forked from zxfccmm4/Surge
-
Notifications
You must be signed in to change notification settings - Fork 0
/
SurgeProMax.conf
375 lines (341 loc) · 23.5 KB
/
SurgeProMax.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
# By:Steve
# X: @St7evechou
# 最后一次更新:2024.10.26
# TG频道:https://t.me/st7evee
# 下载配置后,请手动添加机场订阅
[General]
# --- GENERAL ---
# Enhanced Wi-Fi Assist
wifi-assist = true
# Hybrid Network
all-hybrid = false
# Gaming Optimization
//开启后将在系统负载非常高,数据包处理出现延迟时,优先处理 UDP 数据包。
udp-priority = true
# Latency Benchmark
internet-test-url = http://bing.com
proxy-test-url = http://cp.cloudflare.com/generate_204
test-timeout = 5
# GeoIP Database
geoip-maxmind-url = https://raw.githubusercontent.com/Loyalsoldier/geoip/release/Country.mmdb
# IPv6 Support
//开启 IPv6 会让 Surge 同时请求域名的 A 与 AAAA 记录,这可能略微的增加延迟。若 DNS 服务器无法正确响应 AAAA 查询,则可能导致严重的卡顿,仅在需要时开启。
ipv6 = false
# --- Wi-Fi ACCESS ---
//Surge 可以作为一个标准的 HTTP/SOCKS5 代理服务器向 wi-Fi 网络下的其他设备提供服务器
allow-wifi-access = false
# Surge iOS - 默认 HTTP 端口号:6152,SOCKS5 端口号:6153
wifi-access-http-port = 6152
wifi-access-socks5-port = 6153
# Surge Mac - 默认 HTTP 端口号:6152,SOCKS5 端口号:6153
http-listen = 0.0.0.0:6152
socks5-listen = 0.0.0.0:6153
# 允许热点共享
allow-hotspot-access = true
# --- REMOTE CONTROLLER ---
# 允许 Surge 请求查看器或 Surge CLI 进行管理控制
//默认仅允许外部控制器通过 USB 进行控制。如果想要允许由 Wi-Fi 控制可以将 127.0.0.1 改为 0.0.0.0
external-controller-access = [email protected]:6160
# HTTP API & Web Dashboard
//This option allows using HTTP APIs to control
http-api = [email protected]:6166
//使用 HTTPS 替代 HTTP 协议,需要先配置 MitM 的 CA 证书,同时需要在客户端设备上手动安装并信任 CA 证书
http-api-tls = false
//开启该选项后可以通过浏览器控制 Surge,本机浏览器输入127.0.0.1:6166
http-api-web-dashboard = true
# --- COMPATIBILITY ---
//该选项将使得发往这些域名或者 IP 段的请求由 Surge VIF 进行处理(而不是 Surge Proxy),该选项用于修正和某些应用的兼容性问题
# 兼容模式
# 0:禁用
# 1:Proxy with Loopback Address
# 2:Proxy Only
# 3:VIF Only
# 4:VIF Proxy:不使用 127.0.0.1 的回环地址作为代理,使用 VIF 的虚拟代理地址,将产生额外的性能开销
# 5:不作为默认路由:不声明为默认路由,但声明若干个小路由以覆盖所有地址(与 Surge Mac 增强模式行为相同)
# 这种配置下由于 VIF 不是主网络设备无法配置系统代理。部分应用在该模式下会认为 VPN 未开启以解决特殊兼容性问题,如 HomeKit Security Camera
# ⚠️ 请仅在指引下使用,开启后部分功能可能无法使用
compatibility-mode = 0
