SurgeProMax.conf

[General]
# --- GENERAL ---
# Enhanced Wi-Fi Assist
wifi-assist = true
# Hybrid Network
all-hybrid = false
# Gaming Optimization
//开启后将在系统负载非常高，数据包处理出现延迟时，优先处理 UDP 数据包。
udp-priority = true

# Latency Benchmark
internet-test-url = http://bing.com
proxy-test-url = http://cp.cloudflare.com/generate_204
test-timeout = 5

# GeoIP Database
geoip-maxmind-url = https://raw.githubusercontent.com/Loyalsoldier/geoip/release/Country.mmdb

# IPv6 Support
//开启 IPv6 会让 Surge 同时请求域名的 A 与 AAAA 记录，这可能略微的增加延迟。若 DNS 服务器无法正确响应 AAAA 查询，则可能导致严重的卡顿，仅在需要时开启。
ipv6 = false

# --- Wi-Fi ACCESS ---
//Surge 可以作为一个标准的 HTTP/SOCKS5 代理服务器向 wi-Fi 网络下的其他设备提供服务器
allow-wifi-access = false
# Surge iOS - 默认 HTTP 端口号：6152，SOCKS5 端口号：6153
wifi-access-http-port = 6152
wifi-access-socks5-port = 6153

# Surge Mac - 默认 HTTP 端口号：6152，SOCKS5 端口号：6153
http-listen = 0.0.0.0:6152
socks5-listen = 0.0.0.0:6153

# 允许热点共享
allow-hotspot-access = true

# --- REMOTE CONTROLLER ---
# 允许 Surge 请求查看器或 Surge CLI 进行管理控制
//默认仅允许外部控制器通过 USB 进行控制。如果想要允许由 Wi-Fi 控制可以将 127.0.0.1 改为 0.0.0.0
external-controller-access = key@127.0.0.1:6160

# HTTP API & Web Dashboard
//This option allows using HTTP APIs to control
http-api = key@127.0.0.1:6166
//使用 HTTPS 替代 HTTP 协议，需要先配置 MitM 的 CA 证书，同时需要在客户端设备上手动安装并信任 CA 证书
http-api-tls = false
//开启该选项后可以通过浏览器控制 Surge，本机浏览器输入127.0.0.1:6166
http-api-web-dashboard = true

# --- COMPATIBILITY ---
//该选项将使得发往这些域名或者 IP 段的请求由 Surge VIF 进行处理（而不是 Surge Proxy)，该选项用于修正和某些应用的兼容性问题
# 兼容模式
#   0：禁用
#   1：Proxy with Loopback Address
#   2：Proxy Only
#   3：VIF Only
#   4：VIF Proxy：不使用 127.0.0.1 的回环地址作为代理，使用 VIF 的虚拟代理地址，将产生额外的性能开销
#   5：不作为默认路由：不声明为默认路由，但声明若干个小路由以覆盖所有地址（与 Surge Mac 增强模式行为相同）
# 这种配置下由于 VIF 不是主网络设备无法配置系统代理。部分应用在该模式下会认为 VPN 未开启以解决特殊兼容性问题，如 HomeKit Security Camera
# ⚠️ 请仅在指引下使用，开启后部分功能可能无法使用
compatibility-mode = 0
# 跳过代理
skip-proxy = 192.168.0.0/24, 10.0.0.0/8, 172.16.0.0/12, 127.0.0.1, localhost, *.local
# 排除简单主机名
exclude-simple-hostnames = true

