Proxy Policy

A proxy policy indicates forwarding the request to another proxy server. Surge supports HTTP/HTTPS/SOCKS5/SOCKS5-TLS proxy protocols.

Section [Proxy] declares proxy policies. You can create multiple proxies for different rules.


ProxyHTTP = http,, 443, username, password
ProxyHTTPS = https,, 443, username, password
ProxySOCKS5 = socks5,, 443, username, password
ProxySOCKS5TLS = socks5-tls,, 443, username, password, skip-common-name-verify=true


Parameter for all proxy type

interface: Optional (Default: null).

Force to use a specified outgoing network interface or address (available in macOS only). Please make sure the interface has a valid route table to the destination address.

ProxyHTTP = http,, 443, username, password, interface = en2

Parameter for proxy with TLS (https and socks5-tls)

skip-common-name-verify: Optional, "true" or "false" (Default: false).

If this option is enabled, Surge will not verify whether the certificate common name field is matched.

sni (Default: proxy hostname)

You may customize Server Name Indication (SNI) during TLS handshank. Use sni=off to turn off SNI completely. By defualt Surge will send SNI with proxy hostname like most browsers.

results matching ""

    No results matching ""