Update 'Apple Private Relay' managed target list
Hi Team,
Since IOS18 I've started seeing some more URL's that need to be added to this target list:
*.apple-relay.cloudflare.com
*.apple-relay.fastly-edge.com
(there could be more - but these are just what I could see on my network).
Cheers,
Lammi
-
I, too, have found that the private relay target list is now out of date and doesn't block their service when I need it to. I recently joined a Meraki network that did block it successfully, which is how I knew mine was no longer working.
As of now my FWG is showing 4/27/23 10:07PM as the last update to this Firewalla-managed target list.
-
We are blocking icloud private relay per apple's notes here https://developer.apple.com/icloud/prepare-your-network-for-icloud-private-relay/
Allow for network traffic audits
Some enterprise or school networks might be required to audit all network traffic by policy, and your network can block access to Private Relay in these cases. The user will be alerted that they need to either disable Private Relay for your network or choose another network.
The fastest and most reliable way to alert users is to return either a "no error no answer" response or an NXDOMAIN response from your network’s DNS resolver, preventing DNS resolution for the following hostnames used by Private Relay traffic. Avoid causing DNS resolution timeouts or silently dropping IP packets sent to the Private Relay server, as this can lead to delays on client devices.
mask.icloud.com mask-h2.icloud.com
Please sign in to leave a comment.
Comments
3 comments