# 跳过代理
skip-proxy = 192.168.0.0/24, 10.0.0.0/8, 172.16.0.0/12, 127.0.0.1, localhost, *.local
# 排除简单主机名
exclude-simple-hostnames = true
# --- DNS ---
# The IP addresses of upstream DNS servers
dns-server = 223.5.5.5, 114.114.114.114
# 从 /etc/hosts 读取 DNS 记录
read-etc-hosts = true
# ENCRYPTED DNS
//如果配置了加密 DNS,传统 DNS 将仅用作解析 DOH 域名和测试网络连通性
# 支持的协议:
# DNS over HTTPS: https://doh.pub/dns-query
# DNS over HTTP/3: h3://example.com
# DNS over QUIC: quic://example.com
//encrypted-dns-server = https://223.5.5.5/ // 除非当地 ISP 有严重的 DNS 污染问题,否则没必要开启 DoH,传统 DNS 的性能最优,网络异常后恢复速度最快
doh-skip-cert-verification=true // 临时关闭 DOH 的服务端证书验证(解决 Surge 无法与 nextdns.io 完成 TLS 握手问题)
# 代理请求本地 DNS 映射
//开启该选项后,如果访问的域名配置有本地 DNS 映射,surge 将使用本地 IP 地址进行请求,不在远端进行解析。仅对配置了 IP 地址的本地 DNS 映射生效
use-local-host-item-for-proxy = true
# 使加密 DNS 请求通过代理策略执行
encrypted-dns-follow-outbound-mode = false
# --- ROUTING ---
# 包含所有网络请求
include-all-networks = false
# 包含本地网络请求
include-local-networks = false
# --- ADVANCED ---
# Log Level
loglevel = notify
# 当遇到 REJECT 策略时返回错误页
show-error-page-for-reject = true
# Always Real IP Hosts
# 当 Surge VIF 处理 DNS 问题时,此选项要求 Surge 返回一个真正的 IP 地址,而不是一个 Fake IP
# DNS 数据包将被转发到上游 DNS 服务器
# 例如由于游戏主机会使用 STUN 技术进行 NAT 穿透,需要进行一些额外的配置才能正常工作
always-real-ip = link-ip.nextdns.io, *.msftconnecttest.com, *.msftncsi.com, *.srv.nintendo.net, *.stun.playstation.net, xbox.*.microsoft.com, *.xboxlive.com, *.logon.battlenet.com.cn, *.logon.battle.net, stun.l.google.com
# Hijack DNS
# 默认情况下,Surge 只对发送到 Surge DNS 地址(198.18.0.2)的 DNS 查询返回 Fack IP 地址。发送到标准 DNS 的查询将被转发
# 如 Google 系智能硬件产品会无视 DHCP 配置强行使用 8.8.8.8 和 8.8.4.4,需要配置 Surge 强行劫持才可以正常工作
hijack-dns = 8.8.8.8:53, 8.8.4.4:53
# TCP Force HTTP Hosts
# 使 Surge 将 TCP 连接视为 HTTP 请求。Surge HTTP 引擎将处理请求,并且所有高级功能都将可用,如截取、重写和脚本
# 支持通配符 * 及 ?;
# 使用前缀 - 排除主机名;
# 默认情况下,只对 80 端口的请求进行处理(使用 example.com:443 指定端口或 example.com:0 表示所有端口);
# <ip-address> 表示匹配所有主机名为 IP 地址的连接;
# <ipv4-address> 表示匹配所有主机名为 IPv4 地址的连接;
# <ipv6-address> 表示匹配所有主机名为 IPv6 地址的连接。
force-http-engine-hosts = *.ott.cibntv.net, 123.59.31.1,119.18.193.135, 122.14.246.33, 175.102.178.52, 116.253.24.*, 175.6.26.*, 220.169.153.*