# --- DNS ---
# The IP addresses of upstream DNS servers
dns-server = 223.5.5.5, 114.114.114.114
# 从 /etc/hosts 读取 DNS 记录
read-etc-hosts = true
# ENCRYPTED DNS
//如果配置了加密 DNS，传统 DNS 将仅用作解析 DOH 域名和测试网络连通性
# 支持的协议：
#   DNS over HTTPS: https://doh.pub/dns-query
#   DNS over HTTP/3: h3://example.com
#   DNS over QUIC: quic://example.com
//encrypted-dns-server = https://223.5.5.5/ // 除非当地 ISP 有严重的 DNS 污染问题，否则没必要开启 DoH，传统 DNS 的性能最优，网络异常后恢复速度最快
doh-skip-cert-verification=true // 临时关闭 DOH 的服务端证书验证（解决 Surge 无法与 nextdns.io 完成 TLS 握手问题）
# 代理请求本地 DNS 映射
//开启该选项后，如果访问的域名配置有本地 DNS 映射，surge 将使用本地 IP 地址进行请求，不在远端进行解析。仅对配置了 IP 地址的本地 DNS 映射生效
use-local-host-item-for-proxy = true
# 使加密 DNS 请求通过代理策略执行
encrypted-dns-follow-outbound-mode = false

# --- ROUTING ---
# 包含所有网络请求
include-all-networks = false
# 包含本地网络请求
include-local-networks = false

# --- ADVANCED ---
# Log Level
loglevel = notify
# 当遇到 REJECT 策略时返回错误页
show-error-page-for-reject = true
# Always Real IP Hosts
#   当 Surge VIF 处理 DNS 问题时，此选项要求 Surge 返回一个真正的 IP 地址，而不是一个 Fake IP
#   DNS 数据包将被转发到上游 DNS 服务器
#   例如由于游戏主机会使用 STUN 技术进行 NAT 穿透，需要进行一些额外的配置才能正常工作
always-real-ip = link-ip.nextdns.io, *.msftconnecttest.com, *.msftncsi.com, *.srv.nintendo.net, *.stun.playstation.net, xbox.*.microsoft.com, *.xboxlive.com, *.logon.battlenet.com.cn, *.logon.battle.net, stun.l.google.com
# Hijack DNS
#   默认情况下，Surge 只对发送到 Surge DNS 地址(198.18.0.2)的 DNS 查询返回 Fack IP 地址。发送到标准 DNS 的查询将被转发
#   如 Google 系智能硬件产品会无视 DHCP 配置强行使用 8.8.8.8 和 8.8.4.4，需要配置 Surge 强行劫持才可以正常工作
hijack-dns = 8.8.8.8:53, 8.8.4.4:53
# TCP Force HTTP Hosts
#   使 Surge 将 TCP 连接视为 HTTP 请求。Surge HTTP 引擎将处理请求，并且所有高级功能都将可用，如截取、重写和脚本
#   支持通配符 * 及 ?；
#   使用前缀 - 排除主机名；
#   默认情况下，只对 80 端口的请求进行处理（使用 example.com:443 指定端口或 example.com:0 表示所有端口）；
#   <ip-address> 表示匹配所有主机名为 IP 地址的连接；
#   <ipv4-address> 表示匹配所有主机名为 IPv4 地址的连接；
#   <ipv6-address> 表示匹配所有主机名为 IPv6 地址的连接。
force-http-engine-hosts = *.ott.cibntv.net, 123.59.31.1,119.18.193.135, 122.14.246.33, 175.102.178.52, 116.253.24.*, 175.6.26.*, 220.169.153.*
# VIF Excluded Routes
//tun-excluded-routes = 239.255.255.250/32
# VIF Included Routes
//tun-included-routes = 192.168.1.12/32
# 当 Wi-Fi 不是首选网络时 SSID 组策略使用默认策略
use-default-policy-if-wifi-not-primary = false

# 控制当 UDP 流量被匹配到一个不支持 UDP 转发的策略时的行为
#   - DIRECT：回退到 DIRECT 策略（默认）
#   - REJECT：回退到 REJECT 策略
udp-policy-not-supported-behaviour = REJECT

[Proxy]


