Blocking OTA download through router.

oplix · Sep 27, 2013

I'm becoming very concerned with the way Apple is doing business as of late especially getting on this morning and noticing an article stating ios7 is automatically downloaded to the device without user permission. So I check my phone and yes, ios7 has managed to creep itself onto my phone without any input from me. Download and Install has simply become Install.

Update: I've successfully blocked OTA updates through my router with help of Intell's suggestion.

On my Linksys E2000 I created a new Access Restrictions policy blocking URLS:

mesu.apple.com
appldnld.apple.com

filtering IP range 192.168.1.1-192.168.1.254 - this essentially blocks all connecting devices to the router from accessing the culprit (mesu.apple.com). TIP: do not add access restrictions such as HTTP or DNS to the policy as these aren't specific to the url itself and function as a global block.

As an extra precaution you could add your iphone's WIFI mac address to the access restriction as well. This can be found from Settings>About

To make sure you have done this correctly, connect to WIFI and go to Software Update. You should be presented with the following popup error:

"Unable to Check for Update: An error occurred while checking for a software update."

In order to delete the pre-existing OTA update from your phone, backup to either computer or icloud (icloud preferred as it saves your app scheme), Delete all content and settings (essentially wiping the phone), then restore from said backup.

This guide will help you preserve the 1-3GB of storage vampirism implemented by apple if you are staying on iOS 6.x

UPDATE 2: This is very troublesome. This method has worked the entire day however I just noticed that the phone's "Other" started filling up again. I went back into OTA update and it showed that it's "preparing update" with the bar showing about 90% done. I have no idea how Apple is doing this with direct intervention from the user.

UPDATE 3: Added appldnld.apple.com to block list. Hopefully blocking both will prevent any further tampering from Apple.

Intell · Sep 27, 2013

The URL to block is mesu.apple.com.

oplix · Sep 27, 2013

Hi, thank you very much for your input. Do you by chance have a source I can review for this information?

Intell · Sep 27, 2013

Look at the XML yourself: http://mesu.apple.com/assets/com_ap...date/com_apple_MobileAsset_SoftwareUpdate.xml

curiosity · Sep 27, 2013

You may try blocking appldnld.apple.com as well.

oplix · Sep 27, 2013

curiosity said:
You may try blocking appldnld.apple.com as well.

updated. Hopefully blocking both will prevent it.

curiosity · Sep 27, 2013

I think the problem is if you restore a backup from when an update has already been searched for and found, then that info will be restored, too. It happened when I restored from iTunes.

oplix · Sep 27, 2013

curiosity said:
I think the problem is if you restore a backup from when an update has already been searched for and found, then that info will be restored, too. It happened when I restored from iTunes.

interesting. I thought about this as well. I'm doing restore from icloud though so I doubt that icloud is holding OTA updates as part of the storage. Never know though.

oplix · Sep 28, 2013

can confirm that backups on icloud don't hold OTA updates within the backup itself. "Other" is showing at 700mb after blocking and restore.

E2EK1EL · Sep 28, 2013

I've added mesu.apple.com and appldnld.apple.com in my router to block those addresses, but it can still find the update on my IP5 and iPad3

One thing I don't understand in your instructions, filtering IP range 192.168.1.1-192.168.1.254. My router is asking for the port numbers, which I don't know what to fill in and if I put a random port number such as 1 - 254, it says "IP address are isn't in LAN IP address subnet"

I notice when you have your Wifi connected and the devices connected to a charger, it will start downloading the update in the background and notify you about the install.

https://forums.macrumors.com/threads/1643932/

oplix · Sep 28, 2013

E2EK1EL said:
I've added mesu.apple.com and appldnld.apple.com in my router to block those addresses, but it can still find the update on my IP5 and iPad3

One thing I don't understand in your instructions, filtering IP range 192.168.1.1-192.168.1.254. My router is asking for the port numbers, which I don't know what to fill in and if I put a random port number such as 1 - 254, it says "IP address are isn't in LAN IP address subnet"

I notice when you have your Wifi connected and the devices connected to a charger, it will start downloading the update in the background and notify you about the install.

https://forums.macrumors.com/threads/1643932/

If you are still finding the update, you are not properly setting up the URL restrictions within your router. To answer your question on the IP range, your router gives any device that's connected to it an IP address. Some routers might use different ranges. Linksys routers use 192.168.1.1 - 192.168.1.254. You want to block the entire range so that regardless of which IP address your router assigns to the device, it will be blocked.

