MP4 Videos being blocked on iPhone

Question

2014:01:19-03:16:10 HIDDEN_WALL httpproxy[5367]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.2.16" dstip="198.151.161.47" user="" statuscode="302" cached="0" profile="REF_HttProFreedom (Freedom)" filteraction="REF_HttCffConteFilteDarkn (Content Filter - Darknet Style Super)" size="280" request="0xee71820" url="www.omnigroup.com/.../html"

2014:01:19-03:16:10 HIDDEN_WALL httpproxy[5367]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.2.16" dstip="198.151.161.47" user="" statuscode="302" cached="0" profile="REF_HttProFreedom (Freedom)" filteraction="REF_HttCffConteFilteDarkn (Content Filter - Darknet Style Super)" size="278" request="0xee71820" url="www.omnigroup.com/.../html"

2014:01:19-03:16:10 HIDDEN_WALL httpproxy[5367]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.2.16" dstip="54.230.123.210" user="" statuscode="200" cached="0" profile="REF_HttProFreedom (Freedom)" filteraction="REF_HttCffConteFilteDarkn (Content Filter - Darknet Style Super)" size="79640" request="0xe2cd0e60" url="downloads2.omnigroup.com/.../mp4"

2014:01:19-03:16:11 HIDDEN_WALL httpproxy[5367]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.2.16" dstip="54.230.123.210" user="" statuscode="200" cached="0" profile="REF_HttProFreedom (Freedom)" filteraction="REF_HttCffConteFilteDarkn (Content Filter - Darknet Style Super)" size="50133" request="0xf0a3af8" url="downloads2.omnigroup.com/.../mp4"

I am trying to find out why the Web Protection is blocking MP4 video files on my iPhone. Noticed this when trying to view a video on OmniFocus 2, and figured if they created a website where the videos are viewable for iPhones. Switch over to cellular and it works just fine. Figured it was Web Protection, and sure enough if I disable it, works fine on the network.

Currently using UTM
Firmware version: 9.107-33
Pattern version: 56192

Created a special profile for it as well, where nothing is being blocked aka

(Content Filter - Darknet Style Super)

.

Created an exception to see if it would help.. Not sure if the rule is written 100%, but won't work with this rule ..

^https?://([A-Za-z0-9.-]*\.)?mp4

Skipping:	Antivirus / MIME type blocking / URL Filter / Content Removal

Only other thing that I found that would work without disabling Web Filtering is, if I add the iPhone to the Web Filtering > Advanced > Transparent mode skiplist.
It will play videos just fine. But this defeats the point of having it turned on..

I would like the Web Filtering to work for the iPhone devices, as this is the only major issue I have with it currently.

The source URL for further inspection

OmniFocus - Video - The Omni Group

Many thanks,
Alex P

This thread was automatically locked due to age.

RichBaldry · Answer

I tried this and saw the same behaviour. 
 Looking at a packet dump, what I see is that when it tries to start the video, the browser is doing a range request, to download a subset of the whole MP4 file. 
 When AV scanning is disabled via an exception, the range request is allowed and the we see a HTTP status code of 206 (Partial Content) coming back. The browser understands this OK and plays the video 
 When AV scanning is enabled, the UTM does not usually allow range requests because it can't conclusively malware scan a partial file. This would create a loophole where a malicious app on the desktop could download a malware file bit by bit and bypass our filtering. 
 What happens then is that the UTM removes the range request header from the HTTP request and the server consequently responds with the whole file and an HTTP 200 response. The browser on the iPhone doesn't expect this and so the video doesn't play back. 
 The different behaviours of different devices and different browsers probably vary based on (a) whether the device/browser does a range request or tries to download the whole MP4 in one go, and (b) If it does a range request, whether the browser can handle a full-file response. 
 
 GET /c/198252.512p.mp4 HTTP/1.1 
 Host: b1.vestifinance.ru 
 Accept-Language: en-ca 
 X-Playback-Session-Id: 3C2B2963-5AAF-44D8-A610-B63EAE6AC278 
 Cookie: _ga=GA1.2.2102615505.1455910228; _gat=1; _ym_isad=0; _ym_uid=1455910228699311060; hpmd_session=1; hpmd_tmp=0.5797367240302265; hpmd_uid2=632629543 
 Range: bytes=917504-220941462 
 Accept: */* 
 User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 9_2_1 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13D15 Safari/601.1 
 Referer: www.vestifinance.ru/.../25026 
 Accept-Encoding: identity 
 Connection: keep-alive 
 
 HTTP/1.1 206 Partial Content 
 Server: nginx 
 Date: Fri, 19 Feb 2016 19:53:08 GMT 
 Content-Type: video/mp4 
 Content-Length: 220023959 
 Last-Modified: Fri, 04 Dec 2015 18:22:43 GMT 
 ETag: "5661d9f3-d2b4c97" 
 Content-Range: bytes 917504-220941462/220941463 
 Connection: keep-alive 
 Without AV exception: 
 GET /c/198252.512p.mp4 HTTP/1.1 
 Host: b1.vestifinance.ru 
 Accept-Language: en-ca 
 X-Playback-Session-Id: A44D65F3-4C44-4578-9201-94A5568CBE70 
 Cookie: _ga=GA1.2.2102615505.1455910228; _gat=1; _ym_isad=0; _ym_uid=1455910228699311060; hpmd_session=1; hpmd_tmp=0.9600498070940375; hpmd_uid2=632629543 
 Range: bytes=917504-220941462 
 Accept: */* 
 User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 9_2_1 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13D15 Safari/601.1 
 Referer: www.vestifinance.ru/.../25026 
 Accept-Encoding: identity 
 Connection: keep-alive 
 
 HTTP/1.1 200 OK 
 Server: nginx 
 Date: Fri, 19 Feb 2016 19:52:36 GMT 
 Content-Type: video/mp4 
 Content-Length: 220941463 
 Last-Modified: Fri, 04 Dec 2015 18:22:43 GMT 
 ETag: "5661d9f3-d2b4c97" 
 Accept-Ranges: bytes 
 Connection: keep-alive