User Profile

Hey everyone, we've experienced strange behavior in the iOS system with a GHP profile and the PAC file evaluation when there's no internet connection. The setup: Router is not connected to the internet Device connects to a Wi-Fi provided by the router Device has mobile data disabled Device has a proxy set via GHP with a PAC file URL Device tries to access a website on a local IP address (e.g. 192.168.1.1) PAC file: function FindProxyForURL(url, host) { if (shExpMatch(url, "*:993/*")){ return 'DIRECT';}if (shExpMatch(url, "*:465/*")){ return 'DIRECT';}if (shExpMatch(url, "*:587/*")){ return 'DIRECT';} if (isPlainHostName(host) || shExpMatch(host, "*.local") || isInNet(dnsResolve(host), "10.0.0.0", "255.0.0.0") || isInNet(dnsResolve(host), "172.16.0.0", "255.240.0.0") || isInNet(dnsResolve(host), "192.168.0.0", "255.255.0.0") || isInNet(dnsResolve(host), "127.0.0.0", "255.255.255.0")) return 'DIRECT'; return 'PROXY my.proxy.address;DIRECT'; } The result: The device is not able to connect to local addresses, the request times out. Based on the PAC file rules, when accessing the 192.168.1.1 address, the proxy should have been bypassed and it should go directly: isInNet(dnsResolve(host), "192.168.0.0", "255.255.0.0"). However, it seems, that the device is still trying to go via proxy which is unreachable since the router is not connected to the internet. The GHP profile has even the flag to bypass proxy if unreachable enabled: <key>ProxyCaptiveLoginAllowed</key> <true/> <key>ProxyPACFallbackAllowed</key> <true/> If we remove the GHP profile from the device, everything works. And if the device has cellular data enabled, it works as well. This setup is used by a customer that is connecting to such router in elevators for some maintenance, so they usually have no signal there - the cellular interface is not working and from time to time, the webpage is successfully loaded - I assume that the device had a signal for a short period of time. I just wanted to check with you if there's anything we do wrong in the proxy setup before reporting a bug. Right now we're trying to reproduce this behavior with CFNetworkDiagnostics and NetworkDiagnostics profiles installed so we have more logs. Although, we've noticed the following message in the logs: CFNetworkAgent PAC Fetch failed with cached error [NSURLErrorDomain:-1009] Have anyone experienced something similar? Thanks in advance!

Hey guys, I have a question regarding iOS 15 beta and proxy bypass. We've noticed that if the proxy is automatically set via a VPN and the TCP connection is closed, the system bypasses the proxy and connects to the server directly. However, that's not the case if the proxy is set manually in settings or a GHP profile is used. We haven't observed such behavior in previous versions so I wanted to ask: is this expected behavior in iOS 15? If so, is there any way how to disable the bypass? Configuration: VPN: URL with PAC file added via proxyAutoConfigurationURL device is proxying, however, the proxy is bypassed on TCP connection close GHP: tested both manual or auto configurations (in case of auto configuration we've used the same PAC file) device is proxying and the proxy is never bypassed VPN wasn't installed in this case Settings: proxy server and port are defined in WiFi settings again, the same proxy server has been used as in previous test cases proxy is never bypassed VPN wasn't installed in this case