[Proxy Group]
# > 这是一个final规则 没有命中的连接会走以下的策略组
⚙️ 𝑵𝒐𝑨𝒖𝒕𝒐 = select, 🌍 𝑴𝒂𝒊𝒏𝒍𝒂𝒏𝒅, 🌀 𝑨𝒖𝒕𝒐𝒎𝒂𝒕𝒊𝒄
# > 这是你的机场链接填写的地方 在policy_path=后面粘贴你自己机场的订阅链接（不要在这里粘贴 谢谢）
🌀 𝑨𝒖𝒕𝒐𝒎𝒂𝒕𝒊𝒄 = select, 🇭🇰 𝑯𝒐𝒏𝒈 𝑲𝒐𝒏𝒈, 🇨🇳 𝑻𝒂𝒊𝒘𝒂𝒏, 🇯🇵 𝑱𝒂𝒑𝒂𝒏, 🇸🇬 𝑺𝒊𝒏𝒈𝒂𝒑𝒐𝒓𝒆, 🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔, interval=600, tolerance=50
👹 𝐀𝐥𝐥𝐒𝐞𝐫𝐯𝐞𝐫 = select, policy-path=https://sub.store/download/collection/Surge, update-interval=0
# > 以下是策略组 需先配置好sub-store使用
⚠️ 𝑭𝒂𝒍𝒍𝒃𝒂𝒄𝒌 = fallback, 🇭🇰 𝑯𝒐𝒏𝒈 𝑲𝒐𝒏𝒈, 🇨🇳 𝑻𝒂𝒊𝒘𝒂𝒏, 🇯🇵 𝑱𝒂𝒑𝒂𝒏, 🇸🇬 𝑺𝒊𝒏𝒈𝒂𝒑𝒐𝒓𝒆, 🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔, interval=600
🍎 𝑨𝒑𝒑𝒍𝒆 = select, 🌍 𝑴𝒂𝒊𝒏𝒍𝒂𝒏𝒅, 🇭🇰 𝑯𝒐𝒏𝒈 𝑲𝒐𝒏𝒈, 🇨🇳 𝑻𝒂𝒊𝒘𝒂𝒏, 🇸🇬 𝑺𝒊𝒏𝒈𝒂𝒑𝒐𝒓𝒆, 🇯🇵 𝑱𝒂𝒑𝒂𝒏, 🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔
🍺 𝒃𝒊𝒍𝒊𝒃𝒊𝒍𝒊 = select, 🌍 𝑴𝒂𝒊𝒏𝒍𝒂𝒏𝒅, 🇭🇰 𝑯𝒐𝒏𝒈 𝑲𝒐𝒏𝒈, 🇨🇳 𝑻𝒂𝒊𝒘𝒂𝒏
🎬 𝑫𝒊𝒔𝒏𝒆𝒚+ = select, 🇭🇰 𝑯𝒐𝒏𝒈 𝑲𝒐𝒏𝒈, 🇸🇬 𝑺𝒊𝒏𝒈𝒂𝒑𝒐𝒓𝒆
🎥 𝑵𝒆𝒕𝒇𝒍𝒊𝒙 = select, 🇭🇰 𝑯𝒐𝒏𝒈 𝑲𝒐𝒏𝒈, 🇨🇳 𝑻𝒂𝒊𝒘𝒂𝒏, 🇸🇬 𝑺𝒊𝒏𝒈𝒂𝒑𝒐𝒓𝒆, 🇯🇵 𝑱𝒂𝒑𝒂𝒏, 🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔
🕸️ 𝑺𝒑𝒆𝒆𝒅𝒕𝒆𝒔𝒕 = select, 🌍 𝑴𝒂𝒊𝒏𝒍𝒂𝒏𝒅, 🌀 𝑨𝒖𝒕𝒐𝒎𝒂𝒕𝒊𝒄, 👹 𝐀𝐥𝐥𝐒𝐞𝐫𝐯𝐞𝐫
💰 𝑷𝒂𝒚𝑷𝒂𝒍 = select, 🌍 𝑴𝒂𝒊𝒏𝒍𝒂𝒏𝒅, 🇭🇰 𝑯𝒐𝒏𝒈 𝑲𝒐𝒏𝒈, 🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔
☎️ 𝑻𝒆𝒍𝒆𝒈𝒓𝒂𝒎 = select, 🌀 𝑨𝒖𝒕𝒐𝒎𝒂𝒕𝒊𝒄, 🇸🇬 𝑺𝒊𝒏𝒈𝒂𝒑𝒐𝒓𝒆, 🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔, 🇭🇰 𝑯𝒐𝒏𝒈 𝑲𝒐𝒏𝒈, 🇨🇳 𝑻𝒂𝒊𝒘𝒂𝒏, 🇯🇵 𝑱𝒂𝒑𝒂𝒏
📺 𝑻𝒊𝒌𝑻𝒐𝒌 = select, 🇨🇳 𝑻𝒂𝒊𝒘𝒂𝒏, 🇸🇬 𝑺𝒊𝒏𝒈𝒂𝒑𝒐𝒓𝒆, 🇯🇵 𝑱𝒂𝒑𝒂𝒏, 🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔
⌨️ 𝑻𝒘𝒊𝒕𝒕𝒆𝒓 = select, 🌀 𝑨𝒖𝒕𝒐𝒎𝒂𝒕𝒊𝒄, 🇭🇰 𝑯𝒐𝒏𝒈 𝑲𝒐𝒏𝒈, 🇨🇳 𝑻𝒂𝒊𝒘𝒂𝒏, 🇸🇬 𝑺𝒊𝒏𝒈𝒂𝒑𝒐𝒓𝒆, 🇯🇵 𝑱𝒂𝒑𝒂𝒏, 🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔
🎞️ 𝒀𝒐𝒖𝑻𝒖𝒃𝒆 = select, 🌀 𝑨𝒖𝒕𝒐𝒎𝒂𝒕𝒊𝒄, 🇭🇰 𝑯𝒐𝒏𝒈 𝑲𝒐𝒏𝒈, 🇨🇳 𝑻𝒂𝒊𝒘𝒂𝒏, 🇸🇬 𝑺𝒊𝒏𝒈𝒂𝒑𝒐𝒓𝒆, 🇯🇵 𝑱𝒂𝒑𝒂𝒏, 🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔
🧣 𝑾𝒆𝒊𝒃𝒐 = select, 🌍 𝑴𝒂𝒊𝒏𝒍𝒂𝒏𝒅, 🇭🇰 𝑯𝒐𝒏𝒈 𝑲𝒐𝒏𝒈, 🇨🇳 𝑻𝒂𝒊𝒘𝒂𝒏, 🇸🇬 𝑺𝒊𝒏𝒈𝒂𝒑𝒐𝒓𝒆, 🇯🇵 𝑱𝒂𝒑𝒂𝒏, 🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔, 👹 𝐀𝐥𝐥𝐒𝐞𝐫𝐯𝐞𝐫
🧠 𝑪𝒉𝒂𝒕𝑮𝑷𝑻 = select, 🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔, 🇯🇵 𝑱𝒂𝒑𝒂𝒏, 🇸🇬 𝑺𝒊𝒏𝒈𝒂𝒑𝒐𝒓𝒆
🚗 𝑻𝒆𝒔𝒍𝒂 = select, 🌍 𝑴𝒂𝒊𝒏𝒍𝒂𝒏𝒅
🇭🇰 𝑯𝒐𝒏𝒈 𝑲𝒐𝒏𝒈 = url-test, policy-path=https://sub.store/download/collection/Surge, update-interval=0, policy-regex-filter=港|🇭🇰|香港|HK|Hong, interval=600, tolerance=50
🇨🇳 𝑻𝒂𝒊𝒘𝒂𝒏 = url-test, policy-path=https://sub.store/download/collection/Surge, update-interval=0, policy-regex-filter=台|🇨🇳|台湾|TW|Tai, interval=600, tolerance=50
🇯🇵 𝑱𝒂𝒑𝒂𝒏 = url-test, policy-path=https://sub.store/download/collection/Surge, update-interval=0, policy-regex-filter=日|🇯🇵|日本|JP|Japan, interval=600, tolerance=50
🇸🇬 𝑺𝒊𝒏𝒈𝒂𝒑𝒐𝒓𝒆 = url-test, policy-path=https://sub.store/download/collection/Surge, update-interval=0, policy-regex-filter=坡|🇸🇬|新加坡|狮城|SG|Singapore, interval=600, tolerance=50
🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔 = url-test, policy-path=https://sub.store/download/collection/Surge, update-interval=0, policy-regex-filter=美|🇺🇸|美国|US|States|American, interval=600, tolerance=50
📎 𝐏𝐫𝐨𝐱𝐲 = select, 🌀 𝑨𝒖𝒕𝒐𝒎𝒂𝒕𝒊𝒄, ⚠️ 𝑭𝒂𝒍𝒍𝒃𝒂𝒄𝒌, 🇭🇰 𝑯𝒐𝒏𝒈 𝑲𝒐𝒏𝒈, 🇨🇳 𝑻𝒂𝒊𝒘𝒂𝒏, 🇸🇬 𝑺𝒊𝒏𝒈𝒂𝒑𝒐𝒓𝒆, 🇯🇵 𝑱𝒂𝒑𝒂𝒏, 🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔
🌍 𝑴𝒂𝒊𝒏𝒍𝒂𝒏𝒅 = select, DIRECT


