You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Profiles/Surge/Outbound.conf

308 lines
14 KiB
Plaintext

This file contains invisible Unicode characters!

This file contains invisible Unicode characters that may be processed differently from what appears below. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to reveal hidden characters.

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

# 除了注释建议浏览官方手册https://manual.nssurge.com/、帮助中心https://nssurge.zendesk.com/以及技术社区https://community.nssurge.com
[General]
# ---(通用)---
# 延迟测试
# > Internet 测试 URL
internet-test-url = http://www.aliyun.com
# server_check_url= http://www.qualcomm.cn/generate_204
# > 代理测速 URL
proxy-test-url = http://www.gstatic.com/generate_204
# > 测试超时(秒)
# test-timeout = 5
# TLS 引擎
tls-provider = openssl
# tls-provider = network-framework
# GeoIP 数据库
# geoip-maxmind-url = https://github.com/soffchen/GeoIP2-CN/raw/release/Country.mmdb
geoip-maxmind-url = https://raw.githubusercontent.com/JMVoid/ipip2mmdb/release/Country.mmdb
# IPv6 支持(关闭)
# 是否启动完整的 IPv6 支持 (默认值: false)
ipv6 = false
# ------
# ---(Wi-Fi 访问)---
# Surge 作为 HTTP/SOCKS5 代理服务器向 Wi-Fi 网络下的其他设备提供服务器
allow-wifi-access = false
# Surge Mac 供外网访问的服务端口
# HTTP 服务端口 (默认值: 6152)
# http-listen = 0.0.0.0:7222
# SOCKS5 服务端口 (默认值: 6153)
# socks5-listen = 0.0.0.0:7221
# Surge iOS 供外网访问的服务端口
# HTTP 服务端口 (默认值: 6152)
wifi-access-http-port = 6152
# SOCKS5 服务端口 (默认值: 6153)
wifi-access-socks5-port = 6153
# ------
# ---(远程控制器)---
# 允许 Surge 请求查看器或 Surge CLI 进行管理控制。
# 如果允许由 Wi-Fi 控制则将「127.0.0.1」修改为「0.0.0.0」
# external-controller-access = password@127.0.0.1:6170
# ------
# ---(兼容性)---
# 兼容模式
# compatibility-mode = 0
# 跳过某个域名或者 IP 段,这些目标主机将不会由 Surge Proxy 处理。
# (macOS 版本中,如果启用了 Set as System Proxy, 这些值会被写入到系统网络代理设置.)
skip-proxy = 127.0.0.1, 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12, 100.64.0.0/10, localhost, *.local
# 排除简单主机名
exclude-simple-hostnames = true
# SSID 组策略
# 当 Wi-Fi 不是首选网络时 SSID 组策略使用默认策略(仅 macOS 版)
use-default-policy-if-wifi-not-primary = false
# ------
# ---(DNS 服务器)---
# 电信 118.118.118.118
# 联通 116.116.116.116
# DNS设置或根据自己网络情况进行相应设置
dns-server = 119.29.29.29,system
# doh-server = https://223.6.6.6/dns-query
# ------
# ---(实验性功能)---
# 使用 Network framework
# network-framework = true
# ------
# ---(高级)---
# 日志等级: warning, notify, info, verbose (默认值: notify)
loglevel = notify
# 当遇到 REJECT 策略时返回错误页
show-error-page-for-reject = true
# Always Real IP Hosts
# 当 Surge VIF 处理 DNS 问题时,此选项要求 Surge 返回一个真正的 IP 地址,而不是一个假 IP 地址。
# DNS 数据包将被转发到上游 DNS 服务器。
always-real-ip = msftconnecttest.com, msftncsi.com, *.msftconnecttest.com, *.msftncsi.com, *.srv.nintendo.net, *.stun.playstation.net, xbox.*.microsoft.com, *.xboxlive.com
# Hijack DNS
# 默认情况下Surge 只返回发送到 Surge DNS 地址的 DNS 查询的假 IP 地址(198.18.0.2)。
# 有些设备或软件总是使用硬编码的 DNS 服务器。 (例如 Google Speakers 总是使用 8.8.8.8)。 您可以使用此选项劫持查询,以获得一个假地址。
# hijack-dns = 8.8.8.8:53, 8.8.4.4:53
# TCP Force HTTP Hosts
# 让 Surge 把 TCP 连接当作 HTTP 请求来处理。Surge HTTP 引擎将处理这些请求,所有的高级功能,如捕获、重写和脚本等都可以使用。
force-http-engine-hosts = *.ott.cibntv.net,123.59.31.1,119.18.193.135,122.14.246.33,175.102.178.52