You need to find a tutorial through web search regarding setting up these restrictions properly depending on what brand of router you are using.

curiosity · Sep 28, 2013

Plus, some routers don't support such kind of blocking.

E2EK1EL · Sep 28, 2013

oplix said:
If you are still finding the update, you are not properly setting up the URL restrictions within your router. To answer your question on the IP range, your router gives any device that's connected to it an IP address. Some routers might use different ranges. Linksys routers use 192.168.1.1 - 192.168.1.254. You want to block the entire range so that regardless of which IP address your router assigns to the device, it will be blocked.

You need to find a tutorial through web search regarding setting up these restrictions properly depending on what brand of router you are using.

I've enabled site blocking with mesu.apple.com and appldnld.apple.com, didn;t work. Just to test another site, I used cnn.com and that was blocked successfully.

EDIT: Still stuck LOL

GoofyCyborg · Sep 28, 2013

mesu.apple.com is not the URL to block in order to stop OTA updates from downloading.

appldnld.apple.com is the correct one for me running 6.1.3 as I am unable to update my phone or my 2 iPads using this URL in my routers block list.

I should add that when I did this 7.0 was the latest and although it would show the available update it wouldn't download. Now that iOS 7.0.2 is the latest when I click general>updates I get an error message now

Edit: I just tried it and it found the update, I think apple are changing the update URL to prevent users blocking the url

E2EK1EL · Sep 28, 2013

GoofyCyborg said:
mesu.apple.com is not the URL to block in order to stop OTA updates from downloading.

appldnld.apple.com is the correct one for me running 6.1.3 as I am unable to update my phone or my 2 iPads using this URL in my routers block list.

I should add that when I did this 7.0 was the latest and although it would show the available update it wouldn't download. Now that iOS 7.0.2 is the latest when I click general>updates I get an error message now

Edit: I just tried it and it found the update, I think apple are changing the update URL to prevent users blocking the url

Oh maybe I'm doing things right then??? Because it shows the update, same thing happening to you before and of course I'm not gonna hit it, that's as far as I'm going

Either way, thanks for the help guys.

Intell · Sep 28, 2013

GoofyCyborg said:
mesu.apple.com is not the URL to block in order to stop OTA updates from downloading.

mesu is the correct URL. It's where the XML that iOS checks for the update lives. This URL is hardcoded into all versions of iOS. Once the update has been found at least one time on your iOS device, it'll always show. The only way to clear it is to restore your device. Don't forget to restart your devices after blocking the URL in order to clear out the DNS cache.

The appledl URL is not a good URL to block. It is where iOS gets language, voice, Siri, and Safari security updates from. Computer based iTunes also gets things from there as well. As does QuickTime and other Mac OS X services.

GoofyCyborg · Sep 28, 2013

I have had both URL's blocked but it still downloads the update automatically eventually.

I'm sure apple are using a variety of URL's. i.e. after so many failed attempts try another....

My iPhone is attempting to download the update but the progress bar has been empty the past hour but my iPad 3 without any intervention or request has downloaded the update and I have the red banner on settings yet when I click on settings>update I get an error "an error occurred when checking for an update"

Both mesu.apple.com and appldnld.apple.com are blocked, I have tried entering both into safari and both give the error "cannot open page" so I know they are both blocked but eventually my devices will notify me of the update and in time will eventually download the update without me requesting my devices to do so.

Intell · Sep 28, 2013

GoofyCyborg said:
I have had both URL's blocked but it still downloads the update automatically eventually.

I'm sure apple are using a variety of URL's. i.e. after so many failed attempts try another....