[Rule]
# > Safari 防跳转
DOMAIN,app-site-association.cdn-apple.com,REJECT
# ban UDP on Youtube
AND,((PROTOCOL,UDP), (DOMAIN-SUFFIX,googlevideo.com)),REJECT-NO-DROP
# ban National Anti-fraud Center
DOMAIN,prpr.96110.cn.com,DIRECT
DOMAIN-KEYWORD,96110,REJECT
DOMAIN-SUFFIX,gjfzpt.cn,REJECT
# > Vercel --> sub-store
RULE-SET,https://raw.githubusercontent.com/getsomecat/GetSomeCats/Surge/rule/substore.list,🌀 𝑨𝒖𝒕𝒐𝒎𝒂𝒕𝒊𝒄
# DOMAIN-SUFFIX,vercel.app,🌀 𝑨𝒖𝒕𝒐𝒎𝒂𝒕𝒊𝒄
# > Direct(Google|Proxy|Download|Spotify)
RULE-SET,https://raw.githubusercontent.com/bunizao/TutuBetterRules/tutu/RuleList/DOMAlN/Direct.list,DIRECT
# > Mail
DOMAIN-SUFFIX,smtp,DIRECT
URL-REGEX,(Subject|HELO|SMTP),DIRECT
# > Unbreak 后续规则修正
RULE-SET,https://raw.githubusercontent.com/DivineEngine/Profiles/master/Surge/Ruleset/Unbreak.list,DIRECT
# > Advertising 广告拦截
RULE-SET,https://raw.githubusercontent.com/DivineEngine/Profiles/master/Surge/Ruleset/Guard/Advertising.list,REJECT-TINYGIF
DOMAIN-SET,https://raw.githubusercontent.com/DivineEngine/Profiles/master/Surge/Ruleset/Guard/AdvertisingPlus.list,REJECT
# > 🆕 拒绝国家反诈中心请求
DOMAIN-SUFFIX,gjfzpt.cn,REJECT
# > Privacy 隐私保护
# RULE-SET,https://raw.githubusercontent.com/DivineEngine/Profiles/master/Surge/Ruleset/Guard/Privacy.list,REJECT-TINYGIF
# > 🆕 Anti-IPCheck 阻断大陆app的ip查询
# RULE-SET,https://raw.githubusercontent.com/bunizao/TutuBetterRules/tutu/RuleList/DOMAlN/Anti-IPCheck.list,🌀 𝑨𝒖𝒕𝒐𝒎𝒂𝒕𝒊𝒄
# > 规则们的party
RULE-SET,https://raw.githubusercontent.com/DivineEngine/Profiles/master/Surge/Ruleset/Guard/Hijacking.list,REJECT-TINYGIF
# > Stream Media
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/BiliBili/BiliBili.list,🍺 𝒃𝒊𝒍𝒊𝒃𝒊𝒍𝒊
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/Disney/Disney.list,🎬 𝑫𝒊𝒔𝒏𝒆𝒚+
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/Netflix/Netflix.list,🎥 𝑵𝒆𝒕𝒇𝒍𝒊𝒙
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/AbemaTV/AbemaTV.list,🇯🇵 𝑱𝒂𝒑𝒂𝒏 // AbemaTV
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/Peacock/Peacock.list,🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔 // Peacock
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/HBOUSA/HBOUSA.list,🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔 // HBO NOW && HBO MAX
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/PayPal/PayPal.list,💰 𝑷𝒂𝒚𝑷𝒂𝒍
RULE-SET,https://raw.githubusercontent.com/bunizao/TutuBetterRules/tutu/RuleList/DOMAlN/Telegram.list,☎️ 𝑻𝒆𝒍𝒆𝒈𝒓𝒂𝒎
RULE-SET,https://raw.githubusercontent.com/Semporia/TikTok-Unlock/master/Surge/TikTok.list,📺 𝑻𝒊𝒌𝑻𝒐𝒌
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/Speedtest/Speedtest.list,🕸️ 𝑺𝒑𝒆𝒆𝒅𝒕𝒆𝒔𝒕
