Safari won't finish loading certain sites after iOS 15.5 / MacOS 12.4 upgrade

Actually no help needed but wanted to share the following, hoping it might help others as well:

After installation of iOS 15.5 Safari didn’t finish loading certain sites while others worked flawlessly - while being connected to the Wifi (with Pi-Hole).
Other Browsers didn’t show this behaviour and also Safari worked fine via 5g.

I finally found the following that helped:

https://www.reddit.com/r/pihole/comments/utab8p/comment/i98refo/

In short: disable “Limit IP Address Tracking” in the wifi settings of the iOS device makes Safari load the websites again.

I can’t comment on the technical aspects - maybe the pros can do…
I only wanted to share this approach as it really bothered me a lot the recent time….

Hope it helps….

5 Likes

Thanks!!!

I‘ve the Same problem singe iOS 15.5 and searching the problem.

I hope it can be fixed soon.

In my case some sites doesnt load or not completly. If I navigate to a site and want to switch back, the back button doesnt work. The site is only refreshed and I cant go back.

Apple must have changed something on their side. They have some domains they test for to see if the network is compatible with their Private Relay feature. Previously, when " iCloud Private Relay" was enabled, users got a message when they blocked those domains by Pi-hole that their network is not compatible with that feature. Later, they just seem to ignore the blocked domains and ads were loading

The feature was renamed meanwhile

  • In earlier versions of iOS, iPadOS, and macOS, this preference is called iCloud Private Relay.

Now it seems they changed something again...

I installed iOS 15.5 on my iPhone SE and after a while noticed that some sites didn’t load (e.g. banks, PayPal, etc.). I don’t know what exactly causes this behavior but I guess it has something to do with the latest version of iOS. Hopefully, they will change things useful.

Was troubleshooting my settings for hours until I found this. Was driving me nuts! Thanks.
Is this a problem which Apple has to fix? Since it's working when I'm using the Router's DNS there must be a problem between PiHole and Apple's setting, right?

By default Pi-hole blocks Apples canary domains which used to indicate to iOS devices that Private Relay should not be used within that particular network. If your device is using Private Relay/Limit IP Address Tracking, it bypasses Pi-hole.

You can change Pi-hole's behavior:
https://docs.pi-hole.net/ftldns/configfile/#icloud_private_relay

Okay, this can be misunderstanding. Since I was not using Private Relay, but Limit IP Address Tracking, two different settings in my opinion.
Did I understand correctly that my devices are not trying to use the "Limit IP Tracking" feature even when it's turned on when "BLOCK_ICLOUD_PR=true" is set so that it won't be leading to mentioned problems if updates may turn it on again?

If it would be working by bypassing Pi-hole it wouldn't be as bad as the fact, that it isn't even working when using it while having Pi-hole as DNS resolver. It is working while using my standard DNS from the router, though.

1 Like

Facing the same problem I just set BLOCK_ICLOUD_PR=false as there are quite some Apple devices in my network, but I'm not sure it really solved that issue... disabling the anti-tracking feature locally on the device did work right out of the box, but as I have quite a number of Apple devices in my network and anti-tracking is a really nice thing to have also in foreign networks, I'd really like to see this fixed/worked around in pi-hole if possible.

I got it that Apple probably changed something without documenting it in the last updates, but pi-hole should try to adapt to that new behaviour ASAP in any case.

Just my two cents..

We will, as soon as we get reliable information what and how things changed from Apples side. If you find something, let us know.

1 Like

I have to admit that I am a bit confused as well.

My current understanding is, that Pi-Hole would work perfectly well without any manual configuration (not setting any value for BLOCK_ICLOUD_PR manually) if Apple wouldn’t have changed something unexpectedly.

Is this correct?

For me disabling “Limit IP Address tracking” to get things working is perfectly fine though - it’s something that is configured distinctly for every Wifi - so I just do that for my own one.
For a handful of iOS Devices that’s done quickly….

Yes.

For iOS devices this is true, but for MacOS devices it isn't. For Macs this setting is configured on network interface level, i.e. you enable or disable it for your network interface (wired and/or WiFi), which affects every (W)LAN network you might connect to. For stationary Macs this isn't an issue, but for portable ones, it is.

For Macs, creating a different location (System Preferences - Network) would be a way to disable the limit tracking feature for when on the home network and enabling it when connected elsewhere.

Changing the location value can be automated with apps such as ControlPlane or can be manually changed from the Apple Menu - Location menu bar item.

Sure, you can work around almost any issue with enough effort invested, but this should not be necessary in the first place.

I’ve noticed that mask.iCloud.com is sent an NXDOMAIN which is fine. But there is another domain mask-api.iCloud.com it resolves as a CNAME. Not sure if this is the issue.

So far, this domain is not mentioned by apple
(see "Allow for network traffic audits")

I don't think this is the case. On my laptop Mac running latest MacOS, this option is selectable (and remembered) for each WiFi network.

Confirmed. I just tested it. I have it off at home, but it's on when I leave.

Still, it's not a good solution, cuz anytime someone comes over and wants to use their Mac or iPhone they'll have to be told to fix that. Hopefully the smart ones can figure out what's up. I'm open to test and take logs if it helps, I just don't know enough when it comes to that in-depth knowledge of these systems.

My latest outcome from troubleshooting this issue:

tested the last 12 hours and can confirm that BLOCK_ICLOUD_PR=false in pihole-FTL.conf is a valid workaround for now. Safari and Mail on iOS 15.5 and macOS 12.4 are now working as expected, all my affected websites are loading correctly.

My iOS/macOS settings are (which is Apples default setting):

Private Relay = OFF

Limit IP Address Tracking in WiFi settings = ON

Adblocking via PiHole is also working as expected on these Apple devices, I can see the blocked URLs in the PiHole log correctly.

Looks for me that the newest releases of iOS and macOS are pissed if anyone is blocking Apples DNS servers and they cannot be reached. :confused:

FYI: I have tested the following FTL settings:

  1. NO BLOCK_ICLOUD_PR config in pihole-FTL.conf (PiHole default)
  2. SET BLOCK_ICLOUD_PR config in pihole-FTL.conf to true
  3. SET BLOCK_ICLOUD_PR config in pihole-FTL.conf to false

Only TEST3 with value false is working without issues in combination with Apples default settings on iOS / macOS.

Posted this also to: https://www.reddit.com/r/pihole/comments/utab8p/safari_wont_finish_loading_certain_sites_after/

1 Like

Awesome thanks!

1 Like