# By:Steve # X: @St7evechou # 最后一次更新:2024.10.26 # TG频道:https://t.me/st7evee # 下载配置后,请手动添加机场订阅 [General] # --- GENERAL --- # Enhanced Wi-Fi Assist wifi-assist = true # Hybrid Network all-hybrid = false # Gaming Optimization //开启后将在系统负载非常高,数据包处理出现延迟时,优先处理 UDP 数据包。 udp-priority = true # Latency Benchmark internet-test-url = http://bing.com proxy-test-url = http://cp.cloudflare.com/generate_204 test-timeout = 5 # GeoIP Database geoip-maxmind-url = https://raw.githubusercontent.com/Loyalsoldier/geoip/release/Country.mmdb # IPv6 Support //开启 IPv6 会让 Surge 同时请求域名的 A 与 AAAA 记录,这可能略微的增加延迟。若 DNS 服务器无法正确响应 AAAA 查询,则可能导致严重的卡顿,仅在需要时开启。 ipv6 = false # --- Wi-Fi ACCESS --- //Surge 可以作为一个标准的 HTTP/SOCKS5 代理服务器向 wi-Fi 网络下的其他设备提供服务器 allow-wifi-access = false # Surge iOS - 默认 HTTP 端口号:6152,SOCKS5 端口号:6153 wifi-access-http-port = 6152 wifi-access-socks5-port = 6153 # Surge Mac - 默认 HTTP 端口号:6152,SOCKS5 端口号:6153 http-listen = 0.0.0.0:6152 socks5-listen = 0.0.0.0:6153 # 允许热点共享 allow-hotspot-access = true # --- REMOTE CONTROLLER --- # 允许 Surge 请求查看器或 Surge CLI 进行管理控制 //默认仅允许外部控制器通过 USB 进行控制。如果想要允许由 Wi-Fi 控制可以将 127.0.0.1 改为 0.0.0.0 external-controller-access = key@127.0.0.1:6160 # HTTP API & Web Dashboard //This option allows using HTTP APIs to control http-api = key@127.0.0.1:6166 //使用 HTTPS 替代 HTTP 协议,需要先配置 MitM 的 CA 证书,同时需要在客户端设备上手动安装并信任 CA 证书 http-api-tls = false //开启该选项后可以通过浏览器控制 Surge,本机浏览器输入127.0.0.1:6166 http-api-web-dashboard = true # --- COMPATIBILITY --- //该选项将使得发往这些域名或者 IP 段的请求由 Surge VIF 进行处理(而不是 Surge Proxy),该选项用于修正和某些应用的兼容性问题 # 兼容模式 # 0:禁用 # 1:Proxy with Loopback Address # 2:Proxy Only # 3:VIF Only # 4:VIF Proxy:不使用 127.0.0.1 的回环地址作为代理,使用 VIF 的虚拟代理地址,将产生额外的性能开销 # 5:不作为默认路由:不声明为默认路由,但声明若干个小路由以覆盖所有地址(与 Surge Mac 增强模式行为相同) # 这种配置下由于 VIF 不是主网络设备无法配置系统代理。部分应用在该模式下会认为 VPN 未开启以解决特殊兼容性问题,如 HomeKit Security Camera # ⚠️ 请仅在指引下使用,开启后部分功能可能无法使用 compatibility-mode = 0 # 跳过代理 skip-proxy = 192.168.0.0/24, 10.0.0.0/8, 172.16.0.0/12, 127.0.0.1, localhost, *.local # 排除简单主机名 exclude-simple-hostnames = true # --- DNS --- # The IP addresses of upstream DNS servers dns-server = 223.5.5.5, 