Skip to main content

Mobile Apps not working when the browser version is allowed

Updated
This article applies only to the Smoothwall On-Premise Appliance, not to our Cloud products.

This article outlines how to stop App versions of allowed websites from failing to connect. You can apply these steps to many apps, including but not limited to:

  • Facebook
  • Facebook Messenger
  • X (Twitter)
  • Pinterest
  • YouTube
  • WhatsApp
  • Dropbox

Applications often use certificate pinning. When you have HTTPS Policies to Decrypt and Inspect traffic, a new certificate key is created to encrypt the traffic going from the web filter to the client. The application compares its certificate key with the one generated by Smoothwall and rejects the traffic because they don’t match. This happens even when the website version works in a browser.

You can either:

  • Advise users to use the browser version only.
  • Follow the instructions in this article to bypass HTTPS inspection for the domain the application is trying to access.

      Important

    Bypassing HTTPS inspection means content will not be filtered.

Step 1: Check existing categories

Check our Categories and Signatures list to see if a Category exists for the app. For example, the Social Networking > Facebook Category.

  • If a Category exists, go to Step 4.
  • If a Category doesn’t exist, go to Step 2.

      Tip

    If you think we should add a new Category, let us know using our feedback form.

Step 2: Identify the domains

If you don’t know all the domains for the app, use the Realtime Report to identify them.

  1. Go to Reports > Realtime > Web filter.
  2. Enter the IP address in the Source IP field to show results for your testing IP address.
  3. Enter Denied into the Category field to show only blocked results.
  4. Open the app on a test device with no other apps running.
  5. In the Realtime Report, look for rows with a red background with no Category.
  6. Make a list of all domains from these rows. If multiple entries share the same top-level domain, you can just use the top-level domain.

Step 3: Create a Custom Category

Create a Custom Category and enter the domains into the Domain/URL section.

Step 4: Create a Web Filter Policy

  1. Create a Web Filter Policy to Allow your Custom or Existing Category or multiple Categories.
  2. If Web Filter Policies block browser versions, move the Allow policy above any Block policies.

Step 5: Set up a HTTPS Inspection Policy

  1. Create a HTTPS Inspection policy for the same category, with Validate certificate only as the Action.
  2. Move this policy above any HTTPS Inspection Policies that Decrypt and Inspect everything.

Step 6: Review regularly

As app domains and URLs often change, review your policies regularly.

  • Check for newly added built-in Categories, which we keep updated.
  • If you need to keep your Custom Category, update it with new domains and URLs as needed.