Subject: | |
From: | |
Reply To: | |
Date: | Fri, 5 Oct 2007 11:53:38 -0400 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Well... yes and no.
No website is truly 100% hosted on Akamai. Meida Content is hosted on
Akamai, where Textual content is still hosted on the original companies
servers.
For example, Yahoo.
Yahoo serves the textual content, but all the images on the page load
from an akamai cache farm. (Look at the page source)
As for Akamai servers, good luck. They're in lots of data centers.
Heck, we have one locally. You'd be better off just doing a
*.akamai.net. I have no idea if that would work.
Here's my example for Yahoo.
The masthead logo for yahoo is
http://us.i1.yimg.com/us.yimg.com/i/ww/beta/y3.gif
us.i1.yimg.com is an alais of:
a943.g.akamai.net
which resolves to a local akamai cache server. For me that is:
208.59.215.35
(This address is 3 hops from my border router)
-----Original Message-----
From: Cisco Clean Access Users and Administrators
[mailto:[log in to unmask]] On Behalf Of Homer Manila
Sent: Friday, October 05, 2007 11:43 AM
To: [log in to unmask]
Subject: Apple Updates
Does anyone have a list of hosts they allow in their traffic rules for
the unauthenticated role to allow Apple Updates to happen before
authentication? I originally allowed:
swscan.apple.com equals
swquery.apple.com equals
but they weren't enough, so I did a packet capture and saw that I needed
to allow some akamai servers to get it to work, but obviously I can't do
that, or users will get a
whole slew of sites they shouldn't be getting.
Thoughts?
--
--Homer Manila
Network Security Administrator
OIT, American University
|
|
|