Surge Personal Settings Reference

·(edited)· / ·

888

reads

AI TranslationSimplified ChineseEnglish

Key Insights

AI · GEN

Disclaimer

The following are some personalized configurations I made for a better user experience while using Surge personally, for your reference.

Some of these refer to the configuration guide and rule sets from SukkaW, and I would like to express my gratitude.

It is not ruled out that the following configurations may not work well on your device; please try and modify them yourself.

Also: Please support genuine software.

General Section

CodeBlock Loading...

Skip local IPs and common software proxy detection domains

CodeBlock Loading...

Hijack Google DNS requests to prevent Google products from bypassing the Surge proxy

CodeBlock Loading...

For proxy software, IPv6 is not yet perfect; it is recommended to keep it disabled for now

CodeBlock Loading...

Bypass proxy for localhost, etc., show error page for rejections, read system hosts

CodeBlock Loading...

Latency and UDP test URLs. Recommend SukkaW's Mini Test Tool

CodeBlock Loading...

DNS configuration. If DNS hijacking is not particularly severe, it is recommended to use the built-in one for optimal resolution

CodeBlock Loading...

Makes Surge treat TCP connections as HTTP requests, enabling rewriting of google.cn requests from other devices in Mac gateway mode

CodeBlock Loading...

Subsequent action for proxies that do not support UDP forwarding; it is recommended to use REJECT to prevent connection leaks

The merged General configuration is as follows:

CodeBlock Loading...

Proxy and Proxy Group Section

This section mainly consists of your own server sets and routing rules. The best configuration is the one that best suits your usage habits.

Personally, I don't like very complex policy group selections, and I don't have that need. Routing rules can be referenced from Github

Additionally: It is recommended to use Surge's latest feature: Smart Policy Group, which can significantly reduce concerns about testing policy group availability.

Rule Section

CodeBlock Loading...

The Rule field uses SukkaW's rule sets, trimmed according to my actual situation. For details, see SukkaW.

Host Section

CodeBlock Loading...

Since most domestic ISPs currently perform DNS pollution on Github, the above configuration uses 1.1.1.1 DNS resolution for Github URLs.

MITM & Script

The MITM and script functions mainly depend on personal needs. For script searching, you can follow NobyDa's TG channel

Here are some scripts I am currently using, for your reference.

CodeBlock Loading...

These are Alibaba Cloud check-in script, AliYun Drive check-in, Amap Ride-hailing check-in, and Longfor Tianjie check-in. The four below are Cookie acquisition scripts.

The corresponding hostname needs to be added:

CodeBlock Loading...

Modules

Refer to LoonKissSurge Repository. Please choose the required modules yourself. Grateful for the selfless dedication of various developers.

Special Configuration for China Broadnet

Because China Broadnet's network infrastructure is not yet perfect, there is a high probability of experiencing long spinning circles for "Connecting" / "Receiving" while using WeChat. The following configuration has been tested and can effectively improve this.

~~Trash Broadnet, already canceled the card, switched to Unicom which has even worse network~~

CodeBlock Loading...

Add the above to [Rule] to drop all UDP and QUIC requests on port 443

CodeBlock Loading...

Add the above to [Host] to resolve WeChat-related domains using 360 DNS

The above are the tested working configurations that can significantly improve the WeChat spinning issue. If you have better configurations, please feel free to comment and share.

Disclaimer

The following are some personalized configurations I made for a better user experience while using Surge personally, for your reference.

Some of these refer to the configuration guide and rule sets from SukkaW, and I would like to express my gratitude.

It is not ruled out that the following configurations may not work well on your device; please try and modify them yourself.

Also: Please support genuine software.

General Section

skip-proxy = 127.0.0.0/8, 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12, 100.64.0.0/10, 162.14.0.0/16, 211.99.96.0/19, 162.159.192.0/24, 162.159.193.0/24, 162.159.195.0/24, fc00::/7, fe80::/10, localhost, *.local, captive.apple.com, passenger.t3go.cn, *.ccb.com, wxh.wo.cn, *.abcchina.com, *.abcchina.com.cn, *.ccb.com.cn

CodeBlock Loading...

Skip local IPs and common software proxy detection domains

hijack-dns = 8.8.8.8:53, 8.8.4.4:53

CodeBlock Loading...

Hijack Google DNS requests to prevent Google products from bypassing the Surge proxy

ipv6 = false
ipv6-vif = disabled

CodeBlock Loading...

For proxy software, IPv6 is not yet perfect; it is recommended to keep it disabled for now

exclude-simple-hostnames = true
show-error-page-for-reject = true
read-etc-hosts = true

CodeBlock Loading...

