-
Notifications
You must be signed in to change notification settings - Fork 280
/
Copy pathsample.conf
237 lines (209 loc) · 16.9 KB
/
sample.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
# Sample Quantumult Configuration (v1.0.19)
#
# Line started with ";" or "#" or "//" shall be comments.
# 以 ";" 或 "#" 或 "//" 开头的行为注释行。
#
# SS-URI scheme can be found at https://shadowsocks.org/en/spec/SIP002-URI-Scheme.html
#
#
# Quantumult uses HEAD method send HTTP request to the server_check_url to test the proxy's status, the results should be two latencies, the first one is TCP handshake to the proxy server, the second one is the total time that Quantumult successfully received the HTTP response from the server_check_url. The lightning icon means that the TCP fast open is successful. If the server in section [server_local] or section [server_remote] has its own server_check_url, its own server_check_url will be used instead of the server_check_url in section [general].
#
# Quantumult 使用 HTTP HEAD 方法对测试网址 server_check_url 进行网页响应性测试(测试结果为通过该节点访问此网页获得 HTTP 响应所需要的时间),来确认节点的可用性。
# Quantumult 界面中的延迟测试方式均为网页响应性测试,显示的最终延迟均为通过对应节点访问测试网页获得 HTTP 响应所需要时间。
# 由于 Trojan 协议为无响应校验协议,使得 HTTP 检测方式即使获得了 HTTP 响应,也不代表节点一定可用。
#
#
# The dns_exclusion_list contains the domains that disabled the placeholder IP(240.*), domains that are not in the dns_exclusion_list all have placeholder IP enabled and have turned on the resolve-on-remote setting.
#
#
# The udp_whitelist contains the destination UDP port, empty means all the ports are in udp_whitelist. UDP packtes(through Quantumult tunnel interface) with destination ports that are not in the udp_whitelist will be dropped. This setting has nothing to do with the policy and has nothing to do with the proxy(server) port either.
#
# 参数 udp_whitelist 从 IP 层控制 UDP 数据是否需要舍弃;如舍弃,则该 UDP 请求不会进入规则模块以及策略模块,TCP/UDP 请求记录中也不会有相应的条目,但仍可在日志中查询到相关信息(日志等级 debug)。
# 该参数控制的是流入 Quantumult X Tunnel 的请求,并非 Quantumult X Tunnel 发出的请求,即不会作用于节点所使用的 UDP 目标端口。
#
#
# The fallback_udp_policy needs Quantumult X v1.0.19 and later.
# The fallback_udp_policy will be used when the server type (like VMess) does not support UDP relay or the udp-relay=true has not been set for server types like SS and SSR. The default value is reject.
#
# 参数 fallback_udp_policy 仅支持 v1.0.19 以及之后的版本。
# 参数 fallback_udp_policy 的值仅支持末端策略(末端策略为经由规则模块和策略模块后所命中的策略,例如:direct、reject 以及节点;不支持内置策略 proxy 以及其它自定义策略)。
# 当 UDP 请求经过规则模块以及策略模块后所命中的节点为 Quantumult X 所不支持 UDP 转发的节点(例如:VMess),或命中的节点虽支持 UDP 转发但节点配置未显示注明 udp-relay=true 的节点(例如:SS 或 SSR 且与服务器是否真实开启了 UDP 转发无关),则 fallback_udp_policy 会被使用。该参数默认值为 reject。
# 注意:如果您需要调整该参数的值为 direct,请务必清楚了解同一目标主机名 TCP 请求与 UDP 请求的源地址不同所造成的隐私及安全风险。
#
#
# The traffic to excluded_routes will not be handled by Quantumult. It is better to reboot your device after modification.
#
#
# The resource_parser_url sample can be found at https://raw.githubusercontent.com/crossutility/Quantumult-X/master/resource-parser.js
#
[general]
;profile_img_url=http://www.example.com/example.png
;resource_parser_url=http://www.example.com/parser.js
;server_check_url=http://www.google.com/generate_204
;geo_location_checker=http://www.example.com/json/, https://www.example.com/script.js
;running_mode_trigger=filter, filter, LINK_22E171:all_proxy, LINK_22E172:all_direct
dns_exclusion_list=*.cmpassport.com, *.jegotrip.com.cn, *.icitymobile.mobi, id6.me
;ssid_suspended_list=LINK_22E174, LINK_22E175
;udp_whitelist=53, 123, 1900, 80-443
;fallback_udp_policy=reject
;excluded_routes= 192.168.0.0/16, 172.16.0.0/12, 100.64.0.0/10, 10.0.0.0/8
;icmp_auto_reply=true
#
# The DNS servers fetched from current network(system) will always be used for better performance(you can disable this feature by using "no-system", but you should at least add one customized DNS server like "server=223.5.5.5").
# The result of query will only be used for evaluating filter or connecting through direct policy, when connecting through server the result will not be used and Quantumult will never know the destination IP of related domain.