# VIF Excluded Routes
//tun-excluded-routes = 239.255.255.250/32
# VIF Included Routes
//tun-included-routes = 192.168.1.12/32
# 当 Wi-Fi 不是首选网络时 SSID 组策略使用默认策略
use-default-policy-if-wifi-not-primary = false
# 控制当 UDP 流量被匹配到一个不支持 UDP 转发的策略时的行为
# - DIRECT:回退到 DIRECT 策略(默认)
# - REJECT:回退到 REJECT 策略
udp-policy-not-supported-behaviour = REJECT
[Proxy]
[Proxy Group]
# > 这是一个final规则 没有命中的连接会走以下的策略组
⚙️ 𝑵𝒐𝑨𝒖𝒕𝒐 = select, 🌍 𝑴𝒂𝒊𝒏𝒍𝒂𝒏𝒅, 🌀 𝑨𝒖𝒕𝒐𝒎𝒂𝒕𝒊𝒄
# > 这是你的机场链接填写的地方 在policy_path=后面粘贴你自己机场的订阅链接(不要在这里粘贴 谢谢)
🌀 𝑨𝒖𝒕𝒐𝒎𝒂𝒕𝒊𝒄 = select, 🇭🇰 𝑯𝒐𝒏𝒈 𝑲𝒐𝒏𝒈, 🇨🇳 𝑻𝒂𝒊𝒘𝒂𝒏, 🇯🇵 𝑱𝒂𝒑𝒂𝒏, 🇸🇬 𝑺𝒊𝒏𝒈𝒂𝒑𝒐𝒓𝒆, 🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔, interval=600, tolerance=50
👹 𝐀𝐥𝐥𝐒𝐞𝐫𝐯𝐞𝐫 = select, policy-path=https://sub.store/download/collection/Surge, update-interval=0
# > 以下是策略组 需先配置好sub-store使用
⚠️ 𝑭𝒂𝒍𝒍𝒃𝒂𝒄𝒌 = fallback, 🇭🇰 𝑯𝒐𝒏𝒈 𝑲𝒐𝒏𝒈, 🇨🇳 𝑻𝒂𝒊𝒘𝒂𝒏, 🇯🇵 𝑱𝒂𝒑𝒂𝒏, 🇸🇬 𝑺𝒊𝒏𝒈𝒂𝒑𝒐𝒓𝒆, 🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔, interval=600
🍎 𝑨𝒑𝒑𝒍𝒆 = select, 🌍 𝑴𝒂𝒊𝒏𝒍𝒂𝒏𝒅, 🇭🇰 𝑯𝒐𝒏𝒈 𝑲𝒐𝒏𝒈, 🇨🇳 𝑻𝒂𝒊𝒘𝒂𝒏, 🇸🇬 𝑺𝒊𝒏𝒈𝒂𝒑𝒐𝒓𝒆, 🇯🇵 𝑱𝒂𝒑𝒂𝒏, 🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔
🍺 𝒃𝒊𝒍𝒊𝒃𝒊𝒍𝒊 = select, 🌍 𝑴𝒂𝒊𝒏𝒍𝒂𝒏𝒅, 🇭🇰 𝑯𝒐𝒏𝒈 𝑲𝒐𝒏𝒈, 🇨🇳 𝑻𝒂𝒊𝒘𝒂𝒏
🎬 𝑫𝒊𝒔𝒏𝒆𝒚+ = select, 🇭🇰 𝑯𝒐𝒏𝒈 𝑲𝒐𝒏𝒈, 🇸🇬 𝑺𝒊𝒏𝒈𝒂𝒑𝒐𝒓𝒆
🎥 𝑵𝒆𝒕𝒇𝒍𝒊𝒙 = select, 🇭🇰 𝑯𝒐𝒏𝒈 𝑲𝒐𝒏𝒈, 🇨🇳 𝑻𝒂𝒊𝒘𝒂𝒏, 🇸🇬 𝑺𝒊𝒏𝒈𝒂𝒑𝒐𝒓𝒆, 🇯🇵 𝑱𝒂𝒑𝒂𝒏, 🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔
🕸️ 𝑺𝒑𝒆𝒆𝒅𝒕𝒆𝒔𝒕 = select, 🌍 𝑴𝒂𝒊𝒏𝒍𝒂𝒏𝒅, 🌀 𝑨𝒖𝒕𝒐𝒎𝒂𝒕𝒊𝒄, 👹 𝐀𝐥𝐥𝐒𝐞𝐫𝐯𝐞𝐫
💰 𝑷𝒂𝒚𝑷𝒂𝒍 = select, 🌍 𝑴𝒂𝒊𝒏𝒍𝒂𝒏𝒅, 🇭🇰 𝑯𝒐𝒏𝒈 𝑲𝒐𝒏𝒈, 🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔
☎️ 𝑻𝒆𝒍𝒆𝒈𝒓𝒂𝒎 = select, 🌀 𝑨𝒖𝒕𝒐𝒎𝒂𝒕𝒊𝒄, 🇸🇬 𝑺𝒊𝒏𝒈𝒂𝒑𝒐𝒓𝒆, 🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔, 🇭🇰 𝑯𝒐𝒏𝒈 𝑲𝒐𝒏𝒈, 🇨🇳 𝑻𝒂𝒊𝒘𝒂𝒏, 🇯🇵 𝑱𝒂𝒑𝒂𝒏
📺 𝑻𝒊𝒌𝑻𝒐𝒌 = select, 🇨🇳 𝑻𝒂𝒊𝒘𝒂𝒏, 🇸🇬 𝑺𝒊𝒏𝒈𝒂𝒑𝒐𝒓𝒆, 🇯🇵 𝑱𝒂𝒑𝒂𝒏, 🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔
⌨️ 𝑻𝒘𝒊𝒕𝒕𝒆𝒓 = select, 🌀 𝑨𝒖𝒕𝒐𝒎𝒂𝒕𝒊𝒄, 🇭🇰 𝑯𝒐𝒏𝒈 𝑲𝒐𝒏𝒈, 🇨🇳 𝑻𝒂𝒊𝒘𝒂𝒏, 🇸🇬 𝑺𝒊𝒏𝒈𝒂𝒑𝒐𝒓𝒆, 🇯🇵 𝑱𝒂𝒑𝒂𝒏, 🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔
🎞️ 𝒀𝒐𝒖𝑻𝒖𝒃𝒆 = select, 🌀 𝑨𝒖𝒕𝒐𝒎𝒂𝒕𝒊𝒄, 🇭🇰 𝑯𝒐𝒏𝒈 𝑲𝒐𝒏𝒈, 🇨🇳 𝑻𝒂𝒊𝒘𝒂𝒏, 🇸🇬 𝑺𝒊𝒏𝒈𝒂𝒑𝒐𝒓𝒆, 🇯🇵 𝑱𝒂𝒑𝒂𝒏, 🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔
🧣 𝑾𝒆𝒊𝒃𝒐 = select, 🌍 𝑴𝒂𝒊𝒏𝒍𝒂𝒏𝒅, 🇭🇰 𝑯𝒐𝒏𝒈 𝑲𝒐𝒏𝒈, 🇨🇳 𝑻𝒂𝒊𝒘𝒂𝒏, 🇸🇬 𝑺𝒊𝒏𝒈𝒂𝒑𝒐𝒓𝒆, 🇯🇵 𝑱𝒂𝒑𝒂𝒏, 🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔, 👹 𝐀𝐥𝐥𝐒𝐞𝐫𝐯𝐞𝐫
