-
Notifications
You must be signed in to change notification settings - Fork 0
/
Surge.conf
224 lines (182 loc) · 9.12 KB
/
Surge.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
# 托管配置
# 此配置只能在 Surge 主程序运行时更新
# !MANAGED-CONFIG https://raw.githubusercontent.com/joyoner/rule/master/Surge.conf interval=60 strict=true
[General]
# > 使用 WiFi 尝试建立连接后,如果一秒钟内仍未完成,则再使用数据网络尝试连接。选择最先完成的 TCP 连接。
wifi-assist = true
# > 增强版 Wi-Fi 助理,直接并发建立两个 TCP 连接,选择最先完成的 TCP 连接。 开启后,等同于对所有策略设置 hybrid = true,所有 TCP 连接在建立时均会并发尝试数据网络和 WiFi 连接。
all-hybrid = false
# > Internet 测试 URL
internet-test-url = http://wifi.vivo.com.cn/generate_204
# > 代理测速 URL
proxy-test-url = http://cp.cloudflare.com/generate_204
# proxy-test-url = http://www.gstatic.com/generate_204
# > 测试超时(秒)
test-timeout = 2
# > 自定义 GeoIP 数据库
geoip-maxmind-url = https://cdn.jsdelivr.net/gh/NobyDa/geoip@release/Private-GeoIP-CN.mmdb
# https://cdn.jsdelivr.net/gh/Hackl0us/GeoIP2-CN@release/Country.mmdb
# https://cdn.jsdelivr.net/gh/Loyalsoldier/geoip@release/geoip-only-cn-private.dat
# > GeoIP 数据库自动更新
disable-geoip-db-auto-update = false
# > 日志等级 verbose、info、notify、warning
loglevel = warning
# > IPv6 支持
ipv6 = false
# > 当遇到 REJECT 策略时返回错误页
show-error-page-for-reject = true
# > 隐藏状态栏上的VPN图标
# 启动该选项可能导致「Cannot allocate memory」系统错误,请谨慎使用。
hide-vpn-icon = false
# > 兼容模式 (仅 iOS)
# compatibility-mode = 0
# > UDP IP 防泄漏
# 如果没有代理服务器支持 UDP 转发,可修改为「 direct 」或注释下条,但需注意同一目标主机名 TCP 请求与 UDP 请求的源地址不同所造成的隐私及安全风险。
udp-policy-not-supported-behaviour = reject
# > 提高处理 UDP 流量的优先级,当系统负载高时会有比较明显的作用
udp-priority = true
# > 开启后 Surge 在切换网络后不再重新进行 VPN 配置
fast-switch = true
# > Allow Hotspot Access(热点分享代理)
allow-hotspot-access = true
# > DNS 服务器,system和自定义并发查询
dns-server = 223.5.5.5, 119.29.29.29
# > 加密的DNS服务器(如无必要不建议使用)
# encrypted-dns-server = h3://223.5.5.5/dns-query,https://dns.alidns.com/dns-query
# > 关闭 DOH 的服务端证书验证
# encrypted-dns-skip-cert-verification = true
# > 对于代理也请求本地DNS映射[host]
use-local-host-item-for-proxy = false
# > 允许 Wi-Fi 访问iOS
#allow-wifi-access = false
#wifi-access-http-port = 6152
#wifi-access-socks5-port = 6153
# > Web 控制器
#external-controller-access = mieq@0.0.0.0:6165
# > HTTP-API
#http-api = mieq@0.0.0.0:6166
#http-api-tls = false
#http-api-web-dashboard = true
# > 排除简单主机名
exclude-simple-hostnames = true
# > 跳过代理
skip-proxy = 239.255.255.250/32, 127.0.0.1, 192.168.0.0/16, 193.168.0.0/24, 172.16.0.0/12, 100.64.0.0/10, 10.0.0.0/8, 17.0.0.0/8, localhost, *.local, *.crashlytics.com, passenger.t3go.cn, iosapps.itunes.apple.com,www.baidu.com,yunbusiness.ccb.com,wxh.wo.cn
# > Always Real IP Hosts
always-real-ip = *.msftconnecttest.com, *.msftncsi.com, *.srv.nintendo.net, *.stun.playstation.net, xbox.*.microsoft.com, *.xboxlive.com, *.logon.battlenet.com.cn, *.logon.battle.net, stun.l.google.com
# Hijack DNS
# hijack-dns = 8.8.8.8:53, 8.8.4.4:53
# > 路由防火墙
# 包含所有的网络请求
include-all-networks = false
# 包含本地网络请求
include-local-networks = false
# > VIF Excluded Routes
# Surge VIF 只能处理 TCP 和 UDP 协议。使用此选项可以绕过特定的 IP 范围,允许所有流量通过。
# tun-excluded-routes = 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12
# > VIF Included Routes
# 默认情况下,Surge VIF 接口会声明自己是默认路由。但是,由于 Wi-Fi 接口的路由较小,有些流量可能不会通过 Surge VIF 接口。使用此选项可以添加一条较小的路由。
# tun-included-routes = 192.168.1.12/32
[Replica]
# > 隐藏 Apple 请求
hide-apple-request = 1
# > 隐藏崩溃追踪器请求
hide-crash-reporter-request = 1
# > 隐藏 UDP 会话
hide-udp = 1
# > 关键词过滤器
# keyword-filter-type = none
# > 关键词
# keyword-filter = (null)
[Proxy]
#!include proxy.dconf, subscribe.conf
[Proxy Group]
#!include proxy.dconf
[Rule]
# DOMAIN-SUFFIX,sinaimg.cn,Proxy // Added for: wx2.sinaimg.cn:443
DOMAIN,api.revenuecat.com,REJECT
# Unbreak 后续规则修正
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/Direct/Direct.list,DIRECT
# 去广告
DOMAIN-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/Advertising/Advertising_Domain.list,REJECT
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/Advertising/Advertising.list,REJECT