# VIF Excluded Routes
# Surge VIF 只能处理 TCP 和 UDP 协议。使用此选项可以绕过特定的 IP 范围,允许所有流量通过。
# tun-excluded-routes = 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12
# VIF Included Routes
# 默认情况下Surge VIF 接口会声明自己是默认路由。但是,由于 Wi-Fi 接口的路由较小,有些流量可能不会通过 Surge VIF 接口。使用此选项可以添加一条较小的路由。
# tun-included-routes = 192.168.1.12/32
# ------
[Replica]
# [抓取流量] => 过滤器
# ---(实验性功能)---
# 0 为关闭1 为开启
# > 隐藏 Apple 请求
# 隐藏所有发往 *.Apple.com he *.icloud.com 的请求
# (该选项只是在抓取结果中隐藏了请求)
hide-apple-request = 0
# > 隐藏 Crashlytics 请求
hide-crashlytics-request = true
# > 隐藏崩溃追踪器请求
hide-crash-reporter-request = 1
# > 隐藏 UDP 会话
hide-ud = 0
# > 关键词过滤器
# none关闭关键词过滤器 / whitelistblacklist仅记录包含关键字的请求 / blacklist仅记录不包含关键字的请求 / pattern匹配通配符的请求
# keyword-filter-type = none
# > 关键词
# keyword-filter = (null)
# ------
[Proxy]
🌐Direct = direct
Reject = reject
🇨🇳TheHub = ss, 1.2.3.4, 443, encrypt-method=chacha20-ietf-poly1305, password=password
🇺🇸LosSantos = vmess, v2ray.cool, 443, username=a3482e88-686a-4a58-8126-99c9df64b7bf, tls=true, ws=true, ws-path=/v2ray.cool/
🇭🇰Sandbox = trojan, trojan.com, 443, password=password
[Proxy Group]
# 白名单模式 PROXY黑名单模式 DIRECT
🧭Final = select,🌑Proxy,🌐Direct
# 节点选项
🌑Proxy = select,🧯Fallback,🕹AutoTest
# 国际流媒体服务
🎞Streaming = select,🌑Proxy,🕹AutoTest,🦆DuckDuckGo
# 中国流媒体服务(面向海外版本)
🎞StreamingSE = select,🌐Direct,🇭🇰Sandbox
# 防御
🛡Guard = select,⛔Reject,🌐Direct
# 可用性自动测试
🧯Fallback = fallback,🇺🇸LosSantos,🇨🇳TheHub,url = http://www.gstatic.com/generate_204
# 延迟自动测试
🕹AutoTest = url-test,🦆DuckDuckGo,🇺🇸LosSantos,🇭🇰Sandbox,url = http://www.gstatic.com/generate_204
# 冲鸭机场
🦆DuckDuckGo = select, policy-path=https://duckduckgo.security/user/sub.php?token=DivineEngine
[Rule]
# https://raw.githubusercontent.com/DivineEngine/Profiles/master/Quantumult/Filter/Extra/Apple/BlockiOSUpdate.list,⛔Reject
# Client
# > Proxy
PROCESS-NAME,v2ray,DIRECT
PROCESS-NAME,ss-local,DIRECT
PROCESS-NAME,UUBooster,DIRECT
# > Download
PROCESS-NAME,aria2c,DIRECT
PROCESS-NAME,fdm,DIRECT
PROCESS-NAME,Folx,DIRECT
PROCESS-NAME,NetTransport,DIRECT
PROCESS-NAME,Thunder,DIRECT
PROCESS-NAME,Transmission,DIRECT
PROCESS-NAME,uTorrent,DIRECT
PROCESS-NAME,WebTorrent,DIRECT
PROCESS-NAME,WebTorrent Helper,DIRECT
# Rulesets规则集每 24 小时后台自动更新)
# 规则集包含多条子规则,可以是另一个本地 list 文件,或者是一个 URL
# 内置了两个规则集SYSTEM 和 LAN
# 内置规则集的具体内容可在 Surge Mac 设置界面查看
# Unbreak 后续规则修正
RULE-SET,https://raw.githubusercontent.com/DivineEngine/Profiles/master/Surge/Ruleset/Unbreak.list,DIRECT
# Advertising 广告
RULE-SET,https://raw.githubusercontent.com/DivineEngine/Profiles/master/Surge/Ruleset/Guard/Advertising.list,🛡Guard
# Privacy 隐私
# RULE-SET,https://raw.githubusercontent.com/DivineEngine/Profiles/master/Surge/Ruleset/Guard/Privacy.list,🛡Guard
# Hijacking 运营商劫持或恶意网站
RULE-SET,https://raw.githubusercontent.com/DivineEngine/Profiles/master/Surge/Ruleset/Guard/Hijacking.list,🛡Guard