🧠 𝑪𝒉𝒂𝒕𝑮𝑷𝑻 = select, 🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔, 🇯🇵 𝑱𝒂𝒑𝒂𝒏, 🇸🇬 𝑺𝒊𝒏𝒈𝒂𝒑𝒐𝒓𝒆
🚗 𝑻𝒆𝒔𝒍𝒂 = select, 🌍 𝑴𝒂𝒊𝒏𝒍𝒂𝒏𝒅
🇭🇰 𝑯𝒐𝒏𝒈 𝑲𝒐𝒏𝒈 = url-test, policy-path=https://sub.store/download/collection/Surge, update-interval=0, policy-regex-filter=港|🇭🇰|香港|HK|Hong, interval=600, tolerance=50
🇨🇳 𝑻𝒂𝒊𝒘𝒂𝒏 = url-test, policy-path=https://sub.store/download/collection/Surge, update-interval=0, policy-regex-filter=台|🇨🇳|台湾|TW|Tai, interval=600, tolerance=50
🇯🇵 𝑱𝒂𝒑𝒂𝒏 = url-test, policy-path=https://sub.store/download/collection/Surge, update-interval=0, policy-regex-filter=日|🇯🇵|日本|JP|Japan, interval=600, tolerance=50
🇸🇬 𝑺𝒊𝒏𝒈𝒂𝒑𝒐𝒓𝒆 = url-test, policy-path=https://sub.store/download/collection/Surge, update-interval=0, policy-regex-filter=坡|🇸🇬|新加坡|狮城|SG|Singapore, interval=600, tolerance=50
🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔 = url-test, policy-path=https://sub.store/download/collection/Surge, update-interval=0, policy-regex-filter=美|🇺🇸|美国|US|States|American, interval=600, tolerance=50
📎 𝐏𝐫𝐨𝐱𝐲 = select, 🌀 𝑨𝒖𝒕𝒐𝒎𝒂𝒕𝒊𝒄, ⚠️ 𝑭𝒂𝒍𝒍𝒃𝒂𝒄𝒌, 🇭🇰 𝑯𝒐𝒏𝒈 𝑲𝒐𝒏𝒈, 🇨🇳 𝑻𝒂𝒊𝒘𝒂𝒏, 🇸🇬 𝑺𝒊𝒏𝒈𝒂𝒑𝒐𝒓𝒆, 🇯🇵 𝑱𝒂𝒑𝒂𝒏, 🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔
🌍 𝑴𝒂𝒊𝒏𝒍𝒂𝒏𝒅 = select, DIRECT
[Rule]
# > Safari 防跳转
DOMAIN,app-site-association.cdn-apple.com,REJECT
# ban UDP on Youtube
AND,((PROTOCOL,UDP), (DOMAIN-SUFFIX,googlevideo.com)),REJECT-NO-DROP
# ban National Anti-fraud Center
DOMAIN,prpr.96110.cn.com,DIRECT
DOMAIN-KEYWORD,96110,REJECT
DOMAIN-SUFFIX,gjfzpt.cn,REJECT
# > Vercel --> sub-store
RULE-SET,https://raw.githubusercontent.com/getsomecat/GetSomeCats/Surge/rule/substore.list,🌀 𝑨𝒖𝒕𝒐𝒎𝒂𝒕𝒊𝒄
# DOMAIN-SUFFIX,vercel.app,🌀 𝑨𝒖𝒕𝒐𝒎𝒂𝒕𝒊𝒄
# > Direct(Google|Proxy|Download|Spotify)
RULE-SET,https://raw.githubusercontent.com/bunizao/TutuBetterRules/tutu/RuleList/DOMAlN/Direct.list,DIRECT
# > Mail
DOMAIN-SUFFIX,smtp,DIRECT
URL-REGEX,(Subject|HELO|SMTP),DIRECT
# > Unbreak 后续规则修正
RULE-SET,https://raw.githubusercontent.com/DivineEngine/Profiles/master/Surge/Ruleset/Unbreak.list,DIRECT
# > Advertising 广告拦截
RULE-SET,https://raw.githubusercontent.com/DivineEngine/Profiles/master/Surge/Ruleset/Guard/Advertising.list,REJECT-TINYGIF
