ty-cs · April 28, 2019 16:40
diff --git a/en.conf.ini b/en.conf.ini
 # You can download this config from: http://surge.run/config-example/ios.conf
 # Edit with your computer and copy back to iOS device via iTunes, URL, AirDrop 
 # or iCloud Drive
 # Version 2.0

 [General]
 # Log level: warning, notify, info, verbose (Default: notify)
 loglevel = notify
 # Skip domain or IP range. These hosts will not be processed by Surge Proxy. 
 # (In macOS version when Set as System Proxy enabled, these hosts will be
 # applied to system network proxy settings.)
 skip-proxy = 127.0.0.1, 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12, 100.64.0.0/10, localhost, *.local
 # Override the DNS server provided by system.
 dns-server = 8.8.8.8, 8.8.4.4
 # Enable external controller access. This is for Surge-CLI and other tools.
 external-controller-access = [email protected]:8888

 # These parameters below are only for iOS version
 # Bypass system related connection to TUN interface, and automatically add rule 
 # "IP-CIDR,17.0.0.0/8,DIRECT"
 bypass-system = true
 # Bypass IP range for TUN interface
 bypass-tun = 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12
 # Whether dump http traffic (huge perfermance impact) (Default: false)
 replica = false
 # Whether enable fully IPv6 support (Default: false)
 ipv6 = false

 # These parameters below are only for macOS version
 # Server listen interface (Default: 127.0.0.1)
 interface = 0.0.0.0
 # HTTP server port (Default: 6152)
 port = 6152
 # SOCKS5 server port (Default: 6153)
 socks-port = 6153

 # This section declares proxy policy
 # 
 # OPTIONS for all proxy type:
 #   interface: Optional (Default: null).
 #   Force to use a specified outgoing network interface or address
 #   (Only available in macOS)
 #   Example: ProxyHTTP = http, 1.2.3.4, 443, username, password, interface = en2
 #            en1 = direct, interface = en1
 # 
 # OPTIONS for proxy with tls enabled:
 #   skip-common-name-verify: Optional, "true" or "false" (Default: false).
 #   If this option is enabled, Surge will not verify whether the certificate 
 #   common name field is matched.
 [Proxy]
 ProxyHTTP = http, 1.2.3.4, 443, username, password, skip-common-name-verify=false
 ProxyHTTPS = http, 1.2.3.4, 443, username, password, tls=true // equivalent to "https, 1.2.3.4, 443, username, password"
 ProxySOCKS5 = socks5, 1.2.3.4, 443, username, password
 ProxySOCKS5TLS = socks5, 1.2.3.4, 443, username, password, tls=true

 # This section declares policy group
 # A policy group may contain multiple policies. It can be a proxy policy, 
 # another policy group or an internal policy (DIRECT and REJECT).
 # There are three group types: "select", "url-test" and "ssid"
 # 
 # select: Select which policy will be used from user interface
 # 
 # url-test: Select which policy will be used by benchmarking speed to a URL
 #   OPTIONS:
 #   url: Required.
 #   Specify which URL will be tested.
 #   interval: Optional, s (Default: 600s).
 #   Decide how long the benchmark result will be discarded.
 #   tolerance: Optional, ms (Default: 100ms).
 #   Policy will be changed only when the new winner has a higher score than the 
 #   old winner's score plus the tolerance.
 #   timeout: Optional, s (Default: 5s). 
 #   Give up a policy if not finished until timeout.
 # 
 # ssid: Select which policy will be used by Wi-FI SSID
 #   OPTIONS:
 #   default: Required. 
 #   The policy when no matched SSID option found.
 #   cellular: Optional. 
 #   The policy under cellular network. If not provide, the default policy will 
 #   be used.
 [Proxy Group]
 SelectGroup = select, ProxyHTTP, ProxyHTTPS, DIRECT, REJECT
 AutoTestGroup = url-test, ProxySOCKS5, ProxySOCKS5TLS, url = http://www.google.com/generate_204
 SSIDGroup = ssid, default = ProxyHTTP, cellular = ProxyHTTP, SSIDName = ProxySOCKS5

 # This section declares outgoing policy rule
 # A rule contains three basic parts:
 #          TYPE,         VALUE,         POLICY
 # Example: DOMAIN-SUFFIX,apple.com,     DIRECT
 #          IP-CIDR,      192.168.0.0/16,ProxyA
 # 
 # There are three domain based rule types: "DOMAIN", "DOMAIN-SUFFIX" and 
 # "DOMAIN-KEYWORD"
 # 
 #   OPTIONS:
 #   force-remote-dns: Optional (Default: false). 
 #   If a request is matched by this rule, and the policy isn't DIRECT. The DNS 
 #   lookup will always happen in remote proxy server, even if the request is 
 #   handled by Surge TUN interface. See manual for more information.
 # 
 # There are two IP based rule types: "IP-CIDR" and "GEOIP".
 # If a request is using a domain. Surge need to resolve this domain to 
 # determine if the request should be matched. If DNS lookup fails, the rule 
 # process will be aborted and an error raises.
 # 
 #   OPTIONS:
 #   no-resolve: Optional (Default: false). 
 #   Skip this rule if the request is using a domain.
 [Rule]
 DOMAIN-SUFFIX,appldnld.apple.com,DIRECT
 DOMAIN-SUFFIX,adcdownload.apple.com,DIRECT
 DOMAIN-SUFFIX,swcdn.apple.com,DIRECT
 DOMAIN-SUFFIX,phobos.apple.com,DIRECT

