Blocking OTA download through router.

Discussion in 'iOS 6' started by oplix, Sep 27, 2013.

  1. oplix, Sep 27, 2013
    Last edited: Sep 27, 2013

    oplix Suspended

    oplix

    Joined:
    Jun 29, 2008
    Location:
    New York, NY
    #1
    I'm becoming very concerned with the way Apple is doing business as of late especially getting on this morning and noticing an article stating ios7 is automatically downloaded to the device without user permission. So I check my phone and yes, ios7 has managed to creep itself onto my phone without any input from me. Download and Install has simply become Install.

    Update: I've successfully blocked OTA updates through my router with help of Intell's suggestion.

    On my Linksys E2000 I created a new Access Restrictions policy blocking URLS:

    mesu.apple.com
    appldnld.apple.com

    filtering IP range 192.168.1.1-192.168.1.254 - this essentially blocks all connecting devices to the router from accessing the culprit (mesu.apple.com). TIP: do not add access restrictions such as HTTP or DNS to the policy as these aren't specific to the url itself and function as a global block.

    As an extra precaution you could add your iphone's WIFI mac address to the access restriction as well. This can be found from Settings>About

    To make sure you have done this correctly, connect to WIFI and go to Software Update. You should be presented with the following popup error:

    "Unable to Check for Update: An error occurred while checking for a software update."

    In order to delete the pre-existing OTA update from your phone, backup to either computer or icloud (icloud preferred as it saves your app scheme), Delete all content and settings (essentially wiping the phone), then restore from said backup.

    This guide will help you preserve the 1-3GB of storage vampirism implemented by apple if you are staying on iOS 6.x

    UPDATE 2: This is very troublesome. This method has worked the entire day however I just noticed that the phone's "Other" started filling up again. I went back into OTA update and it showed that it's "preparing update" with the bar showing about 90% done. I have no idea how Apple is doing this with direct intervention from the user.

    UPDATE 3: Added appldnld.apple.com to block list. Hopefully blocking both will prevent any further tampering from Apple.
     
  2. Intell macrumors P6

    Intell

    Joined:
    Jan 24, 2010
    Location:
    Inside
  3. oplix thread starter Suspended

    oplix

    Joined:
    Jun 29, 2008
    Location:
    New York, NY
    #3
    Hi, thank you very much for your input. Do you by chance have a source I can review for this information?
     
  4. curiosity macrumors regular

    Joined:
    Sep 3, 2013
    #5
    You may try blocking appldnld.apple.com as well.
     
  5. oplix thread starter Suspended

    oplix

    Joined:
    Jun 29, 2008
    Location:
    New York, NY
    #6
    updated. Hopefully blocking both will prevent it.
     
  6. curiosity macrumors regular

    Joined:
    Sep 3, 2013
    #7
    I think the problem is if you restore a backup from when an update has already been searched for and found, then that info will be restored, too. It happened when I restored from iTunes.
     
  7. oplix thread starter Suspended

    oplix

    Joined:
    Jun 29, 2008
    Location:
    New York, NY
    #8
    interesting. I thought about this as well. I'm doing restore from icloud though so I doubt that icloud is holding OTA updates as part of the storage. Never know though.
     
  8. oplix thread starter Suspended

    oplix

    Joined:
    Jun 29, 2008
    Location:
    New York, NY
    #9
    can confirm that backups on icloud don't hold OTA updates within the backup itself. "Other" is showing at 700mb after blocking and restore.
     