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/Twitter/Twitter.list,⌨️ 𝑻𝒘𝒊𝒕𝒕𝒆𝒓
# > OpenAI & ChatGPT
RULE-SET,https://raw.githubusercontent.com/zxfccmm4/Surge/main/rules/OpenAI.list,🧠 𝑪𝒉𝒂𝒕𝑮𝑷𝑻
# > Tesla
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/Tesla/Tesla.list,🚗 𝑻𝒆𝒔𝒍𝒂
# > Youtube & Google Search
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/YouTube/YouTube.list,🎞️ 𝒀𝒐𝒖𝑻𝒖𝒃𝒆
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/GoogleSearch/GoogleSearch.list,🎞️ 𝒀𝒐𝒖𝑻𝒖𝒃𝒆
# > Apple
RULE-SET,https://raw.githubusercontent.com/bunizao/TutuBetterRules/tutu/RuleList/DOMAlN/Apple_Direct.list,DIRECT
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Clash/AppleNews/AppleNews.list,🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔
RULE-SET,https://raw.githubusercontent.com/bunizao/TutuBetterRules/tutu/RuleList/DOMAlN/Apple_Proxy.list,DIRECT
# RULE-SET,https://raw.githubusercontent.com/bunizao/TutuBetterRules/tutu/RuleList/DOMAlN/iCloudPrivateRelay.list,📎 𝐏𝐫𝐨𝐱𝐲 // iCloud Private Relay：MacOS上的Surge网关才能用 iOS不需要请禁用。
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/Apple/Apple.list,🍎 𝑨𝒑𝒑𝒍𝒆
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/Weibo/Weibo.list,🧣 𝑾𝒆𝒊𝒃𝒐
# > Github代理
RULE-SET,https://raw.githubusercontents.com/blackmatrix7/ios_rule_script/master/rule/Surge/GitHub/GitHub.list,🌀 𝑨𝒖𝒕𝒐𝒎𝒂𝒕𝒊𝒄
# > WeChat 根据你自己的Wechat DC选择策略
# RULE-SET,https://raw.githubusercontent.com/DivineEngine/Profiles/master/Surge/Ruleset/Extra/WeChat.list,🇸🇬 𝑺𝒊𝒏𝒈𝒂𝒑𝒐𝒓𝒆
# RULE-SET,https://raw.githubusercontent.com/DivineEngine/Profiles/master/Surge/Ruleset/Extra/WeChat.list,🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔
# > Streaming 国际流媒体服务
RULE-SET,https://raw.githubusercontent.com/DivineEngine/Profiles/master/Surge/Ruleset/StreamingMedia/Streaming.list,🌀 𝑨𝒖𝒕𝒐𝒎𝒂𝒕𝒊𝒄
# > Global 全球加速
RULE-SET,https://raw.githubusercontent.com/DivineEngine/Profiles/master/Surge/Ruleset/Global.list,🌀 𝑨𝒖𝒕𝒐𝒎𝒂𝒕𝒊𝒄
# > China 中国直连
RULE-SET,https://raw.githubusercontent.com/DivineEngine/Profiles/master/Surge/Ruleset/China.list,DIRECT
# > Local Area Network 局域网
RULE-SET,LAN,DIRECT
# > ASN China 分流
# RULE-SET,https://raw.githubusercontent.com/VirgilClyne/GetSomeFries/main/ruleset/ASN.China.list,DIRECT
# > 兜底规则
FINAL,⚙️ 𝑵𝒐𝑨𝒖𝒕𝒐,dns-failed
# 应用代理
# pikpak
DOMAIN-SUFFIX,mypikpak.com,🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔 // Added for: api-drive.mypikpak.com:443
# PayPal
RULE-SET,https://raw.githubusercontent.com/DivineEngine/Profiles/master/Surge/Ruleset/Extra/PayPal.list,🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔
# Roit 游戏分流规则
RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Surge/Riot/Riot.list,🇺🇸 𝑼𝒏𝒊𝒕𝒆𝒅 𝑺𝒕𝒂𝒕𝒆𝒔


