Save the Day With Fiddler (or, Stop Barracuda From Blocking the iTunes Store)
Recently at work, we in IT were puzzled when a fellow employee called to report that the iTunes Store would not load on iTunes for computers on our network. The problem occurred only on our network and was not Mac or Windows specific.
Fiddler came to the rescue. Fiddler is a freeware tool that logs and allows you to inspect all HTTP traffic between your computer and the network (and thus Internet). I first heard about it at a conference when learning how to debug Ajax applications. It was especially useful when doing so with IE since there was no Firebug for IE (ahem, this is before the days of Firebug Lite and other such tools). I never really looked at it closely because, well, why do that when you could use Firebug and Firefox? 
Well, it came in handy for this problem. The HTTP traffic between iTunes and the iTunes Store is less apparent since it is behind Apple’s veil of the iTunes interface. Fiddler revealed the exact domain names and in fact full URLs that were being requested, as well as the returned results. It was immediately apparent that our Barracuda Web Filter was blocking the request, so iTunes just reported that it could not connect to the iTunes Store. When we white-listed the requested domain, everything began functioning fine.
Everything had been working fine with iTunes in the past. But Barracuda updates its black list automatically. So when Barracuda apparently added certain iTunes Store domain names into its black list, namely phobos.apple.com, our hardware eventually updated its lists and began blocking iTunes Store traffic on our network.
Lesson #1: Beware the pitfalls of subscription services like Barracuda’s. They have their benefits, but they certainly can catch you unawares. Lesson #2: Use Fiddler. It is great for a lot more than web development debugging. It’s a convenient early stage network debugging tool. Lesson #3: Don’t discount the supposed dross at conferences that you think doesn’t apply to you. Perhaps years after you hear about something, you might finally come to have a need for it.
January 9th, 2010 at 3:38 pm
You would be amazed at the UDP/TCP requests that go out from a single webpage. There are web services being called, ad servers, phone homes, tracking cookies, and all sorts of I/O transactions taking place. It is a misconception that visiting a single web page is like going to a single IP address. In fact many malware is installed undetected in just this manner, with an unseen TCP/UDP call. Some Internet Filtering solutions will be set up to block a know problematic UDP or TCP address, and this will have the unintended consequence of blocking a larger application, like, in your case, iTunes. Thanks for the heads up on Fiddler, I’m going to check it out.
Best,
Jim