Well... yes and no.

No website is truly 100% hosted on Akamai.  Meida Content is hosted on
Akamai, where Textual content is still hosted on the original companies
servers.

For example, Yahoo.
 Yahoo serves the textual content, but all the images on the page load
from an akamai cache farm.  (Look at the page source)

As for Akamai servers, good luck.  They're in lots of data centers.
Heck, we have one locally.  You'd be better off just doing a
*.akamai.net. I have no idea if that would work.

Here's my example for Yahoo.

The masthead logo for yahoo is 
http://us.i1.yimg.com/us.yimg.com/i/ww/beta/y3.gif

us.i1.yimg.com is an alais of:
a943.g.akamai.net

which resolves to a local akamai cache server.  For me that is:
208.59.215.35

(This address is 3 hops from my border router)



-----Original Message-----
From: Cisco Clean Access Users and Administrators
[mailto:[log in to unmask]] On Behalf Of Homer Manila
Sent: Friday, October 05, 2007 11:43 AM
To: [log in to unmask]
Subject: Apple Updates

Does anyone have a list of hosts they allow in their traffic rules for 
the unauthenticated role to allow Apple Updates to happen before 
authentication?  I originally allowed:

swscan.apple.com      equals
swquery.apple.com    equals

but they weren't enough, so I did a packet capture and saw that I needed

to allow some akamai servers to get it to work, but obviously I can't do

that, or users will get a
whole slew of sites they shouldn't be getting.

Thoughts?

-- 
--Homer Manila
Network Security Administrator
OIT, American University