 DOMAIN-KEYWORD,google,ProxyHTTP
 DOMAIN-KEYWORD,facebook,SelectGroup
 DOMAIN-KEYWORD,blogspot,AutoTestGroup
 DOMAIN-KEYWORD,youtube,SSIDGroup

 DOMAIN-SUFFIX,apple.com,ProxyHTTPS
 DOMAIN-SUFFIX,ad.com,REJECT

 IP-CIDR,192.168.0.0/16,DIRECT
 IP-CIDR,10.0.0.0/8,DIRECT
 IP-CIDR,172.16.0.0/12,DIRECT
 IP-CIDR,127.0.0.0/8,DIRECT

 GEOIP,CN,DIRECT
 FINAL,ProxyHTTP

 # This section declares local DNS map
 # This is a equivalent function to /etc/hosts, with wildcard and alias support.
 [Host]
 abc.com = 1.2.3.4
 *.dev = 6.7.8.9
 foo.com = bar.com

 # This section declares URL rewrite rules for HTTP request
 # There are two rewrite types: "header" and "302"
 # 
 # Header Mode:
 # Surge will modify the request header and redirect the request to another host 
 # if necessary. The client will not feel this rewrite action. 
 # But you can't redirect to an URL with HTTPS scheme.
 # 
 # 302 Mode:
 # Surge will simplely return a 302 redirect response.
 [URL Rewrite]
 ^http://www.google.cn http://www.google.com header
 ^http://yachen.com https://yach.me 302

 # This section is only available in iOS. 
 # You can specify some special option for a WiFi network by SSID
 # 
 # OPTIONS:
 # suspend: "true" or "false". 
 # Surge will suspend under this network. Please notice that Surge will still 
 # work if you start Surge under this SSID directly. This option is only 
 # triggered while network switching.
 [SSID Setting]
 "SSID Here" suspend=true
	# You can download this config from: http://surge.run/config-example/ios.conf
	# Edit with your computer and copy back to iOS device via iTunes, URL, AirDrop
	# or iCloud Drive
	# Version 2.0

	[General]
	# Log level: warning, notify, info, verbose (Default: notify)
	loglevel = notify
	# Skip domain or IP range. These hosts will not be processed by Surge Proxy.
	# (In macOS version when Set as System Proxy enabled, these hosts will be
	# applied to system network proxy settings.)
	skip-proxy = 127.0.0.1, 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12, 100.64.0.0/10, localhost, *.local
	# Override the DNS server provided by system.
	dns-server = 8.8.8.8, 8.8.4.4
	# Enable external controller access. This is for Surge-CLI and other tools.
	external-controller-access = [email protected]:8888

	# These parameters below are only for iOS version
	# Bypass system related connection to TUN interface, and automatically add rule
	# "IP-CIDR,17.0.0.0/8,DIRECT"
	bypass-system = true
	# Bypass IP range for TUN interface
	bypass-tun = 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12
	# Whether dump http traffic (huge perfermance impact) (Default: false)
	replica = false
	# Whether enable fully IPv6 support (Default: false)
	ipv6 = false

	# These parameters below are only for macOS version
	# Server listen interface (Default: 127.0.0.1)
	interface = 0.0.0.0
	# HTTP server port (Default: 6152)
	port = 6152
	# SOCKS5 server port (Default: 6153)
	socks-port = 6153

	# This section declares proxy policy
	#
	# OPTIONS for all proxy type:
	# interface: Optional (Default: null).
	# Force to use a specified outgoing network interface or address
	# (Only available in macOS)
	# Example: ProxyHTTP = http, 1.2.3.4, 443, username, password, interface = en2
	# en1 = direct, interface = en1
	#
	# OPTIONS for proxy with tls enabled:
	# skip-common-name-verify: Optional, "true" or "false" (Default: false).
	# If this option is enabled, Surge will not verify whether the certificate
	# common name field is matched.
	[Proxy]
	ProxyHTTP = http, 1.2.3.4, 443, username, password, skip-common-name-verify=false
	ProxyHTTPS = http, 1.2.3.4, 443, username, password, tls=true // equivalent to "https, 1.2.3.4, 443, username, password"
	ProxySOCKS5 = socks5, 1.2.3.4, 443, username, password
	ProxySOCKS5TLS = socks5, 1.2.3.4, 443, username, password, tls=true