# Streaming 国际流媒体服务
RULE-SET,https://raw.githubusercontent.com/DivineEngine/Profiles/master/Surge/Ruleset/StreamingMedia/Streaming.list,🎞Streaming
# StreamingSE 中国流媒体服务(面向海外版本)
RULE-SET,https://raw.githubusercontent.com/DivineEngine/Profiles/master/Surge/Ruleset/StreamingMedia/StreamingSE.list,🎞StreamingSE
# Apple 服务
# 在 https://github.com/DivineEngine/Profiles/tree/master/Surge/Rulesets/Extra/Apple 获取所需服务引入 Ruleset 类型规则及新建策略组。
# Global 全球加速
RULE-SET,https://raw.githubusercontent.com/DivineEngine/Profiles/master/Surge/Ruleset/Global.list,🌑Proxy
# China 中国直连
RULE-SET,https://raw.githubusercontent.com/DivineEngine/Profiles/master/Surge/Ruleset/China.list,DIRECT
# Local Area Network 局域网
RULE-SET,LAN,DIRECT
# GeoIP China基于 GeoIP 数据库判断域名和 IP 的归属地
GEOIP,CN,DIRECT
# DNS 查询失败走 Final 规则
FINAL,🧭Final,dns-failed
[Host]
# Firebase Cloud Messaging
mtalk.google.com = 108.177.125.188
# Google Dl
dl.google.com = server:119.29.29.29
dl.l.google.com = server:119.29.29.29
# 该段定义针对 HTTP 请求的 URL 重定向规则
# 有两种重定向方式: "header" 和 "302"
# 据粗略统计,有大概三分之二的本项目使用者停留在了 Surge 2、3 时期故而保留了 Rewrite 及 MitM所以如果你解锁了「模块」功能可以使用 sgmodule 后清空 [URL Rewrite] 及 [MITM] 部分MitM 证书重新生成配置。
# 建议必选使用 General.sgmodule其他 .sgmodule 按需加入
[URL Rewrite]
# Redirect Google Search Service
^(http|https):\/\/(www.)?(g|google)\.cn https://www.google.com 302
# Redirect Google Maps Service
^(http|https):\/\/(ditu|maps).google\.cn https://maps.google.com 302
# Redirect HTTP to HTTPS
^(http|https):\/\/(www.)?taobao\.com\/ https://taobao.com/ 302
^(http|https):\/\/(www.)?jd\.com\/ https://www.jd.com/ 302
^(http|https):\/\/(www.)?mi\.com\/ https://www.mi.com/ 302
^(http|https):\/\/you\.163\.com\/ https://you.163.com/ 302
^(http|https):\/\/(www.)?suning\.com\/ https://suning.com/ 302
^(http|https):\/\/(www.)?yhd\.com\/ https://yhd.com/ 302
# Weibo Short URL
^http:\/\/t\.cn https://sinaurl.cn 302
# Redirect False to True
# > IGN China to IGN Global
^(http|https):\/\/(www.)?ign\.xn--fiqs8s\/ http://cn.ign.com/ccpref/us 302
# > Fake Website Made By C&J Marketing
^(http|https):\/\/(www.)?abbyychina\.com\/ https://www.abbyy.cn/ 302
^(http|https):\/\/(www.)?bartender\.cc\/ https://www.macbartender.com/ 302
^(http|https):\/\/(www.)?(betterzipcn|betterzip)\.(com|net)\/ https://macitbetter.com/ 302
^(http|https):\/\/(www.)?beyondcompare\.cc\/ https://www.scootersoftware.com/ 302
^(http|https):\/\/(www.)?bingdianhuanyuan\.cn\/ https://www.faronics.com/zh-hans/products/deep-freeze 302
^(http|https):\/\/(www.)?chemdraw\.com\.cn\/ https://www.perkinelmer.com.cn/ 302
^(http|https):\/\/(www.)?codesoftchina\.com\/ https://www.teklynx.com/ 302
^(http|https):\/\/(www.)?coreldrawchina\.com\/ https://www.coreldraw.com/cn/ 302
^(http|https):\/\/(www.)?crossoverchina\.com\/ https://www.codeweavers.com/ 302
^(http|https):\/\/(www.)?dongmansoft\.com\/ https://www.udongman.cn/ 302
^(http|https):\/\/(www.)?earmasterchina\.cn\/ https://www.earmaster.com/ 302
^(http|https):\/\/(www.)?easyrecoverychina\.com\/ https://www.ontrack.com/ 302
^(http|https):\/\/(www.)?ediuschina\.com\/ https://www.grassvalley.com/ 302
