3 Replies
      Latest reply: Jan 9, 2017 3:36 PM by eskimo RSS
      jogabonito Level 1 Level 1 (0 points)

        My application fetches content from a CDN like server with a numbered IP (something like 42.42.42.42)  This is over http and not https.  I would like to know whether this traffic will go through if ATS is enabled.  From what I saw, it is not possible to add a numbered IP as an NSExceptionDomain.

        • Re: App Transport Security and Numbered IPs
          eskimo Apple Staff Apple Staff (6,765 points)

          From what I saw, it is not possible to add a numbered IP as an NSExceptionDomains.

          Correct.

          My application fetches content from a CDN like server with a numbered IP (something like 42.42.42.42)

          I recommend against this.  Even if you ignore the ATS side of things, you still have to deal with IPv6-only networks (DNS64/NAT64).  While IPv4 numbers do work in that context, due to the magic of RFC 7050, at least on modern systems, you’re very much relying on a compatibility crutch.  It would be better, IMO, to give each node in your CDN a DNS name.

          This is over http and not https.

          I strongly recommend again using HTTP here.  HTTPS protects the user from various threats, even when the actual content is public.

          I would like to know whether this traffic will go through if ATS is enabled.

          That depends on your OS release:

          • On iOS 10 ATS is not applied to requests that target an IP address.

          • On iOS 9 ATS is applied to requests that target an IP address.  And, as you’ve noted, there’s no way to add an exception for these, so you have to use some wide ranging exception.

          Share and Enjoy

          Quinn “The Eskimo!”
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"

            • Re: App Transport Security and Numbered IPs
              jogabonito Level 1 Level 1 (0 points)

              Thank you for the quick reply!

              Out of curiosity, why is there a difference in behaviour on the applicability of ATS on IP addresses, in iOS10 and iOS9?

                • Re: App Transport Security and Numbered IPs
                  eskimo Apple Staff Apple Staff (6,765 points)

                  Out of curiosity, why is there a difference in behaviour on the applicability of ATS on IP addresses, in iOS10 and iOS9?

                  Honestly, I don’t know for sure.  I suspect it was tied into the implementation of NSAllowsLocalNetworking (it’s very hard to determine what is a local IP address in the general case) but that’s not something I ever managed to confirm.

                  Share and Enjoy

                  Quinn “The Eskimo!”
                  Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                  let myEmail = "eskimo" + "1" + "@apple.com"