search

essandess / easylist-pac-privoxy

EasyList Tracker and Adblocks to Proxy Auto Configuration (PAC) File and Privoxy Actions and Filters
GNU General Public License v3.0
103 stars 97 forks source link

Safari 15 iOS Bypasses proxy.pac PROXY setting for HTTPS 400 code #21

Open essandess opened 2 years ago

essandess commented 2 years ago

The PROXY blackhole approach used in this repo has stopped working for HTTPS requests on all iOS after updating to Safari on iOS/iPadOS 15.

Most requests now are HTTPS, so this breaks functionality.

Safari 15 appears to bypass the proxy.pac PROXY and sends requests to https://unwarranted.tracker.website/?whatever.

I hypothesize the reason is that the proxy returns 400 for such HTTPS CONNECT requests. Its behavior, expected for HTTPS CONNECT requests,looks like:

curl -I --proxy http://my.blackhole.server:8119 https://unwarranted.tracker.website/?whatever
HTTP/1.1 400 Bad Request
Server: nginx/1.21.3
Date: Sat, 25 Sep 2021 19:17:07 GMT
Content-Type: text/html
Content-Length: 157
Connection: close

curl: (56) Received HTTP code 400 from proxy after CONNECT

The fix appears to be to deprecate this repo and use Privoxy’s HTTPS inspection along with adblock2privoxy.

Reference: https://developer.apple.com/forums/thread/691279