	# This section declares policy group
	# A policy group may contain multiple policies. It can be a proxy policy,
	# another policy group or an internal policy (DIRECT and REJECT).
	# There are three group types: "select", "url-test" and "ssid"
	#
	# select: Select which policy will be used from user interface
	#
	# url-test: Select which policy will be used by benchmarking speed to a URL
	# OPTIONS:
	# url: Required.
	# Specify which URL will be tested.
	# interval: Optional, s (Default: 600s).
	# Decide how long the benchmark result will be discarded.
	# tolerance: Optional, ms (Default: 100ms).
	# Policy will be changed only when the new winner has a higher score than the
	# old winner's score plus the tolerance.
	# timeout: Optional, s (Default: 5s).
	# Give up a policy if not finished until timeout.
	#
	# ssid: Select which policy will be used by Wi-FI SSID
	# OPTIONS:
	# default: Required.
	# The policy when no matched SSID option found.
	# cellular: Optional.
	# The policy under cellular network. If not provide, the default policy will
	# be used.
	[Proxy Group]
	SelectGroup = select, ProxyHTTP, ProxyHTTPS, DIRECT, REJECT
	AutoTestGroup = url-test, ProxySOCKS5, ProxySOCKS5TLS, url = http://www.google.com/generate_204
	SSIDGroup = ssid, default = ProxyHTTP, cellular = ProxyHTTP, SSIDName = ProxySOCKS5

	# This section declares outgoing policy rule
	# A rule contains three basic parts:
	# TYPE, VALUE, POLICY
	# Example: DOMAIN-SUFFIX,apple.com, DIRECT
	# IP-CIDR, 192.168.0.0/16,ProxyA
	#
	# There are three domain based rule types: "DOMAIN", "DOMAIN-SUFFIX" and
	# "DOMAIN-KEYWORD"
	#
	# OPTIONS:
	# force-remote-dns: Optional (Default: false).
	# If a request is matched by this rule, and the policy isn't DIRECT. The DNS
	# lookup will always happen in remote proxy server, even if the request is
	# handled by Surge TUN interface. See manual for more information.
	#
	# There are two IP based rule types: "IP-CIDR" and "GEOIP".
	# If a request is using a domain. Surge need to resolve this domain to
	# determine if the request should be matched. If DNS lookup fails, the rule
	# process will be aborted and an error raises.
	#
	# OPTIONS:
	# no-resolve: Optional (Default: false).
	# Skip this rule if the request is using a domain.
	[Rule]
	DOMAIN-SUFFIX,appldnld.apple.com,DIRECT
	DOMAIN-SUFFIX,adcdownload.apple.com,DIRECT
	DOMAIN-SUFFIX,swcdn.apple.com,DIRECT
	DOMAIN-SUFFIX,phobos.apple.com,DIRECT

	DOMAIN-KEYWORD,google,ProxyHTTP
	DOMAIN-KEYWORD,facebook,SelectGroup
	DOMAIN-KEYWORD,blogspot,AutoTestGroup
	DOMAIN-KEYWORD,youtube,SSIDGroup

	DOMAIN-SUFFIX,apple.com,ProxyHTTPS
	DOMAIN-SUFFIX,ad.com,REJECT

	IP-CIDR,192.168.0.0/16,DIRECT
	IP-CIDR,10.0.0.0/8,DIRECT
	IP-CIDR,172.16.0.0/12,DIRECT
	IP-CIDR,127.0.0.0/8,DIRECT

	GEOIP,CN,DIRECT
	FINAL,ProxyHTTP

	# This section declares local DNS map
	# This is a equivalent function to /etc/hosts, with wildcard and alias support.
	[Host]
	abc.com = 1.2.3.4
	*.dev = 6.7.8.9
	foo.com = bar.com

	# This section declares URL rewrite rules for HTTP request
	# There are two rewrite types: "header" and "302"
	#
	# Header Mode:
	# Surge will modify the request header and redirect the request to another host
	# if necessary. The client will not feel this rewrite action.
	# But you can't redirect to an URL with HTTPS scheme.
	#
	# 302 Mode:
	# Surge will simplely return a 302 redirect response.
	[URL Rewrite]
	^http://www.google.cn http://www.google.com header
	^http://yachen.com https://yach.me 302

	# This section is only available in iOS.
	# You can specify some special option for a WiFi network by SSID
	#
	# OPTIONS:
	# suspend: "true" or "false".
	# Surge will suspend under this network. Please notice that Surge will still
	# work if you start Surge under this SSID directly. This option is only
	# triggered while network switching.
	[SSID Setting]
	"SSID Here" suspend=true