Skip to main content

Mobile Apps not working when the browser version is allowed

Updated

This article explains how to stop App versions of allowed websites from failing to connect when the website version works in a browser.

Applications often use certificate pinning. When you filter web traffic using the Smoothwall On-Premise Appliance on your network and have HTTPS Policies configured to Decrypt and Inspect traffic, a certificate key is created to encrypt traffic from the Smoothwall Filter to the client. The application compares its certificate key with the one generated by Smoothwall Filter and rejects the traffic because they don’t match.

You can either:

  • Advise users to use the browser version only.
  • Follow the instructions in this article to bypass HTTPS inspection for the domain the application is trying to access. You can apply these steps to many apps, including but not limited to:
    • Facebook
    • Facebook Messenger
    • X (Twitter)
    • Pinterest
    • YouTube
    • WhatsApp
    • Dropbox

  Important

Following these steps means Smoothwall Filter can’t filter and block content for these apps.

1: Check existing categories

Check our Categories and Signatures list to see if a Category exists for the app. For example, the Social Networking > Facebook Category.

  • If a Category exists, go to Step 4.
  • If a Category doesn’t exist, go to Step 2.

  Tip

If you think we should add a new Category, let us know using our feedback form.

2: Identify the domains

  1. Open the app on a test device with no other apps running.
  2. Use the Web Filter Realtime Report:
    1. Enter the IP address in the Source IP field to show results for your testing IP address.
    2. Enter Denied into the Category field to show only blocked results.
    3. Look for rows with a red background with no Category.
  3. Make a list of all domains from these rows. If multiple entries share the same top-level domain, use the top-level domain.

3: Add a Custom Category

Add a Custom Category, then enter the domains in the Domain/URL section.

4: Add a Web Filter Policy

  1. Add a Web Filter Policy to Allow your Custom or Existing Category or multiple Categories.
  2. If Web Filter Policies block browser versions, move the Allow policy above any Block policies.

5: Add a HTTPS Inspection Policy

  1. Add a HTTPS Inspection policy for the same categories, with Validate certificate only as the Action.
  2. Move this policy above any HTTPS Inspection Policies that Decrypt and Inspect everything.

6: Review regularly

As app domains and URLs often change, review your policies regularly.

  • Check for newly added built-in Categories, which we keep up to date.
  • If you need to keep your Custom Category, update it with new domains and URLs as needed.