My iPhone is attempting to download the update but the progress bar has been empty the past hour but my iPad 3 without any intervention or request has downloaded the update and I have the red banner on settings yet when I click on settings>update I get an error "an error occurred when checking for an update"

Both mesu.apple.com and appldnld.apple.com are blocked, I have tried entering both into safari and both give the error "cannot open page" so I know they are both blocked but eventually my devices will notify me of the update and in time will eventually download the update without me questing my devices to do so.

There's only one URL it checks. It's possible that you are blocking it incorrectly. Even on an unblocked network, those pages won't load in Safari because there isn't anything at the root of the subdomain for it to load. Check the link I posted previously. That's the exact thing iOS gets from Apple. If you can download or view that, you are not blocking the URL correctly. Don't forget to restart your machines to clear the DNS. If the iOS gets the update XML, even once, and it contains a newer version of iOS than the installed version, it'll download it. It can get the update XML via cellular data or another WiFi network. Once it has the update XML, you can't stop it.

GoofyCyborg · Sep 28, 2013

Umm yes they do load when unblocked, you get a short line of text.

I would unblock them and post a screenshot for you but I can't be bothered to do that right now.

When blocked you get the cannot load page error.

I have tested it on google.com and the block definitely works on the router, strange how my ipad 4 has not downloaded the update and fails with an error message when I manually check yet my ipad 3 downloaded the update to my other space and i get the red banner on settings yet when I manually click on software update in settings i get a failure notice!

On my iphone it shows me that ios 7.0.2 is available but fails to actually download it.

Before you ask I am blocking all ip addresses in the range of 192.168.1.2 - 192.168.1.254 and all devices on the same wifi and subnet. I will have to reset my ipad 3 now to get rid of the update from my other space and i will block access to apple.com see how that goes after a week.

----------

I have just entered http://mesu.apple.com/assets/com_ap...date/com_apple_MobileAsset_SoftwareUpdate.xml into safari and a blank page loads. For some reason the block does not work?

Will try adding http:// to the mesu.apple.com in my router.

Intell · Sep 28, 2013

Depending on your router, you're likely still blocking it incorrectly. Some routers block at the domain level. Others block a specific link or target. Have your router block the XML file itself. For me, nothing loads for mesu.apple.com. It's likely a result of the Akamai CDN not properly caching the pages based on our geographical differences.

E2EK1EL · Sep 28, 2013

Everything is working smoothly now.

I've decided to test it out with the GF's IP4S, connected to my WiFi and leave it on the charger for an hour. Usually it will download iOS 7 and prompts you to install it w/o blocking it.

Special thanks to everyone in here for the help.

EDIT:

Decided to take a peak at the XML file, router has blocked it b/c of the mesu.apple.com URL is in there.

http://mesu.apple.com/assets/com_app...wareUpdate.xml

oplix · Sep 28, 2013

mesu blocks the update check and applenld blocks the actual download. Both should be blocked. Glad you figured it out though.

Intell · Sep 28, 2013

oplix said:
mesu blocks the update check and applenld blocks the actual download. Both should be blocked. Glad you figured it out though.

applenld blocks more than just the OTA update download. It blocks some important things like carrier updates, Siri updates, voice service updates, and Mac OS X updates. It also blocks certain abilities within iTunes and can cause you to not be able to download anything from Apple as the applenld subdomain is where Apple stores files for users to download. Its blocking is not recommended.

braddick · Sep 28, 2013

What happens if you're in Starbucks enjoying your daily Latte and their WIFI kicks in and your iPhone begins again the downloading process?

Intell · Sep 28, 2013

braddick said:
What happens if you're in Starbucks enjoying your daily Latte and their WIFI kicks in and your iPhone begins again the downloading process?

If it gets the XML, then there's no getting rid of the update notification and very little chance you have in stopping it from downloading.

Blocking OTA download through router.

Suspended

macrumors P6

Suspended

macrumors P6

macrumors regular

Suspended

macrumors regular

Suspended

Suspended

macrumors 6502

Suspended

macrumors regular

macrumors 6502

macrumors regular

macrumors 6502

macrumors P6

macrumors regular

macrumors P6

macrumors regular

macrumors P6

macrumors 6502

Suspended

macrumors P6

macrumors 68040

macrumors P6

Our Staff