How to use configuration profile to force DNS-over-HTTPS for every network except the specified SSIDs?

I want to be able to force DoH on all networks (Wifi, cellular data, etc) except my home and work wifi network SSIDs. I used iMazing Profile Editor to craft this profile, but when I try to import it on to my iPhone 12 mini (iOS 16.1) it displays an error saying "The field 'OnDemandRules' is not valid." I've read through Apple's Configuration Payload documentation and can't see anything wrong, so I'm guessing there's just something I don't understand.

PayloadContent
	
		
			DNSSettings
			
				DNSProtocol
				HTTPS
				ServerAddresses
				
					185.228.168.168
					185.228.169.168
					2a0d:2a00:0001:0000:0000:0000:0000:0000
					2a0d:2a00:0002:0000:0000:0000:0000:0000
				
				ServerURL
				https://doh.cleanbrowsing.org/doh/family-filter/ 
			
			OnDemandRules
			
				Action
				Disconnect
				SSIDMatch
				
					eduroam
					AEROHIVE
				
			
			PayloadDisplayName
			DNS Settings #1
			PayloadIdentifier
			com.apple.dnsSettings.managed.50552866-1CD2-48AD-8117-EF6EF0CC0920
			PayloadType
			com.apple.dnsSettings.managed
			PayloadUUID
			12B12860-090C-4FE4-B1C4-F1BDC4741DF3
			PayloadVersion
			1
		
	
	PayloadDisplayName
	CleanBrowsing DoH
	PayloadIdentifier
	com.charlesrc019.CleanBrowsingDoH
	PayloadOrganization
	charlesrc019
	PayloadType
	Configuration
	PayloadUUID
	FF112954-D8A9-4C71-8868-9CEC20238482
	PayloadVersion
	1

Note: If I edit the profile and take the 'OnDemandRules' section out, it does work, but that doesn't work for what I'm trying to do. I need it to be able to switch between forcing DoH and not depending on what wifi network it is connected to. Also, I am unable to find an documentation saying that On Demand Rules only work for VPN settings not DNS. iMazing Profile Editor included On Demand Rules in their DNS settings, so I'm inclined to believe that it should work.