ios – Easy methods to use configuration profile to pressure DNS-over-HTTPS for each community besides the required SSIDs? – Stack Overflow

I need to have the ability to pressure DoH on all networks (Wifi, mobile knowledge, and so forth) besides my dwelling and work wifi community SSIDs.

I used iMazing Profile Editor to craft this profile, however when I attempt to import it on to my iPhone 12 mini (iOS 16.1) it shows an error saying “The sector ‘OnDemandRules’ is just not legitimate.” I’ve learn by Apple’s Configuration Payload documentation and might’t see something flawed, so I am guessing there’s simply one thing I do not perceive.

<?xml model="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist model="1.0">
<dict>
    <key>PayloadContent</key>
    <array>
        <dict>
            <key>DNSSettings</key>
            <dict>
                <key>DNSProtocol</key>
                <string>HTTPS</string>
                <key>ServerAddresses</key>
                <array>
                    <string>185.228.168.168</string>
                    <string>185.228.169.168</string>
                    <string>2a0d:2a00:0001:0000:0000:0000:0000:0000</string>
                    <string>2a0d:2a00:0002:0000:0000:0000:0000:0000</string>
                </array>
                <key>ServerURL</key>
                <string>https://doh.cleanbrowsing.org/doh/family-filter/</string>
            </dict>
            <key>OnDemandRules</key>
            <dict>
                <key>Motion</key>
                <string>Disconnect</string>
                <key>SSIDMatch</key>
                <array>
                    <string>eduroam</string>
                    <string>AEROHIVE</string>
                </array>
            </dict>
            <key>PayloadDisplayName</key>
            <string>DNS Settings #1</string>
            <key>PayloadIdentifier</key>
            <string>com.apple.dnsSettings.managed.50552866-1CD2-48AD-8117-EF6EF0CC0920</string>
            <key>PayloadType</key>
            <string>com.apple.dnsSettings.managed</string>
            <key>PayloadUUID</key>
            <string>12B12860-090C-4FE4-B1C4-F1BDC4741DF3</string>
            <key>PayloadVersion</key>
            <integer>1</integer>
        </dict>
    </array>
    <key>PayloadDisplayName</key>
    <string>CleanBrowsing DoH</string>
    <key>PayloadIdentifier</key>
    <string>com.charlesrc019.CleanBrowsingDoH</string>
    <key>PayloadOrganization</key>
    <string>charlesrc019</string>
    <key>PayloadType</key>
    <string>Configuration</string>
    <key>PayloadUUID</key>
    <string>FF112954-D8A9-4C71-8868-9CEC20238482</string>
    <key>PayloadVersion</key>
    <integer>1</integer>
</dict>
</plist>

Word: If I edit the profile and take the ‘OnDemandRules’ part out, it does work, however that does not work for what I am making an attempt to do. I want it to have the ability to swap between forcing DoH and never relying on what wifi community it’s linked to.