^(http|https):\/\/(www.)?flstudiochina\.com\/ https://www.image-line.com/ 302
^(http|https):\/\/(www.)?formysql\.com\/ https://www.navicat.com.cn/ 302
^(http|https):\/\/(www.)?guitarpro\.cc\/ https://www.guitar-pro.com/ 302
^(http|https):\/\/(www.)?huishenghuiying\.com\.cn\/ https://www.coreldraw.com/cn/ 302
^(http|https):\/\/hypersnap\.mairuan\.com\/ https://www.hyperionics.com/ 302
^(http|https):\/\/(www.)?iconworkshop\.cn\/ https://www.axialis.com/ 302
^(http|https):\/\/(www.)?idmchina\.net\/ https://www.internetdownloadmanager.com/ 302
^(http|https):\/\/(www.)?imindmap\.cc\/ https://www.ayoa.com/previously-imindmap/ 302
^(http|https):\/\/(www.)?jihehuaban\.com\.cn\/ https://www.chartwellyorke.com/sketchpad/x24795.html 302
^(http|https):\/\/hypersnap\.mairuan\.com\/ https://www.keyshot.com/ 302
^(http|https):\/\/(www.)?kingdeecn\.cn\/ http://www.kingdee.com/ 302
^(http|https):\/\/(www.)?logoshejishi\.com https://www.sothink.com/product/logo-design-software/ 302
^(http|https):\/\/logoshejishi\.mairuan\.com\/ https://www.sothink.com/product/logo-design-software/ 302
^(http|https):\/\/(www.)?luping\.net\.cn\/ https://www.techsmith.com/ 302
^(http|https):\/\/(www.)?mathtype\.cn\/ https://www.dessci.com/ 302
^(http|https):\/\/(www.)?mindmanager\.(cc|cn)\/ https://www.mindjet.com/cn/ 302
^(http|https):\/\/(www.)?mindmapper\.cc\/ https://www.mindmapper.com/ 302
^(http|https):\/\/(www.)?(mycleanmymac|xitongqingli)\.com\/ https://macpaw.com/ 302
^(http|https):\/\/(www.)?nicelabel\.cc\/ https://www.nicelabel.com/zh/ 302
^(http|https):\/\/(www.)?ntfsformac\.cc\/ https://www.tuxera.com/products/tuxera-ntfs-for-mac-cn/ 302
^(http|https):\/\/(www.)?ntfsformac\.cn\/ https://china.paragon-software.com/home-mac/ntfs-for-mac/ 302
^(http|https):\/\/(www.)?overturechina\.com\/ https://sonicscores.com/ 302
^(http|https):\/\/(www.)?passwordrecovery\.cn\/ https://cn.elcomsoft.com/aopr.html 302
^(http|https):\/\/(www.)?pdfexpert\.cc\/ https://pdfexpert.com/zh 302
^(http|https):\/\/(www.)?photozoomchina\.com\/ https://www.benvista.com/ 302
^(http|https):\/\/(www.)?shankejingling\.com\/ https://www.sothink.com/product/flashdecompiler/ 302
^(http|https):\/\/cn\.ultraiso\.net\/ https://cn.ezbsystems.com/ultraiso/ 302
^(http|https):\/\/(www.)?vegaschina\.cn\/ https://www.vegascreativesoftware.com/ 302
^(http|https):\/\/(www.)?xshellcn\.com\/ https://www.netsarang.com/zh/xshell/ 302
^(http|https):\/\/(www.)?yuanchengxiezuo\.com\/ https://www.teamviewer.com/ 302
^(http|https):\/\/(www.)?zbrushcn.com/ https://pixologic.com/ 302
# AbeamTV - api.abema.io
^(http|https):\/\/api\.abema\.io\/v\d\/ip\/check - reject
# Block Ads Start
# Block Ads End
[Header Rewrite]
# 重定向 HTTP 请求或者篡改请求 Header
# Surge 可以在请求被发往目标服务器之前篡改请求的 Header
[Script]
[SSID Setting]
# 连接到 Apple Store 的 Wi-Fi网络时 Surge 暂停工作
# 需要 Web 验证登录的 Wi-Fi 网络以及路由器已经科学上网的 Surge 挂起
"Apple Store" suspend = true
[MITM]
skip-server-cert-verify = true
hostname = www.google.cn,api.abema.io