Bypass proxy for localhost, etc., show error page for rejections, read system hosts

internet-test-url = http://connectivitycheck.platform.hicloud.com/generate_204
proxy-test-url = http://latency-test.skk.moe/endpoint
proxy-test-udp = [email protected]

CodeBlock Loading...

Latency and UDP test URLs. Recommend SukkaW's Mini Test Tool

dns-server = system

CodeBlock Loading...

DNS configuration. If DNS hijacking is not particularly severe, it is recommended to use the built-in one for optimal resolution

force-http-engine-hosts = www.google.cn:80

CodeBlock Loading...

Makes Surge treat TCP connections as HTTP requests, enabling rewriting of google.cn requests from other devices in Mac gateway mode

udp-policy-not-supported-behaviour = REJECT

CodeBlock Loading...

Subsequent action for proxies that do not support UDP forwarding; it is recommended to use REJECT to prevent connection leaks

The merged General configuration is as follows:

[General]
skip-proxy = 127.0.0.0/8, 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12, 100.64.0.0/10, 162.14.0.0/16, 211.99.96.0/19, 162.159.192.0/24, 162.159.193.0/24, 162.159.195.0/24, fc00::/7, fe80::/10, localhost, *.local, captive.apple.com, passenger.t3go.cn, *.ccb.com, wxh.wo.cn, *.abcchina.com, *.abcchina.com.cn, *.ccb.com.cn
hijack-dns = 8.8.8.8:53, 8.8.4.4:53
ipv6 = false
ipv6-vif = disabled
exclude-simple-hostnames = true
show-error-page-for-reject = true
read-etc-hosts = true
internet-test-url = http://connectivitycheck.platform.hicloud.com/generate_204
proxy-test-url = http://latency-test.skk.moe/endpoint
proxy-test-udp = [email protected]
dns-server = system
force-http-engine-hosts = www.google.cn:80
udp-policy-not-supported-behaviour = REJECT

CodeBlock Loading...

Proxy and Proxy Group Section

This section mainly consists of your own server sets and routing rules. The best configuration is the one that best suits your usage habits.

Personally, I don't like very complex policy group selections, and I don't have that need. Routing rules can be referenced from Github

Additionally: It is recommended to use Surge's latest feature: Smart Policy Group, which can significantly reduce concerns about testing policy group availability.

Rule Section

[Rule]
DOMAIN-SET,https://ruleset.skk.moe/List/domainset/reject.conf,REJECT,extended-matching //广告拦截
RULE-SET,https://ruleset.skk.moe/List/non_ip/reject.conf,REJECT,extended-matching //广告拦截
RULE-SET,https://ruleset.skk.moe/List/ip/reject.conf,REJECT-DROP //广告拦截
RULE-SET,https://ruleset.skk.moe/List/non_ip/reject-no-drop.conf,REJECT-NO-DROP,extended-matching //广告拦截
RULE-SET,https://ruleset.skk.moe/List/non_ip/reject-drop.conf,REJECT-DROP,extended-matching //广告拦截
DOMAIN-SET,https://ruleset.skk.moe/List/domainset/cdn.conf,Proxy,extended-matching //国外CDN
RULE-SET,https://ruleset.skk.moe/List/non_ip/ai.conf,Proxy,extended-matching //AI相关服务，可换成自己的策略组名称
RULE-SET,https://ruleset.skk.moe/List/non_ip/global.conf,Proxy,extended-matching //常见国际网站
RULE-SET,https://ruleset.skk.moe/List/non_ip/domestic.conf,DIRECT,extended-matching //常见国内网站
RULE-SET,https://ruleset.skk.moe/List/non_ip/lan.conf,DIRECT //本地服务
RULE-SET,https://ruleset.skk.moe/List/ip/telegram.conf,Proxy //Telegram
PROCESS-NAME,Telegram,REJECT-DROP //Telegram，结合上一条使用
RULE-SET,https://ruleset.skk.moe/List/ip/lan.conf,DIRECT //本地服务-ip
RULE-SET,https://ruleset.skk.moe/List/non_ip/direct.conf,DIRECT,extended-matching //直连的服务
RULE-SET,https://ruleset.skk.moe/List/ip/domestic.conf,DIRECT //常见国内ip
RULE-SET,https://ruleset.skk.moe/List/ip/china_ip.conf,DIRECT //国内ip
FINAL,Proxy,dns-failed //回退

CodeBlock Loading...

The Rule field uses SukkaW's rule sets, trimmed according to my actual situation. For details, see SukkaW.

Host Section

github.com = server:1.1.1.1 // Github
*.github.com = server:1.1.1.1 // Github
*.githubusercontent.com = server:1.1.1.1 // Github

CodeBlock Loading...

