Apple introduced privacy protection measures in macOS Monterey and iOS 15 which use a network of randomly assigned IPs to act as proxies when loading (amongst other things) email content. Does anyone know, or know how I can find out, what the network ranges of these services are?
Asked
Active
Viewed 280 times
1 Answers
2
When Apple users allow the settings
- Maintain General Location allows sites to show you localized content in Safari, while your IP address stays hidden
- Use Country and Time Zone uses a broader location for your IP address, still within your country and time zone
Apple currently publishes the IP-address ranges they use (for the purpose of populating Geo-IP databases) on their API here:
https://mask-api.icloud.com/egress-ip-ranges.csv
(Source: https://developer.apple.com/support/prepare-your-network-for-icloud-private-relay)
To prevent users in your network from using Apple's privacy protection proxies Apple does not publish the IP-address ranges in use (as far as I know) and instead they recommend:
The fastest and most reliable way to alert users is to return either a "no error no answer" response or an NXDOMAIN response from your network’s DNS resolver, preventing DNS resolution for the following hostnames used by Private Relay traffic.
and block in your DNS
mask.icloud.commask-h2.icloud.com
Bob
- 5,335
- 5
- 24
-
Perfect, thanks – Synchro Nov 26 '21 at 14:26