[Host]

*.taobao.com = server:223.5.5.5
*.tmall.com = server:223.5.5.5
*.alipay.com = server:223.5.5.5
*.alicdn.com = server:223.5.5.5
*.aliyun.com = server:223.5.5.5
*.jd.com = server:119.28.28.28
*.qq.com = server:119.28.28.28
*.tencent.com = server:119.28.28.28
*.weixin.com = server:119.28.28.28
*.bilibili.com = server:119.29.29.29
hdslb.com = server:119.29.29.29
*.163.com = server:119.29.29.29
*.126.com = server:119.29.29.29
*.126.net = server:119.29.29.29
*.127.net = server:119.29.29.29
*.netease.com = server:119.29.29.29
*.mi.com = server:119.29.29.29
*.xiaomi.com = server:119.29.29.29
*testflight.apple.com = server:8.8.4.4

# Firebase Cloud Messaging
mtalk.google.com = 108.177.125.188

# Google Dl
dl.google.com = server:119.29.29.29
dl.l.google.com = server:119.29.29.29
update.googleapis.com = server:119.29.29.29

# Router Admin Panel
amplifi.lan = server:syslib // Ubiquiti Amplifi Router
router.synology.com = server:syslib // Synology Router
sila.razer.com = server:syslib // Razer Sila Router
router.asus.com = server:syslib // Asus Router
routerlogin.net = server:syslib // Netgear Router
orbilogin.com = server:syslib // Netgear Obri Router
www.LinksysSmartWiFi.com = server:syslib // Linksys Router
LinksysSmartWiFi.com = server:syslib // Linksys Router
myrouter.local = server:syslib // Linksys Router
www.miwifi.com = server:syslib // Xiaomi Mi WiFi Router
miwifi.com = server:syslib // Xiaomi Mi WiFi Router
mediarouter.home = server:syslib // Huawei Router
tplogin.cn = server:syslib // TP-Link Router
tplinklogin.net = server:syslib // TP-Link Router
melogin.cn = server:syslib // MERCURY Router
falogin.cn = server:syslib // FAST Router
# CUSTOM HOST

# 该段定义针对 HTTP 请求的 URL 重定向规则
# 有两种重定向方式: "header" 和 "302"
# 
# Header 模式
# Surge 会修改发出的 http header，必要时还会修改 Host 字段。客户端将
# 感知不到这个重定向过程. 不支持重定向到一个 HTTPS 的地址。
# 
# 302 模式
# Surge 直接简单的返回一个 302 重定向回应。
[URL Rewrite]
# Redirect Google Search Service
^https?:\/\/(www.)?(g|google)\.cn https://www.google.com 302