114.114.114.114 # 从 /etc/hosts 读取 DNS 记录 read-etc-hosts = true # ENCRYPTED DNS //如果配置了加密 DNS,传统 DNS 将仅用作解析 DOH 域名和测试网络连通性 # 支持的协议: # DNS over HTTPS: https://doh.pub/dns-query # DNS over HTTP/3: h3://example.com # DNS over QUIC: quic://example.com //encrypted-dns-server = https://223.5.5.5/ // 除非当地 ISP 有严重的 DNS 污染问题,否则没必要开启 DoH,传统 DNS 的性能最优,网络异常后恢复速度最快 doh-skip-cert-verification=true // 临时关闭 DOH 的服务端证书验证(解决 Surge 无法与 nextdns.io 完成 TLS 握手问题) # 代理请求本地 DNS 映射 //开启该选项后,如果访问的域名配置有本地 DNS 映射,surge 将使用本地 IP 地址进行请求,不在远端进行解析。仅对配置了 IP 地址的本地 DNS 映射生效 use-local-host-item-for-proxy = true # 使加密 DNS 请求通过代理策略执行 encrypted-dns-follow-outbound-mode = false # --- ROUTING --- # 包含所有网络请求 include-all-networks = false # 包含本地网络请求 include-local-networks = false # --- ADVANCED --- # Log Level loglevel = notify # 当遇到 REJECT 策略时返回错误页 show-error-page-for-reject = true # Always Real IP Hosts # 当 Surge VIF 处理 DNS 问题时,此选项要求 Surge 返回一个真正的 IP 地址,而不是一个 Fake IP # DNS 数据包将被转发到上游 DNS 服务器 # 例如由于游戏主机会使用 STUN 技术进行 NAT 穿透,需要进行一些额外的配置才能正常工作 always-real-ip = link-ip.nextdns.io, *.msftconnecttest.com, *.msftncsi.com, *.srv.nintendo.net, *.stun.playstation.net, xbox.*.microsoft.com, *.xboxlive.com, *.logon.battlenet.com.cn, *.logon.battle.net, stun.l.google.com # Hijack DNS # 默认情况下,Surge 只对发送到 Surge DNS 地址(198.18.0.2)的 DNS 查询返回 Fack IP 地址。发送到标准 DNS 的查询将被转发 # 如 Google 系智能硬件产品会无视 DHCP 配置强行使用 8.8.8.8 和 8.8.4.4,需要配置 Surge 强行劫持才可以正常工作 hijack-dns = 8.8.8.8:53, 8.8.4.4:53 # TCP Force HTTP Hosts # 使 Surge 将 TCP 连接视为 HTTP 请求。Surge HTTP 引擎将处理请求,并且所有高级功能都将可用,如截取、重写和脚本 # 支持通配符 * 及 ?; # 使用前缀 - 排除主机名; # 默认情况下,只对 80 端口的请求进行处理(使用 example.com:443 指定端口或 example.com:0 表示所有端口); # 表示匹配所有主机名为 IP 地址的连接; # 表示匹配所有主机名为 IPv4 地址的连接; # 表示匹配所有主机名为 IPv6 地址的连接。 force-http-engine-hosts = *.ott.cibntv.net, 123.59.31.1,119.18.193.135, 122.14.246.33, 175.102.178.52, 116.253.24.*, 175.6.26.*, 220.169.153.