Our server team identified the User Agent of Apple CDN.
And allowing a bot access with that UA is fixed this issue.
I hope Apple disclose the details of Apple CDN soon.
Post
Replies
Boosts
Views
Activity
This is our server's apple-app-site-association detail.
curl -v https ://app.example.com/.well-known/apple-app-site-association	 Trying XX.*.XX.*...
TCP_NODELAY set
Connected to app.example.com (XX.*.XX.*) port 443 (#0)
ALPN, offering h2
ALPN, offering http/1.1
successfully set certificate verify locations:
	 CAfile: /etc/ssl/cert.pem
	CApath: none TLSv1.2 (OUT), TLS handshake, Client hello (1):
TLSv1.2 (IN), TLS handshake, Server hello (2):
TLSv1.2 (IN), TLS handshake, Certificate (11):
TLSv1.2 (IN), TLS handshake, Server key exchange (12):
TLSv1.2 (IN), TLS handshake, Server finished (14):
TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
TLSv1.2 (OUT), TLS handshake, Finished (20):
TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
TLSv1.2 (IN), TLS handshake, Finished (20):
SSL connection using TLSv1.2 / ECDHE-ECDSA-AES256-GCM-SHA384
ALPN, server accepted to use h2
Server certificate:
	subject: businessCategory=Private Organization; jurisdictionCountryName=JP; serialNumber=XXXX-XX-XXXXXX; C=JP; ST=Tokyo; L=XXXXXX; O=XXXXXX; OU=XXXXXX; CN=www .example.com
	start date: May	8 00:00:00 2020 GMT
	expire date: Aug	3 12:00:00 2022 GMT
	subjectAltName: host "app.example.com" matched cert's "app.example.com"
	issuer: C=US; O=DigiCert Inc; OU=www .digicert.com; CN=DigiCert ECC Extended Validation Server CA
	SSL certificate verify ok.
Using HTTP2, server supports multi-use
Connection state changed (HTTP/2 confirmed)
Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
Using Stream ID: 1 (easy handle 0x7fade700f600)
> GET /.well-known/apple-app-site-association HTTP/2
> Host: app.example.com
> User-Agent: curl/7.64.1
> Accept: */*
> Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
< HTTP/2 200
< server: Apache
< last-modified: Tue, 25 Aug 2020 05:44:52 GMT
< x-content-type-options: nosniff
< x-xss-protection: 1; mode=block
< content-type: application/json
< date: Thu, 27 Aug 2020 01:56:23 GMT
< content-length: 445
<
{
	"applinks": {
		"apps": [],
		"details": [
			{
				"appID": "XXXXXXXXX2.com.example.APP",
				"paths": ["NOT /aaa/", "*"]
			},{
				"appID": "XXXXXXXXX1.com.example.APP.enterprise.production",
				"paths": ["NOT /aaa/", "*"]
			},{
				"appID": "XXXXXXXXX1.com.example.APP.enterprise.staging",
				"paths": ["NOT /aaa/", "*"]
			}
		]
	} Connection #0 to host app.example.com left intact
}* Closing connection 0
(inserting some spaces in several URLs above due to this forum's restriction)