DOMAIN-SET,https://raw.githubusercontent.com/DivineEngine/Profiles/master/Surge/Ruleset/Guard/AdvertisingPlus.list,REJECT
# > 🆕 拒绝国家反诈中心请求
DOMAIN-SUFFIX,gjfzpt.cn,REJECT
# > Privacy 隐私保护
# RULE-SET,https://raw.githubusercontent.com/DivineEngine/Profiles/master/Surge/Ruleset/Guard/Privacy.list,REJECT-TINYGIF
# > 🆕 Anti-IPCheck 阻断大陆app的ip查询
# RULE-SET,https://raw.githubusercontent.com/bunizao/TutuBetterRules/tutu/RuleList/DOMAlN/Anti-IPCheck.list,🌀 𝑨𝒖𝒕𝒐𝒎𝒂𝒕𝒊𝒄
# > 规则们的party
RULE-SET,https://raw.githubusercontent.com/DivineEngine/Profiles/master/Surge/Ruleset/Guard/Hijacking.list,REJECT-TINYGIF
# > Stream Media
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/BiliBili/BiliBili.list,🍺 𝒃𝒊𝒍𝒊𝒃𝒊𝒍𝒊
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/Disney/Disney.list,🎬 𝑫𝒊𝒔𝒏𝒆𝒚+
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/Netflix/Netflix.list,🎥 𝑵𝒆𝒕𝒇𝒍𝒊𝒙
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/AbemaTV/AbemaTV.list,🇯🇵 𝑱𝒂𝒑𝒂𝒏 // AbemaTV
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/Peacock/Peacock.list,🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔 // Peacock
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/HBOUSA/HBOUSA.list,🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔 // HBO NOW && HBO MAX
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/PayPal/PayPal.list,💰 𝑷𝒂𝒚𝑷𝒂𝒍
RULE-SET,https://raw.githubusercontent.com/bunizao/TutuBetterRules/tutu/RuleList/DOMAlN/Telegram.list,☎️ 𝑻𝒆𝒍𝒆𝒈𝒓𝒂𝒎
RULE-SET,https://raw.githubusercontent.com/Semporia/TikTok-Unlock/master/Surge/TikTok.list,📺 𝑻𝒊𝒌𝑻𝒐𝒌
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/Speedtest/Speedtest.list,🕸️ 𝑺𝒑𝒆𝒆𝒅𝒕𝒆𝒔𝒕
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/Twitter/Twitter.list,⌨️ 𝑻𝒘𝒊𝒕𝒕𝒆𝒓
# > OpenAI & ChatGPT
RULE-SET,https://raw.githubusercontent.com/zxfccmm4/Surge/main/rules/OpenAI.list,🧠 𝑪𝒉𝒂𝒕𝑮𝑷𝑻
# > Tesla
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/Tesla/Tesla.list,🚗 𝑻𝒆𝒔𝒍𝒂
# > Youtube & Google Search
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/YouTube/YouTube.list,🎞️ 𝒀𝒐𝒖𝑻𝒖𝒃𝒆
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/GoogleSearch/GoogleSearch.list,🎞️ 𝒀𝒐𝒖𝑻𝒖𝒃𝒆