* # VIF Excluded Routes //tun-excluded-routes = 239.255.255.250/32 # VIF Included Routes //tun-included-routes = 192.168.1.12/32 # 当 Wi-Fi 不是首选网络时 SSID 组策略使用默认策略 use-default-policy-if-wifi-not-primary = false # 控制当 UDP 流量被匹配到一个不支持 UDP 转发的策略时的行为 # - DIRECT:回退到 DIRECT 策略(默认) # - REJECT:回退到 REJECT 策略 udp-policy-not-supported-behaviour = REJECT [Proxy] [Proxy Group] # > 这是一个final规则 没有命中的连接会走以下的策略组 ⚙️ 𝑵𝒐𝑨𝒖𝒕𝒐 = select, 🌍 𝑴𝒂𝒊𝒏𝒍𝒂𝒏𝒅, 🌀 𝑨𝒖𝒕𝒐𝒎𝒂𝒕𝒊𝒄 # > 这是你的机场链接填写的地方 在policy_path=后面粘贴你自己机场的订阅链接(不要在这里粘贴 谢谢) 🌀 𝑨𝒖𝒕𝒐𝒎𝒂𝒕𝒊𝒄 = select, 🇭🇰 𝑯𝒐𝒏𝒈 𝑲𝒐𝒏𝒈, 🇨🇳 𝑻𝒂𝒊𝒘𝒂𝒏, 🇯🇵 𝑱𝒂𝒑𝒂𝒏, 🇸🇬 𝑺𝒊𝒏𝒈𝒂𝒑𝒐𝒓𝒆, 🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔, interval=600, tolerance=50 👹 𝐀𝐥𝐥𝐒𝐞𝐫𝐯𝐞𝐫 = select, policy-path=https://sub.store/download/collection/Surge, update-interval=0 # > 以下是策略组 需先配置好sub-store使用 ⚠️ 𝑭𝒂𝒍𝒍𝒃𝒂𝒄𝒌 = fallback, 🇭🇰 𝑯𝒐𝒏𝒈 𝑲𝒐𝒏𝒈, 🇨🇳 𝑻𝒂𝒊𝒘𝒂𝒏, 🇯🇵 𝑱𝒂𝒑𝒂𝒏, 🇸🇬 𝑺𝒊𝒏𝒈𝒂𝒑𝒐𝒓𝒆, 🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔, interval=600 🍎 𝑨𝒑𝒑𝒍𝒆 = select, 🌍 𝑴𝒂𝒊𝒏𝒍𝒂𝒏𝒅, 🇭🇰 𝑯𝒐𝒏𝒈 𝑲𝒐𝒏𝒈, 🇨🇳 𝑻𝒂𝒊𝒘𝒂𝒏, 🇸🇬 𝑺𝒊𝒏𝒈𝒂𝒑𝒐𝒓𝒆, 🇯🇵 𝑱𝒂𝒑𝒂𝒏, 🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔 🍺 𝒃𝒊𝒍𝒊𝒃𝒊𝒍𝒊 = select, 🌍 𝑴𝒂𝒊𝒏𝒍𝒂𝒏𝒅, 🇭🇰 𝑯𝒐𝒏𝒈 𝑲𝒐𝒏𝒈, 🇨🇳 𝑻𝒂𝒊𝒘𝒂𝒏 🎬 𝑫𝒊𝒔𝒏𝒆𝒚+ = select, 🇭🇰 𝑯𝒐𝒏𝒈 𝑲𝒐𝒏𝒈, 🇸🇬 𝑺𝒊𝒏𝒈𝒂𝒑𝒐𝒓𝒆 🎥 𝑵𝒆𝒕𝒇𝒍𝒊𝒙 = select, 🇭🇰 𝑯𝒐𝒏𝒈 𝑲𝒐𝒏𝒈, 🇨🇳 𝑻𝒂𝒊𝒘𝒂𝒏, 🇸🇬 𝑺𝒊𝒏𝒈𝒂𝒑𝒐𝒓𝒆, 🇯🇵 𝑱𝒂𝒑𝒂𝒏, 🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔 🕸️ 𝑺𝒑𝒆𝒆𝒅𝒕𝒆𝒔𝒕 = select, 🌍 𝑴𝒂𝒊𝒏𝒍𝒂𝒏𝒅, 🌀 𝑨𝒖𝒕𝒐𝒎𝒂𝒕𝒊𝒄, 👹 𝐀𝐥𝐥𝐒𝐞𝐫𝐯𝐞𝐫 💰 𝑷𝒂𝒚𝑷𝒂𝒍 = select, 🌍 𝑴𝒂𝒊𝒏𝒍𝒂𝒏𝒅, 🇭🇰 𝑯𝒐𝒏𝒈 𝑲𝒐𝒏𝒈, 🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔 ☎️ 𝑻𝒆𝒍𝒆𝒈𝒓𝒂𝒎 = select, 🌀 𝑨𝒖𝒕𝒐𝒎𝒂𝒕𝒊𝒄, 🇸🇬 𝑺𝒊𝒏𝒈𝒂𝒑𝒐𝒓𝒆, 🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔, 🇭🇰 𝑯𝒐𝒏𝒈 𝑲𝒐𝒏𝒈, 🇨🇳 𝑻𝒂𝒊𝒘𝒂𝒏, 🇯🇵 𝑱𝒂𝒑𝒂𝒏 📺 𝑻𝒊𝒌𝑻𝒐𝒌 = select, 🇨🇳 𝑻𝒂𝒊𝒘𝒂𝒏, 🇸🇬 𝑺𝒊𝒏𝒈𝒂𝒑𝒐𝒓𝒆, 🇯🇵 𝑱𝒂𝒑𝒂𝒏, 🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔 ⌨️ 𝑻𝒘𝒊𝒕𝒕𝒆𝒓 = select, 🌀 𝑨𝒖𝒕𝒐𝒎𝒂𝒕𝒊𝒄, 🇭🇰 𝑯𝒐𝒏𝒈 𝑲𝒐𝒏𝒈, 🇨🇳 𝑻𝒂𝒊𝒘𝒂𝒏, 🇸🇬 𝑺𝒊𝒏𝒈𝒂𝒑𝒐𝒓𝒆, 🇯🇵 𝑱𝒂𝒑𝒂𝒏, 🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔 🎞️ 𝒀𝒐𝒖𝑻𝒖𝒃𝒆 = select, 🌀 𝑨𝒖𝒕𝒐𝒎𝒂𝒕𝒊𝒄, 🇭🇰 𝑯𝒐𝒏𝒈 𝑲𝒐𝒏𝒈, 🇨🇳 𝑻𝒂𝒊𝒘𝒂𝒏, 🇸🇬 𝑺𝒊𝒏𝒈𝒂𝒑𝒐𝒓𝒆, 🇯🇵 𝑱𝒂𝒑𝒂𝒏, 🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔 🧣 𝑾𝒆𝒊𝒃𝒐 = select, 🌍 𝑴𝒂𝒊𝒏𝒍𝒂𝒏𝒅, 🇭🇰 𝑯𝒐𝒏𝒈 𝑲𝒐𝒏𝒈, 🇨🇳 𝑻𝒂𝒊𝒘𝒂𝒏, 🇸🇬 𝑺𝒊𝒏𝒈𝒂𝒑𝒐𝒓𝒆, 🇯🇵 𝑱𝒂𝒑𝒂𝒏, 🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔, 👹 𝐀𝐥𝐥𝐒𝐞𝐫𝐯𝐞𝐫 🧠 𝑪𝒉𝒂𝒕𝑮𝑷𝑻 = select, 🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔, 🇯🇵 𝑱𝒂𝒑𝒂𝒏, 🇸🇬 𝑺𝒊𝒏𝒈𝒂𝒑𝒐𝒓𝒆 🚗 𝑻𝒆𝒔𝒍𝒂 = select, 🌍 𝑴𝒂𝒊𝒏𝒍𝒂𝒏𝒅 🇭🇰 𝑯𝒐𝒏𝒈 𝑲𝒐𝒏𝒈 = url-test, policy-path=https://sub.store/download/collection/Surge, update-interval=0, policy-regex-filter=港|🇭🇰|香港|HK|Hong, interval=600, tolerance=50 🇨🇳 𝑻𝒂𝒊𝒘𝒂𝒏 = url-test, policy-path=https://sub.store/download/collection/Surge, update-interval=0, policy-regex-filter=台|🇨🇳|台湾|TW|Tai, interval=600, tolerance=50 🇯🇵 𝑱𝒂𝒑𝒂𝒏 = url-test, policy-path=https://sub.store/download/collection/Surge, update-interval=0, policy-regex-filter=日|🇯🇵|日本|JP|Japan, interval=600, tolerance=50 🇸🇬 𝑺𝒊𝒏𝒈𝒂𝒑𝒐𝒓𝒆 = url-test, policy-path=https://sub.store/download/collection/Surge, update-interval=0, policy-regex-filter=坡|🇸🇬|新加坡|狮城|SG|Singapore, interval=600, tolerance=50 🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔 = url-test, policy-path=https://sub.store/download/collection/Surge, update-interval=0, policy-regex-filter=美|🇺🇸|美国|US|States|American, interval=600, tolerance=50 📎 𝐏𝐫𝐨𝐱𝐲 = select, 🌀 𝑨𝒖𝒕𝒐𝒎𝒂𝒕𝒊𝒄, ⚠️ 𝑭𝒂𝒍𝒍𝒃𝒂𝒄𝒌, 🇭🇰 𝑯𝒐𝒏𝒈 𝑲𝒐𝒏𝒈, 🇨🇳 𝑻𝒂𝒊𝒘𝒂𝒏, 🇸🇬 𝑺𝒊𝒏𝒈𝒂𝒑𝒐𝒓𝒆, 🇯🇵 𝑱𝒂𝒑𝒂𝒏, 🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔 🌍 𝑴𝒂𝒊𝒏𝒍𝒂𝒏𝒅 = select, DIRECT [Rule] # > Safari 防跳转 DOMAIN,app-site-association.cdn-apple.com,REJECT # ban UDP on Youtube AND,((PROTOCOL,UDP), (DOMAIN-SUFFIX,googlevideo.com)),REJECT-NO-DROP # ban National Anti-fraud Center DOMAIN,prpr.96110.cn.com,DIRECT DOMAIN-KEYWORD,96110,REJECT DOMAIN-SUFFIX,gjfzpt.cn,REJECT # > Vercel --> sub-store RULE-SET,https://raw.githubusercontent.com/getsomecat/GetSomeCats/Surge/rule/substore.list,🌀 𝑨𝒖𝒕𝒐𝒎𝒂𝒕𝒊𝒄 # DOMAIN-SUFFIX,vercel.app,🌀 𝑨𝒖𝒕𝒐𝒎𝒂𝒕𝒊𝒄 # > Direct(Google|Proxy|Download|Spotify) RULE-SET,https://raw.githubusercontent.com/bunizao/TutuBetterRules/tutu/RuleList/DOMAlN/Direct.list,DIRECT # > Mail DOMAIN-SUFFIX,smtp,DIRECT URL-REGEX,(Subject|HELO|SMTP),DIRECT # > Unbreak 后续规则修正 RULE-SET,https://raw.githubusercontent.com/DivineEngine/Profiles/master/Surge/Ruleset/Unbreak.list,DIRECT # > Advertising 广告拦截 RULE-SET,https://raw.githubusercontent.com/DivineEngine/Profiles/master/Surge/Ruleset/Guard/Advertising.list,REJECT-TINYGIF DOMAIN-SET,https://raw.githubusercontent.com/DivineEngine/Profiles/master/Surge/Ruleset/Guard/AdvertisingPlus.list,REJECT # > 🆕 拒绝国家反诈中心请求 DOMAIN-SUFFIX,gjfzpt.cn,REJECT # > Privacy 