A proxy policy indicates forwarding the request to another proxy server. Surge supports HTTP/HTTPS/SOCKS5/SOCKS5-TLS proxy protocols.
Section [Proxy] declares proxy policies. You can create multiple proxies for different rules.
[Proxy] ProxyHTTP = http, 220.127.116.11, 443, username, password ProxyHTTPS = https, 18.104.22.168, 443, username, password ProxySOCKS5 = socks5, 22.214.171.124, 443, username, password ProxySOCKS5TLS = socks5-tls, 126.96.36.199, 443, username, password, skip-common-name-verify=true
Parameter for all proxy type
interface: Optional (Default: null).
Force to use a specified outgoing network interface (available in macOS only). Please make sure the interface has a valid route table for the destination address.
ProxyHTTP = http, 188.8.131.52, 443, username, password, interface = en2
allow-other-interface: Optional (Default: false).
ProxyHTTP = http, 184.108.40.206, 443, username, password, interface = en2, allow-other-interface=true
When the option is ture, if the desired interface is not available, Surge is allowed to use another interface to setup the connection. Otherwise the connection will fail directly.
Parameter for proxy with TLS (https and socks5-tls)
skip-cert-verify: Optional, "true" or "false" (Default: false).
If this option is enabled, Surge will not verify the server's certificate.
sni (Default: hostname)
You may customize Server Name Indication (SNI) during TLS handshank. Use sni=off to turn off SNI completely. By defualt Surge will send SNI with hostname like most browsers.