# > Apple
RULE-SET,https://raw.githubusercontent.com/bunizao/TutuBetterRules/tutu/RuleList/DOMAlN/Apple_Direct.list,DIRECT
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Clash/AppleNews/AppleNews.list,🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔
RULE-SET,https://raw.githubusercontent.com/bunizao/TutuBetterRules/tutu/RuleList/DOMAlN/Apple_Proxy.list,DIRECT
# RULE-SET,https://raw.githubusercontent.com/bunizao/TutuBetterRules/tutu/RuleList/DOMAlN/iCloudPrivateRelay.list,📎 𝐏𝐫𝐨𝐱𝐲 // iCloud Private Relay:MacOS上的Surge网关才能用 iOS不需要请禁用。
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/Apple/Apple.list,🍎 𝑨𝒑𝒑𝒍𝒆
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/Weibo/Weibo.list,🧣 𝑾𝒆𝒊𝒃𝒐
# > Github代理
RULE-SET,https://raw.githubusercontents.com/blackmatrix7/ios_rule_script/master/rule/Surge/GitHub/GitHub.list,🌀 𝑨𝒖𝒕𝒐𝒎𝒂𝒕𝒊𝒄
# > WeChat 根据你自己的Wechat DC选择策略
# RULE-SET,https://raw.githubusercontent.com/DivineEngine/Profiles/master/Surge/Ruleset/Extra/WeChat.list,🇸🇬 𝑺𝒊𝒏𝒈𝒂𝒑𝒐𝒓𝒆
# RULE-SET,https://raw.githubusercontent.com/DivineEngine/Profiles/master/Surge/Ruleset/Extra/WeChat.list,🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔
# > Streaming 国际流媒体服务
RULE-SET,https://raw.githubusercontent.com/DivineEngine/Profiles/master/Surge/Ruleset/StreamingMedia/Streaming.list,🌀 𝑨𝒖𝒕𝒐𝒎𝒂𝒕𝒊𝒄
# > Global 全球加速
RULE-SET,https://raw.githubusercontent.com/DivineEngine/Profiles/master/Surge/Ruleset/Global.list,🌀 𝑨𝒖𝒕𝒐𝒎𝒂𝒕𝒊𝒄
# > China 中国直连
RULE-SET,https://raw.githubusercontent.com/DivineEngine/Profiles/master/Surge/Ruleset/China.list,DIRECT
# > Local Area Network 局域网
RULE-SET,LAN,DIRECT
# > ASN China 分流
# RULE-SET,https://raw.githubusercontent.com/VirgilClyne/GetSomeFries/main/ruleset/ASN.China.list,DIRECT
# > 兜底规则
FINAL,⚙️ 𝑵𝒐𝑨𝒖𝒕𝒐,dns-failed
# 应用代理
# pikpak
DOMAIN-SUFFIX,mypikpak.com,🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔 // Added for: api-drive.mypikpak.com:443
# PayPal
RULE-SET,https://raw.githubusercontent.com/DivineEngine/Profiles/master/Surge/Ruleset/Extra/PayPal.list,🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔
# Roit 游戏分流规则
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/Riot/Riot.list,🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔
[Host]
*.taobao.com = server:223.5.5.5
*.tmall.com = server:223.5.5.5
*.alipay.com = server:223.5.5.5
*.alicdn.com = server:223.5.5.5
*.aliyun.com = server:223.5.5.5
*.jd.com = server:119.28.28.28
*.qq.com = server:119.28.28.28
*.tencent.com = server:119.28.28.28
*.weixin.com = server:119.28.28.28
*.bilibili.com = server:119.29.29.29
hdslb.com = server:119.29.29.29
*.163.com = server:119.29.29.29
*.126.com = server:119.29.29.29
*.126.net = server:119.29.29.29
*.127.net = server:119.29.29.29
*.netease.com = server:119.29.29.29
*.mi.com = server:119.29.29.29
*.xiaomi.com = server:119.29.29.29
*testflight.apple.com = server:8.8.4.4
# Firebase Cloud Messaging
mtalk.google.com = 108.177.125.188
# Google Dl
dl.google.com = server:119.29.29.29
dl.l.google.com = server:119.29.29.29
update.googleapis.com = server:119.29.29.29
# Router Admin Panel
amplifi.lan = server:syslib // Ubiquiti Amplifi Router
router.synology.com = server:syslib // Synology Router
sila.razer.com = server:syslib // Razer Sila Router
router.asus.com = server:syslib // Asus Router
routerlogin.net = server:syslib // Netgear Router
orbilogin.com = server:syslib // Netgear Obri Router
www.LinksysSmartWiFi.com = server:syslib // Linksys Router
LinksysSmartWiFi.com = server:syslib // Linksys Router
myrouter.local = server:syslib // Linksys Router
www.miwifi.com = server:syslib // Xiaomi Mi WiFi Router
miwifi.com = server:syslib // Xiaomi Mi WiFi Router
mediarouter.home = server:syslib // Huawei Router
tplogin.cn = server:syslib // TP-Link Router
tplinklogin.net = server:syslib // TP-Link Router
melogin.cn = server:syslib // MERCURY Router
falogin.cn = server:syslib // FAST Router
# CUSTOM HOST
# 该段定义针对 HTTP 请求的 URL 重定向规则
# 有两种重定向方式: "header" 和 "302"
#
# Header 模式
# Surge 会修改发出的 http header,必要时还会修改 Host 字段。客户端将
# 感知不到这个重定向过程. 不支持重定向到一个 HTTPS 的地址。
#
# 302 模式
# Surge 直接简单的返回一个 302 重定向回应。
[URL Rewrite]
# Redirect Google Search Service
^https?:\/\/(www.)?(g|google)\.cn https://www.google.com 302
# Redirect Google Maps Service
^https?:\/\/(ditu|maps).google\.cn https://maps.google.com 302
