[General] ipv6 = false loglevel = notify interface = 0.0.0.0 port = 6152 socks-interface = 0.0.0.0 socks-port = 6153 enhanced-mode-by-rule = true skip-proxy = 127.0.0.1, 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12, 100.64.0.0/10, localhost, *.local bypass-system = true bypass-tun = 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12
Enable full IPv6 support (Default: false)
ipv6 = false
loglevel (Default: notify)
loglevel = notify
One of verbose, info, notify or warning. It's not recommended to enable verbose in daily use because this will slow down the performance significantly.
skip-proxy = 127.0.0.1, 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12, 100.64.0.0/10, localhost, *.local
In iOS version, this option forces connections to these domain/IP ranges to be handled by Surge TUN, instead of Surge proxy. In macOS version, these settings will be applied to system when "Set as System Proxy" is enabled. This option is used to fix compatibility problems with some apps.
- To specify a single domain, enter the domain name - for example, apple.com.
- To specify all websites on a domain, use an asterisk before the domain name - for example, *apple.com.
- To specify a specific part of a domain, specify each part - for example, store.apple.com.
- To specify hosts or networks by IP addresses, enter a specific IP address such as 192.168.2.11 or an address range, such as 192.168.2.* or 192.168.2.0/24.
Notice: If you enter an IP address or address range, you will only be able to bypass the proxy when you connect to that host using that address, not when you connect to the host by a domain name that resolves to that address.
Surge Mac Special Options
Server listen interface (Default: 127.0.0.1)
interface = 0.0.0.0
HTTP server port (Default: 6152)
port = 6152
SOCKS5 server listen interface (Default: 127.0.0.1)
socks-interface = 0.0.0.0
SOCKS5 server port (Default: 6153)
socks-port = 6153
Enhanced Mode by Rule (Default: false)
enhanced-mode-by-rule = true
Surge iOS Special Options
Bypass System Related Request (Default: true)
bypass-system = true
This option will add some special rules. First, these rules below are added to allow domains to bypass Surge proxy server and use raw TCP:
api.smoot.apple.com configuration.apple.com xp.apple.com smp-device-content.apple.com guzzoni.apple.com captive.apple.com *.ess.apple.com *.push.apple.com *.push-apple.com.akadns.net
Second, this rule is added with the highest priority:
IP-CIDR, 184.108.40.206/8, DIRECT, no-resolve
If you disable this option, it may lead to some system problems, such as delays in push notifications.
Notice: Entire 220.127.116.11/8 address block is assigned to Apple.
tun-excluded-routes = 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12
Surge TUN can only process TCP and UDP protocols. Use this option to bypass specific IP ranges to allow all traffic to pass through.
Notice: This option only works for Surge TUN. Requests handled by Surge Proxy Server will not be affected. Combine 'skip-proxy' and 'tun-excluded-routes' to make sure that certain HTTP traffic bypasses Surge.
This option might cause a system error ENOMEM (Cannot allocate memory). It seems a bug in iOS system. Please do noy use this option if possible.
tun-included-routes = 192.168.1.12/32
By default, Surge TUN interface will declare itself as the default route. But since the Wi-Fi interface has a smaller route. Some traffic may not go through Surge TUN interface. Use this option to add a smaller route.