隐私保护 # RULE-SET,https://raw.githubusercontent.com/DivineEngine/Profiles/master/Surge/Ruleset/Guard/Privacy.list,REJECT-TINYGIF # > 🆕 Anti-IPCheck 阻断大陆app的ip查询 # RULE-SET,https://raw.githubusercontent.com/bunizao/TutuBetterRules/tutu/RuleList/DOMAlN/Anti-IPCheck.list,🌀 𝑨𝒖𝒕𝒐𝒎𝒂𝒕𝒊𝒄 # > 规则们的party RULE-SET,https://raw.githubusercontent.com/DivineEngine/Profiles/master/Surge/Ruleset/Guard/Hijacking.list,REJECT-TINYGIF # > Stream Media RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/BiliBili/BiliBili.list,🍺 𝒃𝒊𝒍𝒊𝒃𝒊𝒍𝒊 RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/Disney/Disney.list,🎬 𝑫𝒊𝒔𝒏𝒆𝒚+ RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/Netflix/Netflix.list,🎥 𝑵𝒆𝒕𝒇𝒍𝒊𝒙 RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/AbemaTV/AbemaTV.list,🇯🇵 𝑱𝒂𝒑𝒂𝒏 // AbemaTV RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/Peacock/Peacock.list,🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔 // Peacock RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/HBOUSA/HBOUSA.list,🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔 // HBO NOW && HBO MAX RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/PayPal/PayPal.list,💰 𝑷𝒂𝒚𝑷𝒂𝒍 RULE-SET,https://raw.githubusercontent.com/bunizao/TutuBetterRules/tutu/RuleList/DOMAlN/Telegram.list,☎️ 𝑻𝒆𝒍𝒆𝒈𝒓𝒂𝒎 RULE-SET,https://raw.githubusercontent.com/Semporia/TikTok-Unlock/master/Surge/TikTok.list,📺 𝑻𝒊𝒌𝑻𝒐𝒌 RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/Speedtest/Speedtest.list,🕸️ 𝑺𝒑𝒆𝒆𝒅𝒕𝒆𝒔𝒕 RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/Twitter/Twitter.list,⌨️ 𝑻𝒘𝒊𝒕𝒕𝒆𝒓 # > OpenAI & ChatGPT RULE-SET,https://raw.githubusercontent.com/zxfccmm4/Surge/main/rules/OpenAI.list,🧠 𝑪𝒉𝒂𝒕𝑮𝑷𝑻 # > Tesla RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/Tesla/Tesla.list,🚗 𝑻𝒆𝒔𝒍𝒂 # > Youtube & Google Search RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/YouTube/YouTube.list,🎞️ 𝒀𝒐𝒖𝑻𝒖𝒃𝒆 RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/GoogleSearch/GoogleSearch.list,🎞️ 𝒀𝒐𝒖𝑻𝒖𝒃𝒆 # > Apple RULE-SET,https://raw.githubusercontent.com/bunizao/TutuBetterRules/tutu/RuleList/DOMAlN/Apple_Direct.list,DIRECT RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Clash/AppleNews/AppleNews.list,🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔 RULE-SET,https://raw.githubusercontent.com/bunizao/TutuBetterRules/tutu/RuleList/DOMAlN/Apple_Proxy.list,DIRECT # RULE-SET,https://raw.githubusercontent.com/bunizao/TutuBetterRules/tutu/RuleList/DOMAlN/iCloudPrivateRelay.list,📎 𝐏𝐫𝐨𝐱𝐲 // iCloud Private Relay:MacOS上的Surge网关才能用 iOS不需要请禁用。 RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/Apple/Apple.list,🍎 𝑨𝒑𝒑𝒍𝒆 RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/Weibo/Weibo.list,🧣 𝑾𝒆𝒊𝒃𝒐 # > Github代理 RULE-SET,https://raw.githubusercontents.com/blackmatrix7/ios_rule_script/master/rule/Surge/GitHub/GitHub.list,🌀 𝑨𝒖𝒕𝒐𝒎𝒂𝒕𝒊𝒄 # > WeChat 根据你自己的Wechat DC选择策略 # RULE-SET,https://raw.githubusercontent.com/DivineEngine/Profiles/master/Surge/Ruleset/Extra/WeChat.list,🇸🇬 𝑺𝒊𝒏𝒈𝒂𝒑𝒐𝒓𝒆 # RULE-SET,https://raw.githubusercontent.com/DivineEngine/Profiles/master/Surge/Ruleset/Extra/WeChat.list,🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔 # > Streaming 国际流媒体服务 RULE-SET,https://raw.githubusercontent.com/DivineEngine/Profiles/master/Surge/Ruleset/StreamingMedia/Streaming.list,🌀 𝑨𝒖𝒕𝒐𝒎𝒂𝒕𝒊𝒄 # > Global 全球加速 RULE-SET,https://raw.githubusercontent.com/DivineEngine/Profiles/master/Surge/Ruleset/Global.list,🌀 𝑨𝒖𝒕𝒐𝒎𝒂𝒕𝒊𝒄 # > China 中国直连 RULE-SET,https://raw.githubusercontent.com/DivineEngine/Profiles/master/Surge/Ruleset/China.list,DIRECT # > Local Area Network 局域网 RULE-SET,LAN,DIRECT # > ASN China 分流 # RULE-SET,https://raw.githubusercontent.com/VirgilClyne/GetSomeFries/main/ruleset/ASN.China.list,DIRECT # > 兜底规则 FINAL,⚙️ 𝑵𝒐𝑨𝒖𝒕𝒐,dns-failed # 应用代理 # pikpak DOMAIN-SUFFIX,mypikpak.com,🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔 // Added for: api-drive.mypikpak.com:443 # PayPal RULE-SET,https://raw.githubusercontent.com/DivineEngine/Profiles/master/Surge/Ruleset/Extra/PayPal.list,🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔 # Roit 游戏分流规则 RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/Riot/Riot.list,🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔 [Host] *.taobao.com = server:223.5.5.5 *.tmall.com = server:223.5.5.5 *.alipay.com = server:223.5.5.5 *.alicdn.com = server:223.5.5.5 *.aliyun.com = server:223.5.5.5 *.jd.com = server:119.28.28.28 *.qq.com = server:119.28.28.28 *.tencent.com = server:119.28.28.28 *.weixin.com = server:119.28.28.28 *.bilibili.com = server:119.29.29.29 hdslb.com = server:119.29.29.29 *.163.com = server:119.29.29.29 *.126.com = server:119.29.29.29 *.126.net = server:119.29.29.29 *.127.net = server:119.29.29.29 *.netease.com = server:119.29.29.29 *.mi.com = server:119.29.29.29 *.xiaomi.com = server:119.29.29.29 *testflight.apple.com = server:8.8.4.4 # Firebase Cloud Messaging mtalk.google.com = 108.177.125.188 # Google Dl dl.google.com = server:119.29.29.29 dl.l.google.com = server:119.29.29.29 update.googleapis.com = server:119.29.29.29 # Router Admin Panel amplifi.lan = server:syslib // Ubiquiti Amplifi Router router.synology.com = server:syslib // Synology Router sila.razer.com = server:syslib // Razer Sila Router router.asus.com = server:syslib // Asus Router routerlogin.net = server:syslib // Netgear Router orbilogin.com = server:syslib // Netgear Obri Router www.LinksysSmartWiFi.com = server:syslib // Linksys Router LinksysSmartWiFi.com = server:syslib // Linksys Router myrouter.local = server:syslib // Linksys Router www.miwifi.com = server:syslib // Xiaomi Mi WiFi Router miwifi.com = server:syslib // Xiaomi Mi WiFi Router mediarouter.home = server:syslib // Huawei Router tplogin.cn = server:syslib // TP-Link Router tplinklogin.net = server:syslib // TP-Link Router melogin.cn = server:syslib // MERCURY Router falogin.cn = server:syslib // FAST Router # CUSTOM HOST # 该段定义针对 HTTP 请求的 URL 重定向规则 # 有两种重定向方式: "header" 和 "302" # # Header 模式 # Surge 会修改发出的 http header,必要时还会修改 Host 字段。客户端将 # 感知不到这个重定向过程. 不支持重定向到一个 HTTPS 的地址。 # # 302 模式 # Surge 直接简单的返回一个 302 重定向回应。 [URL Rewrite] # Redirect Google Search Service ^https?:\/\/(www.)?(g|google)\.cn https://www.google.com 302 # Redirect Google Maps Service ^https?:\/\/(ditu|maps).google\.cn https://maps.google.com 302 # Redirect HTTP to HTTPS ^https?:\/\/(www.)