I'm still a bit confused (edit: by iCloud Private Relay problems). Is there a certain version of pihole that needs to be running that has changes for this implemented in the web GUI? I have a network that I'm supporting where the users have iphones, some have PR enabled and some don't. The ones that do have it enabled are seeing the PR warnings/errors, but they would like to continue using pihole. For their specific network they are fine with not using PR but they don't want to enable and disable as they are on or off their network running pihole. I tried reading through this post and several others and I'm not able to put together a definitive answer together.
I see testing has been done, but is the final solution to use groups? Is it to block the domains mask and mask-h2? I'm not following.
(I've split your post into a separate topic, as it is about Apple's iCloud Private Relay in general.)
You can either have iCloud's relaying or Pi-hole's filtering.
By default, Pi-hole is signaling its clients to switch off iCloud Private Relay in its presence, providing the recommended answers for the domains by default.
Note that if you'd switch that to false, clients using Apple's iCloud Private Relay would always by-pass Pi-hole.
If you run Pi-hole with its default, Apple devices with active iCloud Private Relay will be prompted to deal with a "SpecificNetwork isn't compatible with iCloud Private Relay" warning.
They have to configure that on their iPhones.
That message could be avoided by turning it off for that SpecificNetwork:
Private Relay can be turned off for a specific network using the Limit IP Address Tracking setting.*
If you turn off Private Relay for a specific network, the setting for that network applies to all of your devices for which Private Relay is turned on.
If you regularly switch between multiple network configurations (such as Dual SIM or Wi-Fi and Ethernet), make sure that this setting is set for each network independently.
Thank you, I need to confirm how this can be done, per network, on the device. I saw another post stating that it can be disabled right from the wireless network options on the phone, but what I read online isn't an option for this user so I'll need to see if that was an old post and maybe the private relay option (to toggle off for the wireless network they are connecting to) was moved to another spot after an iphone update.