Is this a genuine Apple sub domain?

HunterBD wrote:

That's exactly what I see too:- https://www.apple.com/filenotfound

I see the subdomain I described each and every time I wish to log in to the Apple Support Communities.

I'm no expert, but I'm aware that I might be being redirected to anywhere on the Internet!

The answers I've received are 'interesting' - I'm not yet dissuaded from posting here!

Well, the system provides you with a very simple way to verify that the sub-domain address is legit (I now see where you got this from, and as has been indicated multiple times, it is an internal sub-domain and not intended for you to just go to.

Firefox provides the info on the domain in the following manner:

Safari provides it like this:

In both cases, you can see that the browser software has verified the site, and that it is a legitimate Apple site. The whole point of certification is to ensure that you are going to a valid site and not being re-directed to anything that you shouldn't be.

I use Firefox exclusively on my Mac so I don't know how Safari behaves, but when a site is attempting to re-direct me and Firefox cannot validate the path or the certificate, I get a warning telling me what is about to happen and giving me the option to not allow it.

So, unless you think that both the Mac security and the browser security are likely to fail, you really don't need to concern yourself with this. Use the tools that the browser provides to find out information about any site you are going to.

Best,

GB

I made an assumption which I shouldn't have - I was wrong for the "open" forum, but not for "The Lounge" forums ( Levels and Perks )

What you describe would happen if a post or thread was "moved" by the Hosts to a "closed" forum available only to them - placed there for discussion about it being in violation of the Apple Support Communities Use Agreement (ToU for short)

You cannot Reply unless you are logged in - how would the system "know" you as a guest?

You could remove the cookie, but it would simply come back - you cannot operate in Apple's "member" areas without cookies - period

Hello Asinrutee,

The only place you need to look is in one of your own threads: Does Etrecheck have the blessing/approval of Apple itself?

I clearly explained what this site was all about when you asked about it then. Someone had given you a deep link that resulted in an error. I had give you a more shallow link that properly routed through the https://idmsa.apple.com/ authentication site. My reply is on page 3. I will quote it just so there is no confusion:

Mar 26, 2018 4:23 PM in response to HunterBD

HunterBD wrote:

Is there a simple reason?

Apple uses a single authentication system for any Apple site that requires Apple ID authentication. This authentication system requires you to log in with an Apple ID that has access to the requested resource.

If your Apple ID doesn't have access to the requested site, then you will be taken to a landing page where you may be able to request access. If your Apple ID does have access to the site, you will be immediately redirected into the site.

If you attempt to access a deep link into a site that requires authentication, then you may bypass that landing page and not have an opportunity to request access. That is what happened in this case. About 18 months ago, Apple re-designed the bug reporter to have a more modern web interface circa 2006. As part of that, it now redirects users into the "/web/" subdirectory. If you login to the bug reporter and copy the URL from the address bar, you are going to get the "/web/" subdirectory.

I manually removed the "/web/" subdirectory before I pasted my URL. I manually edit pretty much every Apple URL I post because they all have some funky redirection scheme. So yes, there was most definitely some "doctoring" of URLs. I "doctored" the URL I posted. Sometimes I doctor Apple URLs to ensure that users hit the proper landing page. Other times, I doctor Apple URLs to ensure that the user will be redirected to a version of a page more appropriate for their language and region instead of mine.

Now, is that a "simple" reason? The answer is yes. The simple reason is that you are automatically assuming conspiracy and malicious intent where there is none. Everyone who answers questions in this forum does so because they are trying to help people. As this is the public internet, there are always some scammers or bad actors with malicious intent. But in most cases, those people are spotted and reported right away. Then Apple's moderation team quickly removes their posts. But if a Level 6, like LACAllen with 16,295 points, posts a link, you can safely click on it. That's why we have the points and the levels.

Everybody here is always learning and trying to do their best. In fact, most people are always learning and trying to do their best. Maybe they write an antivirus apps like ClamXAV. Maybe it reports a false positive one day. Someone files a bug report about it and they fix it. They do better next time. Does that mean they deserve to be incessantly hounded across the internet for that one mistake years ago?

Sometimes people make mistakes. But they learn, try to do better, and eventually develop a good reputation. Other people never learn from their mistakes. They repeat them and develop a bad reputation. Which group do you want to be in?

Please note my added emphasis on that last paragraph.

It is Apple's centralized sign on page, and safe to use. You should notice it in the address bar whenever you log into one of Apple's secure sites. I have no idea what the letters represent, though it is probably safe to assume it is an acronym of sorts.

tt2

The direct link doesn't work because no one is supposed to go there directly. They will be redirected from a sign on page, to a particular page within the subdomain, complete with parameters related to the logon.

tt2

It is the subdomain for the Apple ID login "system" - there is no choice in the matter if you are to be logged into Apple's Community, Online Store or GetSupport systems - on iTunes and iOS App Store, those are "using" the system without showing it.

Tell me, though - how do you KNOW that it is "safe to use'?

That answer is the same as literally anywhere else on the web. You don't. You have to put your trust in the people running the site that it's legitimate. I for one have no reason to distrust Apple, Adobe, Quark, and many other well known vendors.

Software is no different. Some disgruntled employee may have slipped some type of trigger into InDesign that requires a specific and rare combination of instances to delete your personal files. Adobe, like any large software developer, has engineers whose job is to look over all final code for mistakes and for things that aren't supposed to be there. So it's unlikely to happen from them. But with thousands of titles out there for software many people will say is safe, you can't really know it is.

Safe is a clearly a relative term. If you see that subdomain while logging into one of Apple sites then it is to be expected, and your interactions with the site should be secure within the context of HTTPS. If your computer is otherwise compromised then it is still possible that the act of signing in to any secure website could provide an attacker with information you didn't want to share, but that isn't what we're talking about. Does idmsa.apple.com belong to Apple? Yes. Should I be concerned if I see that address in the bar when I'm being asked for my login credentials for Apple Support Communities or other Apple community or support sites? No.

tt2

You need to understand how web servers use domains and subdomains. apple.com is a domain belonging to apple. It has a DNS registration and all web access is directed to the registered owner's servers, in this case Apple. A subdomain is the part in front of the domain, so xyz.apple.com is accessible only from the apple.com domain not from anywhere else like xyz.somespammerdomain.invalid. If apple.com or its subdomains are redirected to some spam site there is a major DNS system issue or Apple has been hacked.

You'll have to accept that the system works as designed as it has since the beginning of the Internet and DNS.

ChitlinsCC wrote:

IF you are currently logged in you go straight to the post - if not you goto the login page first

(login state is "kept" in a cookie, whether you have an ASC window open or not)

That depends on random selection and the state of weather at some equally random location on the planet Zog. Getting forcibly logged out seems to be a totally unpredictable event, sometimes I can go many hours and still be logged in, sometimes I login then have to login again 5 minutes later.