  9. E2EK1EL, Sep 28, 2013
    Last edited: Sep 28, 2013

    E2EK1EL macrumors 6502

    Joined:
    Nov 19, 2012
    #10
    I've added mesu.apple.com and appldnld.apple.com in my router to block those addresses, but it can still find the update on my IP5 and iPad3

    One thing I don't understand in your instructions, filtering IP range 192.168.1.1-192.168.1.254. My router is asking for the port numbers, which I don't know what to fill in and if I put a random port number such as 1 - 254, it says "IP address are isn't in LAN IP address subnet"

    I notice when you have your Wifi connected and the devices connected to a charger, it will start downloading the update in the background and notify you about the install.

    http://forums.macrumors.com/showthread.php?t=1643932
     
  10. oplix thread starter Suspended

    oplix

    Joined:
    Jun 29, 2008
    Location:
    New York, NY
    #11
    If you are still finding the update, you are not properly setting up the URL restrictions within your router. To answer your question on the IP range, your router gives any device that's connected to it an IP address. Some routers might use different ranges. Linksys routers use 192.168.1.1 - 192.168.1.254. You want to block the entire range so that regardless of which IP address your router assigns to the device, it will be blocked.

    You need to find a tutorial through web search regarding setting up these restrictions properly depending on what brand of router you are using.
     
  11. curiosity macrumors regular

    Joined:
    Sep 3, 2013
    #12
    Plus, some routers don't support such kind of blocking.
     
  12. E2EK1EL, Sep 28, 2013
    Last edited: Sep 28, 2013

    E2EK1EL macrumors 6502

    Joined:
    Nov 19, 2012
    #13
    I've enabled site blocking with mesu.apple.com and appldnld.apple.com, didn;t work. Just to test another site, I used cnn.com and that was blocked successfully.

    EDIT: Still stuck LOL
     
  13. GoofyCyborg, Sep 28, 2013
    Last edited: Sep 28, 2013

    GoofyCyborg macrumors member

    Joined:
    Sep 23, 2013
    Location:
    Wales, UK
    #14
    mesu.apple.com is not the URL to block in order to stop OTA updates from downloading.

    appldnld.apple.com is the correct one for me running 6.1.3 as I am unable to update my phone or my 2 iPads using this URL in my routers block list.

    I should add that when I did this 7.0 was the latest and although it would show the available update it wouldn't download. Now that iOS 7.0.2 is the latest when I click general>updates I get an error message now

    Edit: I just tried it and it found the update, I think apple are changing the update URL to prevent users blocking the url
     
  14. E2EK1EL, Sep 28, 2013
    Last edited: Sep 28, 2013

    E2EK1EL macrumors 6502

    Joined:
    Nov 19, 2012
    #15
    Oh maybe I'm doing things right then??? Because it shows the update, same thing happening to you before and of course I'm not gonna hit it, that's as far as I'm going

    Either way, thanks for the help guys.
     
  15. Intell macrumors P6

    Intell

    Joined:
    Jan 24, 2010
    Location:
    Inside
    #16
    mesu is the correct URL. It's where the XML that iOS checks for the update lives. This URL is hardcoded into all versions of iOS. Once the update has been found at least one time on your iOS device, it'll always show. The only way to clear it is to restore your device. Don't forget to restart your devices after blocking the URL in order to clear out the DNS cache.

    The appledl URL is not a good URL to block. It is where iOS gets language, voice, Siri, and Safari security updates from. Computer based iTunes also gets things from there as well. As does QuickTime and other Mac OS X services.
     
  16. GoofyCyborg, Sep 28, 2013
    Last edited: Sep 28, 2013

    GoofyCyborg macrumors member

    Joined:
    Sep 23, 2013
    Location:
    Wales, UK
    #17
    I have had both URL's blocked but it still downloads the update automatically eventually.

    I'm sure apple are using a variety of URL's. i.e. after so many failed attempts try another....

    My iPhone is attempting to download the update but the progress bar has been empty the past hour but my iPad 3 without any intervention or request has downloaded the update and I have the red banner on settings yet when I click on settings>update I get an error "an error occurred when checking for an update"

    Both mesu.apple.com and appldnld.apple.com are blocked, I have tried entering both into safari and both give the error "cannot open page" so I know they are both blocked but eventually my devices will notify me of the update and in time will eventually download the update without me requesting my devices to do so.
     