Since most domestic ISPs currently perform DNS pollution on Github, the above configuration uses 1.1.1.1 DNS resolution for Github URLs.

MITM & Script

The MITM and script functions mainly depend on personal needs. For script searching, you can follow NobyDa's TG channel

Here are some scripts I am currently using, for your reference.

Ali-Point = type=cron,cronexp="0 6,13 * * *",timeout=600,script-path=https://raw.githubusercontent.com/leiyiyan/resource/main/script/aliyun_web/aliyun_web.js,script-update-interval=259200
AliYun_Checkin = type=cron,cronexp=44 6 * * *,script-path=https://gist.githubusercontent.com/Sliverkiss/33800a98dcd029ba09f8b6fc6f0f5162/raw/aliyun.js,script-update-interval=259200,timeout=600
Amap_Checkin = type=cron,cronexp=47 6 * * *,timeout=60,script-path=https://raw.githubusercontent.com/wf021325/qx/master/task/ampDache.js,script-update-interval=259200
Longfor_Checkin = type=cron,cronexp=42 6 * * *,script-path=https://raw.githubusercontent.com/leiyiyan/resource/main/script/lhtj/lhtj.js,script-update-interval=259200,timeout=120
Ali_Points = type=http-response,pattern=^https?:\/\/developer\.aliyun\.com\/developer\/api\/my\/user\/getUser,requires-body=1,max-size=0,binary-body-mode=0,timeout=60,script-path=https://raw.githubusercontent.com/leiyiyan/resource/main/script/aliyun_web/aliyun_web.js,script-update-interval=259200
# AliYun_Cookie = type=http-request,pattern=^https:\/\/(auth|aliyundrive)\.alipan\.com\/v2\/account\/token,requires-body=1,max-size=0,binary-body-mode=0,script-path=https://gist.githubusercontent.com/Sliverkiss/33800a98dcd029ba09f8b6fc6f0f5162/raw/aliyun.js,script-update-interval=259200
# Amap_Cookie = type=http-response,pattern=^https:\/\/(m5(|-zb)|dache)\.amap\.com\/(ws\/yuece\/(act|openapi\/activity\/current)\/query|common\/(alipaymini|wxmini)\?_ENCRYPT=),requires-body=1,max-size=0,binary-body-mode=0,script-path=https://raw.githubusercontent.com/wf021325/qx/master/task/ampDache.js,script-update-interval=0
# Longfor_Cookie = script-path=https://raw.githubusercontent.com/leiyiyan/resource/main/script/lhtj/lhtj.js,timeout=60,tag=龙湖天街获取Cookie,type=http-request,pattern=^https?:\/\/gw2c\-hw\-open\.longfor\.com\/lmarketing\-task\-api\-mvc\-prod\/openapi\/task\/v1\/signature\/clock,requires-body=0,script-update-interval=0

CodeBlock Loading...

These are Alibaba Cloud check-in script, AliYun Drive check-in, Amap Ride-hailing check-in, and Longfor Tianjie check-in. The four below are Cookie acquisition scripts.

The corresponding hostname needs to be added:

hostname = developer.aliyun.com, *.amap.com, auth.alipan.com, auth.aliyundrive.com, gw2c-hw-open.longfor.com

CodeBlock Loading...

Modules

Refer to LoonKissSurge Repository. Please choose the required modules yourself. Grateful for the selfless dedication of various developers.

Special Configuration for China Broadnet

~~Trash Broadnet, already canceled the card, switched to Unicom which has even worse network~~

AND,((SUBNET,TYPE:CELLULAR), (OR,((PROTOCOL,UDP), (PROTOCOL,QUIC))), (DEST-PORT,443)),REJECT-NO-DROP

CodeBlock Loading...

Add the above to [Rule] to drop all UDP and QUIC requests on port 443

*.qq.com = server:101.226.4.6 // QQ
*.qlogo.cn = server:101.226.4.6 // 腾讯头像
*.qpic.cn = server:101.226.4.6 // 腾讯图片
*.weixin.qq.com = server:101.226.4.6 // 微信
*.wx.qq.com = server:101.226.4.6 // 微信
*.weixin.com = server:101.226.4.6 // 微信
*.weixinbridge.com = server:101.226.4.6 // 微信公众平台
*.wechat.com = server:101.226.4.6 // WeChat
*.servicewechat.com = server:101.226.4.6 // 微信小程序

CodeBlock Loading...

Add the above to [Host] to resolve WeChat-related domains using 360 DNS

The above are the tested working configurations that can significantly improve the WeChat spinning issue. If you have better configurations, please feel free to comment and share.