?taobao\.com\/ https://taobao.com/ 302 ^https?:\/\/(www.)?jd\.com\/ https://www.jd.com/ 302 ^https?:\/\/(www.)?mi\.com\/ https://www.mi.com/ 302 ^https?:\/\/you\.163\.com\/ https://you.163.com/ 302 ^https?:\/\/(www.)?suning\.com\/ https://suning.com/ 302 ^https?:\/\/(www.)?yhd\.com\/ https://yhd.com/ 302 # AbeamTV ^https?:\/\/api\.abema\.io\/v\d\/ip\/check - reject # CUSTOM URL [Header Rewrite] ^https?:\/\/.*\.zhihu\.com\/(question|topic) header-replace User-Agent "osee2unifiedRelease/4432 osee2unifiedReleaseVersion/7.8.0 Mozilla/5.0 (iPhone; CPU iPhone OS 14_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mo bile/15E148" # 该段仅在 iOS 版本下生效。 # 你可以为某些特定的 WiFi 网络设置设置参数 # 参数: # suspend: "true" 或 "false" # 在该网络下 Surge 将暂停工作。 请注意,如果你在该网络下直接启动 Surge,那么 # Surge 依然会工作。只有当从其他网络切换到该网络时,Surge 才会暂停。 # # SSID Setting 段表达式(适用 SUBNET 规则) # 可使用 MCCMNC:100-200 匹配特定数据网络 # 可使用 SSID:value 特定匹配 SSID,支持通配符 # 可使用 BSSID:value 特定匹配 BSSID,支持通配符 # 可使用 ROUTER:value 特定匹配路由地址 # 可使用 TYPE:WIFI 匹配所有 WiFi 网络 # 可使用 TYPE:CELLULAR 匹配所有数据网络 # 可使用 TYPE:WIRED 匹配所有有线网络(iOS 上支持 USB 网络适配 # 参数 cellular-fallback 可单独控制一些 Wi-Fi 下的 all-hybrid 和 wifi-assist 行为 # cellular-fallback=default 使用 [General] 中的 all-hybrid 和 wifi-assist 配置/ # cellular-fallback=off 关闭 all-hybrid 和 wifi-assist # cellular-fallback=hybrid 开启 all-hybrid # cellular-fallback=wifi-assist 开启 wifi-assist # 如无前缀则按照旧版规则匹配 SSID、BSSID、路由地址 # SSID Setting 段内容从上至下依次匹配,匹配到第一个结果后立刻终止 # # 中国用户若使用 TFO 建议强制关闭数据网络上的 TFO,避免产生问题,然后在已测试过的网络上强制开启。只有这样配置后方可充分享受 TFO 的优势。 [SSID Setting] # Temporarily Suspend "SSID Here" suspend=true # TCP Fast Open "My Home" tfo-behaviour=force-enabled TYPE:CELLULAR tfo-behaviour=force-disabled [MITM] # 跳过服务端证书验证 skip-server-cert-verify = true # MITM over HTTP/2 //MITM over HTTP/2:使用 HTTP/2 协议进行 MITM 解密,可在高并发下优化性能 h2 = true # 主机名 //Surge 仅会解密这里指定的主机名的请求,ios 系统和某些应用有严格的安全策略,仅信任某些特定的证书,对这些域名启动解密可能导致问题,如 *apple.com, *icloud.com. # 可使用通配符* 和? # 可使用前缀-将特定主机名排除 # 默认仅解密发往 443 端口的请求 # 可使用后缀:port 解密特定端口 # 可使用后缀:0解密所有端口 tcp-connection = true hostname = www.google.cn, api.abema.io, *.zhihu.com, -CUSTOMMitM, sub.store