  17. Intell macrumors P6

    Intell

    Joined:
    Jan 24, 2010
    Location:
    Inside
    #18

    There's only one URL it checks. It's possible that you are blocking it incorrectly. Even on an unblocked network, those pages won't load in Safari because there isn't anything at the root of the subdomain for it to load. Check the link I posted previously. That's the exact thing iOS gets from Apple. If you can download or view that, you are not blocking the URL correctly. Don't forget to restart your machines to clear the DNS. If the iOS gets the update XML, even once, and it contains a newer version of iOS than the installed version, it'll download it. It can get the update XML via cellular data or another WiFi network. Once it has the update XML, you can't stop it.
     
  18. GoofyCyborg macrumors member

    Joined:
    Sep 23, 2013
    Location:
    Wales, UK
    #19
    Umm yes they do load when unblocked, you get a short line of text. :cool:

    I would unblock them and post a screenshot for you but I can't be bothered to do that right now.

    When blocked you get the cannot load page error.

    I have tested it on google.com and the block definitely works on the router, strange how my ipad 4 has not downloaded the update and fails with an error message when I manually check yet my ipad 3 downloaded the update to my other space and i get the red banner on settings yet when I manually click on software update in settings i get a failure notice!

    On my iphone it shows me that ios 7.0.2 is available but fails to actually download it.

    Before you ask I am blocking all ip addresses in the range of 192.168.1.2 - 192.168.1.254 and all devices on the same wifi and subnet. I will have to reset my ipad 3 now to get rid of the update from my other space and i will block access to apple.com see how that goes after a week.

    ----------

    I have just entered http://mesu.apple.com/assets/com_ap...date/com_apple_MobileAsset_SoftwareUpdate.xml into safari and a blank page loads. For some reason the block does not work?

    Will try adding http:// to the mesu.apple.com in my router.
     
  19. Intell macrumors P6

    Intell

    Joined:
    Jan 24, 2010
    Location:
    Inside
    #20
    Depending on your router, you're likely still blocking it incorrectly. Some routers block at the domain level. Others block a specific link or target. Have your router block the XML file itself. For me, nothing loads for mesu.apple.com. It's likely a result of the Akamai CDN not properly caching the pages based on our geographical differences.
     
  20. E2EK1EL macrumors 6502

    Joined:
    Nov 19, 2012
    #21
    Everything is working smoothly now.

    I've decided to test it out with the GF's IP4S, connected to my WiFi and leave it on the charger for an hour. Usually it will download iOS 7 and prompts you to install it w/o blocking it.

    Special thanks to everyone in here for the help.

    EDIT:

    Decided to take a peak at the XML file, router has blocked it b/c of the mesu.apple.com URL is in there.

    http://mesu.apple.com/assets/com_app...wareUpdate.xml
     
  21. oplix thread starter Suspended

    oplix

    Joined:
    Jun 29, 2008
    Location:
    New York, NY
    #22
    mesu blocks the update check and applenld blocks the actual download. Both should be blocked. Glad you figured it out though.
     
  22. Intell macrumors P6

    Intell

    Joined:
    Jan 24, 2010
    Location:
    Inside
    #23
    applenld blocks more than just the OTA update download. It blocks some important things like carrier updates, Siri updates, voice service updates, and Mac OS X updates. It also blocks certain abilities within iTunes and can cause you to not be able to download anything from Apple as the applenld subdomain is where Apple stores files for users to download. Its blocking is not recommended.
     
  23. braddick macrumors 68040

    braddick

    Joined:
    Jun 28, 2009
    Location:
    Encinitas, CA
    #24
    What happens if you're in Starbucks enjoying your daily Latte and their WIFI kicks in and your iPhone begins again the downloading process?
     
  24. Intell macrumors P6

    Intell

    Joined:
    Jan 24, 2010
    Location:
    Inside
    #25
    If it gets the XML, then there's no getting rid of the update notification and very little chance you have in stopping it from downloading.
     

Share This Page