# Redirect Google Maps Service
^https?:\/\/(ditu|maps).google\.cn https://maps.google.com 302

# Redirect HTTP to HTTPS
^https?:\/\/(www.)?taobao\.com\/ https://taobao.com/ 302
^https?:\/\/(www.)?jd\.com\/ https://www.jd.com/ 302
^https?:\/\/(www.)?mi\.com\/ https://www.mi.com/ 302
^https?:\/\/you\.163\.com\/ https://you.163.com/ 302
^https?:\/\/(www.)?suning\.com\/ https://suning.com/ 302
^https?:\/\/(www.)?yhd\.com\/ https://yhd.com/ 302

# AbeamTV
^https?:\/\/api\.abema\.io\/v\d\/ip\/check - reject
# CUSTOM URL

[Header Rewrite]
^https?:\/\/.*\.zhihu\.com\/(question|topic) header-replace User-Agent "osee2unifiedRelease/4432 osee2unifiedReleaseVersion/7.8.0 Mozilla/5.0 (iPhone; CPU iPhone OS 14_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mo    bile/15E148"

# 该段仅在 iOS 版本下生效。 
# 你可以为某些特定的 WiFi 网络设置设置参数
# 参数:
# suspend: "true" 或 "false"
# 在该网络下 Surge 将暂停工作。 请注意，如果你在该网络下直接启动 Surge，那么 
# Surge 依然会工作。只有当从其他网络切换到该网络时，Surge 才会暂停。
#
# SSID Setting 段表达式（适用 SUBNET 规则）
#   可使用 MCCMNC:100-200 匹配特定数据网络
#   可使用 SSID:value 特定匹配 SSID，支持通配符
#   可使用 BSSID:value 特定匹配 BSSID，支持通配符
#   可使用 ROUTER:value 特定匹配路由地址
#   可使用 TYPE:WIFI 匹配所有 WiFi 网络
#   可使用 TYPE:CELLULAR 匹配所有数据网络
#   可使用 TYPE:WIRED 匹配所有有线网络（iOS 上支持 USB 网络适配
# 参数 cellular-fallback 可单独控制一些 Wi-Fi 下的 all-hybrid 和 wifi-assist 行为
#   cellular-fallback=default 使用 [General] 中的 all-hybrid 和 wifi-assist 配置/
#   cellular-fallback=off 关闭 all-hybrid 和 wifi-assist
#   cellular-fallback=hybrid 开启 all-hybrid 
#   cellular-fallback=wifi-assist 开启 wifi-assist
# 如无前缀则按照旧版规则匹配 SSID、BSSID、路由地址
# SSID Setting 段内容从上至下依次匹配，匹配到第一个结果后立刻终止
#
# 中国用户若使用 TFO 建议强制关闭数据网络上的 TFO，避免产生问题，然后在已测试过的网络上强制开启。只有这样配置后方可充分享受 TFO 的优势。
[SSID Setting]
# Temporarily Suspend
"SSID Here" suspend=true
# TCP Fast Open
"My Home" tfo-behaviour=force-enabled
TYPE:CELLULAR tfo-behaviour=force-disabled

[MITM]
# 跳过服务端证书验证
skip-server-cert-verify = true
# MITM over HTTP/2
//MITM over HTTP/2：使用 HTTP/2 协议进行 MITM 解密，可在高并发下优化性能
h2 = true
# 主机名
//Surge 仅会解密这里指定的主机名的请求，ios 系统和某些应用有严格的安全策略，仅信任某些特定的证书，对这些域名启动解密可能导致问题，如 *apple.com, *icloud.com.
#   可使用通配符* 和？
#   可使用前缀-将特定主机名排除
#   默认仅解密发往 443 端口的请求
#   可使用后缀：port 解密特定端口
#   可使用后缀：0解密所有端口
tcp-connection = true
hostname = www.google.cn, api.abema.io, *.zhihu.com, -CUSTOMMitM, sub.store

[Panel]
flushDNS = script-name=flushDNS,update-interval=-1

[Script]
# Flush DNS, show the DNS delay and server.
flushDNS = type=generic,timeout=10,script-path=https://raw.githubusercontent.com/zZPiglet/Task/master/asset/flushDNS.js,argument=icon=wand.and.stars.inverse&color=#3d3d5b