# SSID直连
# SUBNET,SSID:Freeloader_5G,DIRECT
# Telegram
# RULE-SET,https://github.com/blackmatrix7/ios_rule_script/raw/master/rule/Surge/Telegram/Telegram.list,Telegram
# Global 全球加速
DOMAIN-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/Global/Global_Domain.list,Proxy
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/Global/Global.list,Proxy
# 网易云
# RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/NetEaseMusic/NetEaseMusic.list,Music
# RULE-SET,https://raw.githubusercontent.com/DesperadoJ/Rules-for-UnblockNeteaseMusic/master/Surge/RuleSet/NeteaseMusic.list,Music
# China 中国直连
RULE-SET,https://github.com/blackmatrix7/ios_rule_script/raw/master/rule/Surge/China/China.list,DIRECT
# 以下规则触发DNS解析
# Local Area Network 局域网
RULE-SET,LAN,DIRECT
# GeoIP China
GEOIP,CN,DIRECT
FINAL,Proxy,dns-failed
[Host]
# > Firebase Cloud Messaging
mtalk.google.com = 108.177.125.188
# > Google Dl
dl.google.com = server:119.29.29.29
dl.l.google.com = server:119.29.29.29
update.googleapis.com = server:119.29.29.29
# > PlayStation
*.dl.playstation.net = server:119.29.29.29
# Apple TestFlight
*testflight.apple.com = server:8.8.4.4
[URL Rewrite]
# 以下为Safari全能搜索、需要把Safari的搜索引擎设置为:DuckDuckGo
# gm (Google图片) header
^https:\/\/duckduckgo.com\/\?q=gm\+([^&]+).+ https://www.google.com/search?&tbm=isch&q=$1 302
# gh (GitHub) header
^https:\/\/duckduckgo.com\/\?q=gh\+([^&]+).+ https://github.com/search?q=$1 302
# tf (Google 搜索 TestFlight)
^https:\/\/duckduckgo.com\/\?q=tf(\+|%20)([^&]+).+ https://www.google.com/search?as_q=$2&as_sitesearch=testflight.apple.com 302
# wb (微博) header
^https:\/\/duckduckgo.com\/\?q=wb\+([^&]+).+ https://s.weibo.com/weibo/$1 302
# wx (微信) header
^https:\/\/duckduckgo.com\/\?q=wx\+([^&]+).+ https://weixin.sogou.com/weixinwap?query=$1 302
# jd (京东) header
^https:\/\/duckduckgo.com\/\?q=jd\+([^&]+).+ https://so.m.jd.com/ware/search.action?keyword=$1 302
# tb (淘宝) header
^https:\/\/duckduckgo.com\/\?q=tb\+([^&]+).+ https://s.m.taobao.com/h5?q=$1 302
# tm (天猫) header
^https:\/\/duckduckgo.com\/\?q=tm\+([^&]+).+ https://s.m.tmall.com/m/search.htm?q=$1 302
# ytb (YouTube) header
^https:\/\/duckduckgo.com\/\?q=ytb\+([^&]+).+ https://www.youtube.com/results?search_query=$1 302
# ph (PornHub) header
^https:\/\/duckduckgo.com\/\?q=ph\+([^&]+).+ https://cn.pornhub.com/video/search?search=$1 302
# bi (必应) header
^https:\/\/duckduckgo.com\/\?q=bi\+([^&]+).+ https://cn.bing.com/search?q=$1 302
# bd (百度) header
^https:\/\/duckduckgo.com\/\?q=bd\+([^&]+).+ https://www.baidu.com/s?wd=$1 302
# 无指令 (Google) header
^https:\/\/duckduckgo.com\/\?q=([^&]+).+ https://www.google.com/search?q=$1 302
[SSID Setting]
Freeloader_5G cellular-fallback=off
TYPE:CELLULAR tfo-behaviour=force-disabled
[MITM]
# > 跳过服务端证书验证
# skip-server-cert-verify = true
# > VIF 对原始 TCP 流量进行解密
#tcp-connection = true
# > MITM over HTTP/2
h2 = true
# > CA 证书
ca-keystore-name = CA
# > 需要解密的域名
hostname = duckduckgo.com, -*snssdk.com, -*amemv.com
[Script]
# 缓存开关 = type=generic,timeout=10,script-path=https://raw.githubusercontent.com/githubdulong/Script/master/surgepro_flushdns.js,argument=icon=power.circle&color=#FF2121&title=Surge ®|2022-11-04
# 代理选择 = type=generic,timeout=10,script-path=https://gist.githubusercontent.com/joyoner/29954b519136aab57360fd8cc03be1fc/raw/groupPanel.js,argument=icon=bolt.circle&color=#157EFB&group=Proxy
# 油管检测 = type=generic,timeout=30,script-path=https://gist.github.com/joyoner/73a9f9dc9195c51f065efb61991406e0/raw/youtube_premium_check.js,argument=title=YouTube&availableIcon=play.circle&availableIconColor=#228B22¬AvailableIcon=xmark.shield¬AvailableIconColor=#AF52DE
# 解锁检测 = type=generic,timeout=30,script-path=https://raw.githubusercontent.com/githubdulong/Script/master/Stream-All.js,script-update-interval=0,argument=title=解锁检测&icon=play.circle&color=#FF2121
[Panel]
# 策略面板 = script-name=缓存开关,update-interval=15
# 策略面板 = script-name=代理选择,update-interval=3
# 策略面板 = script-name=油管检测,update-interval=1
# 策略面板 = script-name=解锁检测,update-interval=3600