How to Auto-Switch Proxies on iOS using PAC

by Rian

This one is mostly for documentation and proof of concept. I was able to get it to work, but it was never reliable enough. The iOS feature itself does work. But even at the basic home lab level, it doesn’t have any interface to speak of. For instance, I want to know if traffic is actually going through the designated proxy, but there is no notification of any kind. For day-to-day operation, I don’t think it fits the bill.

That being said, I think some people may still be able to make use of it. My use cases are primarily on bypassing geoblock at home. Had the same idea been to, say, a tablet for home theater, it would have worked wonders.

Here are some list of orders. For it to work, it’s best to have access to your git platforms. I used my personal Forgejo hosted on NAS. And the proxies need to support HTTP. We will be using the git to grab the rules on the device. And the script itself is straight forward JavaScript.

function FindProxyForURL(url, host) {
	    // --- 1. EXCEPTION RULES (Always Direct) ---
	    if (/SOMEREGEX_1/.test(url)) return "DIRECT";
	
	    // --- 2. PROXY RULES ---
	    if (/SOMEREGEX_2/.test(url)) return "PROXY 192.168.x.x:PORT";
	
	    // --- 3. DEFAULT FALLBACK ---
	    return "DIRECT";
	}

The format is straight forward. I’ve added the exceptions at the top, because there are always some weird cases where proxies would kick in when it shouldn’t. Let’s say, the proxy is set for google in the second phase, but it would also capture non-Google websites like articles with a slug “google” in it. The actual regex-based proxy rules, therefore, go into the second phase. Save it as rules.pac, and commit to git of your choice.

Once it’s up on the git of your choice, get the raw URL for it. It would look like https://someGitUrl/username/reponame/raw/branch/main/rules.pac. This address won’t change even if you push a new update to the rules, so that’s an extra. On iOS Settings, navigate to Wi-Fi > current SSID, i icon > under HTTP Proxy, Configure Proxy, choose “Automatic”. The URL is the raw URL for the rules.pac.

Again, the problem I had with the script was that it would kick in when I am navigating my own home lab servers and services. There is also unreliable caching. When I am hoping to add a new rule immediately, there is no way of knowing when iOS will fetch the pac again. I ended up disabling it and re-enabling it just to be sure.