NSAllowsArbitraryLoads not working for ip address

I was able to access this URL, http://152.111.198.244 , using the "Allow arbitrary downloads in my Info.plist in Xcode 7.1 and Simulator 9.1:

• Security Settings for Application Transport: Dictionary
  • Allow arbitrary loads: Boolean = YES

Screenshot:

I used the following code:

 let url = NSURL(string: "http://152.111.198.244")! let task = NSURLSession.sharedSession().dataTaskWithURL(url) {(data, response, error) -> Void in print("response \(response!)") } task.resume() 

Here is the answer I received:

 response <NSHTTPURLResponse: 0x7fe1a2421f80> { URL: http://152.111.198.244/auth/login } { status code: 200, headers { "Cache-Control" = "no-cache"; Connection = "Keep-Alive"; "Content-Encoding" = gzip; "Content-Length" = 1138; "Content-Type" = "text/html; charset=UTF-8"; Date = "Fri, 23 Oct 2015 09:33:59 GMT"; "Keep-Alive" = "timeout=5, max=98"; Server = "Apache/2.4.7 (Ubuntu)"; "Set-Cookie" = "XSRF-TOKEN=eyJpdiI6IldBOWYxcDk3SEtMekJ3YTNSUm9mYUE9PSIsInZhbHVlIjoiTFBcL3RGWW10cjlONFFkeXY1ZDA4SWRkSURIYlFsOGE3QkFEV3hRNTVwRFJuWSt5SXN3OU55Sng4elduMHd1T1duV0VFQ1o4dDVjeDJTZGRFeXJxMjN3PT0iLCJtYWMiOiJiZjNmOTg0NTZmY2RkMGQzNmE2YWEyNjJiNzA1MDlmZjIwM2M3NWYyNjYwZjM5N2Q3ZTgxNjRjNzAzMGYzYmMzIn0%3D; expires=Fri, 23-Oct-2015 11:33:59 GMT; Max-Age=7200; path=/, laravel_session=eyJpdiI6InR5OSs3cmpObVRBbFhORnVJQjRvWFE9PSIsInZhbHVlIjoiSTJ2bk41RVVLZUR1a0xKbFwvalZXQWpsNEtWeHppUVpYVUlRM1ZjQXc5aDJxT1wvXC9uYkViaTQ0SCtGNTMrdmtiQXFOd0VJTFwvM0ZCbmFHZk5MWlwvZ3BBUT09IiwibWFjIjoiYjRmNzcxY2Q5NDFlZjYzZTI1YzU2YzI0YTkxM2M0NDg0MGY2YThiODIxOGZjOTgxYjNmM2FlZTkzZGMyZTdjOCJ9; expires=Fri, 23-Oct-2015 11:33:59 GMT; Max-Age=7200; path=/; httponly"; Vary = "Accept-Encoding"; "X-Powered-By" = "PHP/5.5.9-1ubuntu4.11"; } } -TOKEN = eyJpdiI6IldBOWYxcDk3SEtMekJ3YTNSUm9mYUE9PSIsInZhbHVlIjoiTFBcL3RGWW10cjlONFFkeXY1ZDA4SWRkSURIYlFsOGE3QkFEV3hRNTVwRFJuWSt5SXN3OU55Sng4elduMHd1T1duV0VFQ1o4dDVjeDJTZGRFeXJxMjN3PT0iLCJtYWMiOiJiZjNmOTg0NTZmY2RkMGQzNmE2YWEyNjJiNzA1MDlmZjIwM2M3NWYyNjYwZjM5N2Q3ZTgxNjRjNzAzMGYzYmMzIn0% 3D; expires = Fri, response <NSHTTPURLResponse: 0x7fe1a2421f80> { URL: http://152.111.198.244/auth/login } { status code: 200, headers { "Cache-Control" = "no-cache"; Connection = "Keep-Alive"; "Content-Encoding" = gzip; "Content-Length" = 1138; "Content-Type" = "text/html; charset=UTF-8"; Date = "Fri, 23 Oct 2015 09:33:59 GMT"; "Keep-Alive" = "timeout=5, max=98"; Server = "Apache/2.4.7 (Ubuntu)"; "Set-Cookie" = "XSRF-TOKEN=eyJpdiI6IldBOWYxcDk3SEtMekJ3YTNSUm9mYUE9PSIsInZhbHVlIjoiTFBcL3RGWW10cjlONFFkeXY1ZDA4SWRkSURIYlFsOGE3QkFEV3hRNTVwRFJuWSt5SXN3OU55Sng4elduMHd1T1duV0VFQ1o4dDVjeDJTZGRFeXJxMjN3PT0iLCJtYWMiOiJiZjNmOTg0NTZmY2RkMGQzNmE2YWEyNjJiNzA1MDlmZjIwM2M3NWYyNjYwZjM5N2Q3ZTgxNjRjNzAzMGYzYmMzIn0%3D; expires=Fri, 23-Oct-2015 11:33:59 GMT; Max-Age=7200; path=/, laravel_session=eyJpdiI6InR5OSs3cmpObVRBbFhORnVJQjRvWFE9PSIsInZhbHVlIjoiSTJ2bk41RVVLZUR1a0xKbFwvalZXQWpsNEtWeHppUVpYVUlRM1ZjQXc5aDJxT1wvXC9uYkViaTQ0SCtGNTMrdmtiQXFOd0VJTFwvM0ZCbmFHZk5MWlwvZ3BBUT09IiwibWFjIjoiYjRmNzcxY2Q5NDFlZjYzZTI1YzU2YzI0YTkxM2M0NDg0MGY2YThiODIxOGZjOTgxYjNmM2FlZTkzZGMyZTdjOCJ9; expires=Fri, 23-Oct-2015 11:33:59 GMT; Max-Age=7200; path=/; httponly"; Vary = "Accept-Encoding"; "X-Powered-By" = "PHP/5.5.9-1ubuntu4.11"; } } ; expires = Fri, response <NSHTTPURLResponse: 0x7fe1a2421f80> { URL: http://152.111.198.244/auth/login } { status code: 200, headers { "Cache-Control" = "no-cache"; Connection = "Keep-Alive"; "Content-Encoding" = gzip; "Content-Length" = 1138; "Content-Type" = "text/html; charset=UTF-8"; Date = "Fri, 23 Oct 2015 09:33:59 GMT"; "Keep-Alive" = "timeout=5, max=98"; Server = "Apache/2.4.7 (Ubuntu)"; "Set-Cookie" = "XSRF-TOKEN=eyJpdiI6IldBOWYxcDk3SEtMekJ3YTNSUm9mYUE9PSIsInZhbHVlIjoiTFBcL3RGWW10cjlONFFkeXY1ZDA4SWRkSURIYlFsOGE3QkFEV3hRNTVwRFJuWSt5SXN3OU55Sng4elduMHd1T1duV0VFQ1o4dDVjeDJTZGRFeXJxMjN3PT0iLCJtYWMiOiJiZjNmOTg0NTZmY2RkMGQzNmE2YWEyNjJiNzA1MDlmZjIwM2M3NWYyNjYwZjM5N2Q3ZTgxNjRjNzAzMGYzYmMzIn0%3D; expires=Fri, 23-Oct-2015 11:33:59 GMT; Max-Age=7200; path=/, laravel_session=eyJpdiI6InR5OSs3cmpObVRBbFhORnVJQjRvWFE9PSIsInZhbHVlIjoiSTJ2bk41RVVLZUR1a0xKbFwvalZXQWpsNEtWeHppUVpYVUlRM1ZjQXc5aDJxT1wvXC9uYkViaTQ0SCtGNTMrdmtiQXFOd0VJTFwvM0ZCbmFHZk5MWlwvZ3BBUT09IiwibWFjIjoiYjRmNzcxY2Q5NDFlZjYzZTI1YzU2YzI0YTkxM2M0NDg0MGY2YThiODIxOGZjOTgxYjNmM2FlZTkzZGMyZTdjOCJ9; expires=Fri, 23-Oct-2015 11:33:59 GMT; Max-Age=7200; path=/; httponly"; Vary = "Accept-Encoding"; "X-Powered-By" = "PHP/5.5.9-1ubuntu4.11"; } } 

I was also able to connect using the named domain 3d.media24.com , but not with the numeric address 152.111.198.244 using the exception domains.

Screenshot:

My results are consistent with the Apple Technote application security domain definition of exclusion domains:

An exception dictionary for a named domain. The key name is the domain name, for example, www.apple.com.