PAC file not evaluated correctly w… | Apple Developer Forums

PAC file not evaluated correctly with no internet

Hey everyone, we've experienced strange behavior in the iOS system with a GHP profile and the PAC file evaluation when there's no internet connection.

The setup:

Router is not connected to the internet
Device connects to a Wi-Fi provided by the router
Device has mobile data disabled
Device has a proxy set via GHP with a PAC file URL
Device tries to access a website on a local IP address (e.g. 192.168.1.1)

PAC file:

function FindProxyForURL(url, host) {
    if (shExpMatch(url, "*:993/*")){ return 'DIRECT';}if (shExpMatch(url, "*:465/*")){ return 'DIRECT';}if (shExpMatch(url, "*:587/*")){ return 'DIRECT';}
	if (isPlainHostName(host) || shExpMatch(host, "*.local") ||
		isInNet(dnsResolve(host), "10.0.0.0", "255.0.0.0") ||
		isInNet(dnsResolve(host), "172.16.0.0",  "255.240.0.0") ||
		isInNet(dnsResolve(host), "192.168.0.0",  "255.255.0.0") ||
		isInNet(dnsResolve(host), "127.0.0.0", "255.255.255.0"))
			return 'DIRECT';
	return 'PROXY my.proxy.address;DIRECT';
}

The result: The device is not able to connect to local addresses, the request times out.

Based on the PAC file rules, when accessing the 192.168.1.1 address, the proxy should have been bypassed and it should go directly: isInNet(dnsResolve(host), "192.168.0.0", "255.255.0.0"). However, it seems, that the device is still trying to go via proxy which is unreachable since the router is not connected to the internet. The GHP profile has even the flag to bypass proxy if unreachable enabled:

<key>ProxyCaptiveLoginAllowed</key>
<true/>
<key>ProxyPACFallbackAllowed</key>
<true/>

If we remove the GHP profile from the device, everything works. And if the device has cellular data enabled, it works as well. This setup is used by a customer that is connecting to such router in elevators for some maintenance, so they usually have no signal there - the cellular interface is not working and from time to time, the webpage is successfully loaded - I assume that the device had a signal for a short period of time.

I just wanted to check with you if there's anything we do wrong in the proxy setup before reporting a bug. Right now we're trying to reproduce this behavior with CFNetworkDiagnostics and NetworkDiagnostics profiles installed so we have more logs. Although, we've noticed the following message in the logs:

CFNetworkAgent PAC Fetch failed with cached error [NSURLErrorDomain:-1009]

Have anyone experienced something similar? Thanks in advance!