# Redirect HTTP to HTTPS
^https?:\/\/(www.)?taobao\.com\/ https://taobao.com/ 302
^https?:\/\/(www.)?jd\.com\/ https://www.jd.com/ 302
^https?:\/\/(www.)?mi\.com\/ https://www.mi.com/ 302
^https?:\/\/you\.163\.com\/ https://you.163.com/ 302
^https?:\/\/(www.)?suning\.com\/ https://suning.com/ 302
^https?:\/\/(www.)?yhd\.com\/ https://yhd.com/ 302
# AbeamTV
^https?:\/\/api\.abema\.io\/v\d\/ip\/check - reject
# CUSTOM URL
[Header Rewrite]
^https?:\/\/.*\.zhihu\.com\/(question|topic) header-replace User-Agent "osee2unifiedRelease/4432 osee2unifiedReleaseVersion/7.8.0 Mozilla/5.0 (iPhone; CPU iPhone OS 14_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mo bile/15E148"
# 该段仅在 iOS 版本下生效。
# 你可以为某些特定的 WiFi 网络设置设置参数
# 参数:
# suspend: "true" 或 "false"
# 在该网络下 Surge 将暂停工作。 请注意,如果你在该网络下直接启动 Surge,那么
# Surge 依然会工作。只有当从其他网络切换到该网络时,Surge 才会暂停。
#
# SSID Setting 段表达式(适用 SUBNET 规则)
# 可使用 MCCMNC:100-200 匹配特定数据网络
# 可使用 SSID:value 特定匹配 SSID,支持通配符
# 可使用 BSSID:value 特定匹配 BSSID,支持通配符
# 可使用 ROUTER:value 特定匹配路由地址
# 可使用 TYPE:WIFI 匹配所有 WiFi 网络
# 可使用 TYPE:CELLULAR 匹配所有数据网络
# 可使用 TYPE:WIRED 匹配所有有线网络(iOS 上支持 USB 网络适配
# 参数 cellular-fallback 可单独控制一些 Wi-Fi 下的 all-hybrid 和 wifi-assist 行为
# cellular-fallback=default 使用 [General] 中的 all-hybrid 和 wifi-assist 配置/
# cellular-fallback=off 关闭 all-hybrid 和 wifi-assist
# cellular-fallback=hybrid 开启 all-hybrid
# cellular-fallback=wifi-assist 开启 wifi-assist
# 如无前缀则按照旧版规则匹配 SSID、BSSID、路由地址
# SSID Setting 段内容从上至下依次匹配,匹配到第一个结果后立刻终止
#
# 中国用户若使用 TFO 建议强制关闭数据网络上的 TFO,避免产生问题,然后在已测试过的网络上强制开启。只有这样配置后方可充分享受 TFO 的优势。
[SSID Setting]
# Temporarily Suspend
"SSID Here" suspend=true
# TCP Fast Open
"My Home" tfo-behaviour=force-enabled
TYPE:CELLULAR tfo-behaviour=force-disabled
[MITM]
# 跳过服务端证书验证
skip-server-cert-verify = true
# MITM over HTTP/2
//MITM over HTTP/2:使用 HTTP/2 协议进行 MITM 解密,可在高并发下优化性能
h2 = true
# 主机名
//Surge 仅会解密这里指定的主机名的请求,ios 系统和某些应用有严格的安全策略,仅信任某些特定的证书,对这些域名启动解密可能导致问题,如 *apple.com, *icloud.com.
# 可使用通配符* 和?
# 可使用前缀-将特定主机名排除
# 默认仅解密发往 443 端口的请求
# 可使用后缀:port 解密特定端口
# 可使用后缀:0解密所有端口
tcp-connection = true
hostname = www.google.cn, api.abema.io, *.zhihu.com, -CUSTOMMitM, sub.store