]*\.)?playstation.nccp.netflix\.com/.*
    ^http://108\.175\.18[89]/
    ^http://37\.77\.18[89]/


    I have to mention that the last two rows containing the IP-addresses will probably grow.
    The first day I tested it, only the first rule of IP-addresses was necessary, but today (exactly 1 day later), I had to add the second row.
    You can find these addresses listed in the web filtering live log.

    What also works is putting the entire host in skip transparent mode source hosts/nets but then you will loose all filtering for these hosts and that's not what I am looking for, especially with some younger also using the Internet.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Reply
  • 0
    An older thread, but I'll add my 2cts. Just bought an Android Stick to watch Netflix on my TV. And found that the following exception (HTTPS scanning and AV) in Web Filtering works (for now):

    ^http?://([A-Za-z0-9.-]*\.)?netflix\.com/.*
    ^http?://([A-Za-z0-9.-_]*\.)?nflximg\.com/.*
    ^http?://([A-Za-z0-9.-]*\.)?netflix-*.vo.llnwd.net/.*
    ^http?://([A-Za-z0-9.-]*\.)?nflxvideo\.net/.*
    ^http?://([A-Za-z0-9.-]*\.)?playstation.nccp.netflix\.com/.*
    ^http://108\.175\.18[89]/
    ^http://37\.77\.18[89]/


    I have to mention that the last two rows containing the IP-addresses will probably grow.
    The first day I tested it, only the first rule of IP-addresses was necessary, but today (exactly 1 day later), I had to add the second row.
    You can find these addresses listed in the web filtering live log.

    What also works is putting the entire host in skip transparent mode source hosts/nets but then you will loose all filtering for these hosts and that's not what I am looking for, especially with some younger also using the Internet.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Children
No Data
Unfiltered HTML