Universal Link Not Working – Apple Request Blocked by Firewall Due to Geographic Restriction

Question

Created 3d

Replies 2

Boosts 0

Participants 2

Hello,

I’m encountering an issue with Universal Links in my iOS app. After some investigation, I found that the root cause seems to be that Apple’s request through there CDN server to access the .well-known/apple-app-site-association file is blocked by our firewall, which enforces geographic access restrictions as part of our security policy.

Because of this restriction, Apple’s validation or link verification requests are being denied, and the Universal Links are not working as expected.

I’d like to get some guidance from the community or Apple engineers on the following: 1. Does Apple provide an official list of IP ranges or domains that need to be allowed through the firewall for Universal Link validation? 2. Are there alternative methods to handle Universal Link verification in environments with geographic restrictions? 3. Would whitelisting specific Apple services or endpoints be a recommended or safe solution?

Any input or recommendations would be greatly appreciated.

Environment Details: • iOS app using Universal Links • Server protected by a firewall with regional restrictions • AASA file hosted correctly and accessible via browser

Thanks in advance for your help and insights.

Boost

Answer 1

DTS Engineer OP

Apple

2d

Thank you for your post and question. Regrettably, Apple’s range of IP addresses may change, so we request that you open the range to all IP addresses and user-agents. Blocking regionally will cause issues for users in different regions. Apple does not provide a list of IP addresses.

We put all that in this Tech Note TN3155: Debugging universal links | Apple Developer Documentation

Hope this helps, I know this is not the answer you probably wanted.

Albert Pascual   Worldwide Developer Relations.

1

Answer 2

ragu2307 OP

2d

Hi Albert,

Thank you for your quick and detailed response — I really appreciate your time and clarification.

I completely understand from your explanation (and Tech Note TN3155) that Apple’s IP ranges are dynamic and that blocking traffic regionally can cause issues with Universal Links.

However, our app is intentionally available only in a specific country, and we’ve already enforced this restriction through App Store country availability settings as per our business requirements. In addition, our cybersecurity team does not allow opening our domain to regions outside of the targeted country for compliance and data-protection reasons.

Given these constraints, I’d like to know if there are any alternative approaches or recommendations Apple could suggest for Universal Link validation in such restricted environments.

Thank you again for your support and guidance.

Best regards,

Raguraman Asokan

0