# Specially directly set 127.0.0.1 for a domain is not allowed in here. if you want some domain(eg: example.com) to be 127.0.0.1, just add "host, example.com, reject" to the "filter_local" section. The reject action will return DNS response with 127.0.0.1 to the query.
#
[dns]
;no-system
server=223.5.5.5
server=114.114.114.114
server=119.29.29.29
server=8.8.8.8
;server=8.8.4.4:53
;server=/example0.com/system
;server=/example1.com/8.8.4.4
;server=/*.example2.com/223.5.5.5
;server=/example4.com/[2001:4860:4860::8888]:53
;address=/example5.com/192.168.16.18
;address=/example6.com/[2001:8d3:8d3:8d3:8d3:8d3:8d3:8d3]
#
# static policy points to the server in candidates you manually selected.
# available policy points to the first available server in candidates based on server_check_url(concurrent url latency test will be immediately launched when the policy has been triggered and the policy result is unavailable. If no network request is taking the policy at that time, that means the policy is in the idle state and the test won't be launched even if the server is down. At that time you can update the server status by manually launching the test, but it doesn't make any sense).
# round-robin policy points to the next server in candidates for next connection.
# ssid policy points to the server depending on the network environment.
#
[policy]
;static=policy-name-1, Sample-A, Sample-B, Sample-C, img-url=http://example.com/icon.png
;available=policy-name-2, Sample-A, Sample-B, Sample-C
;round-robin=policy-name-3, Sample-A, Sample-B, Sample-C
;ssid=policy-name-4, Sample-A, Sample-B, LINK_22E171:Sample-B, LINK_22E172:Sample-C
#
# Params "tag" and "enabled" are optional.
# The default sync interval for all kinds of remote resources is 86400 seconds.
# You can set update-interval=172800 to customize your auto sync interval(seconds), negative number means disable auto sync.
#
[server_remote]
;https://raw.githubusercontent.com/crossutility/Quantumult-X/master/server.txt, tag=Sample-01
;https://raw.githubusercontent.com/crossutility/Quantumult-X/master/server.txt, opt-parser=true, tag=Sample-01
;https://raw.githubusercontent.com/crossutility/Quantumult-X/master/server.txt, update-interval=-1, tag=Sample-01
;https://raw.githubusercontent.com/crossutility/Quantumult-X/master/server-complete.txt, tag=Sample-02, as-policy=static, img-url=http://example.com/icon.png, enabled=false
#
# Params "tag", "force-policy" and "enabled" are optional.
# When there is a force-policy, then the policy in filter of remote resource will be ignored and the force-policy will be used.
#
[filter_remote]
;https://raw.githubusercontent.com/crossutility/Quantumult-X/master/filter.txt, tag=Sample, force-policy=your-policy-name, enabled=true
#
# Params "tag" and "enabled" are optional.
#
[rewrite_remote]
;https://raw.githubusercontent.com/crossutility/Quantumult-X/master/sample-import-rewrite.txt, tag=Sample, enabled=true
#
# Only obfs=http, obfs=ws, obfs=wss can have optional "obfs-uri" field.
# The obfs-host param in wss will be used for TLS handshake and for HTTP header host field, if obfs-host is not set for wss the server address will be used.
# The UDP relay for VMess and Trojan is not currently supported.
# When using obfs=ws and obfs=wss the server side can be deployed by v2ray-plugin with mux = 0 or by v2ray-core.
# The obfs plugin tls1.2_ticket_auth has one more RTT than tls1.2_ticket_fastauth and obfs tls, you'd better use tls1.2_ticket_fastauth instead.
# The method chacha20-ietf-poly1305 and chacha20-poly1305 have the same effect in VMess configuration.
#
[server_local]
# Optional field tls13 is only for shadowsocks obfs=wss
;shadowsocks=example.com:80, method=chacha20, password=pwd, obfs=http, obfs-host=bing.com, obfs-uri=/resource/file, fast-open=false, udp-relay=false, server_check_url=http://www.apple.com/generate_204, tag=ss-01
;shadowsocks=example.com:80, method=chacha20, password=pwd, obfs=http, obfs-host=bing.com, obfs-uri=/resource/file, fast-open=false, udp-relay=false, tag=ss-02
;shadowsocks=example.com:443, method=chacha20, password=pwd, obfs=tls, obfs-host=bing.com, fast-open=false, udp-relay=false, tag=ss-03
;shadowsocks=example.com:443, method=chacha20, password=pwd, ssr-protocol=auth_chain_b, ssr-protocol-param=def, obfs=tls1.2_ticket_fastauth, obfs-host=bing.com, tag=ssr
;shadowsocks=example.com:80, method=aes-128-gcm, password=pwd, obfs=ws, fast-open=false, udp-relay=false, tag=ss-ws-01
;shadowsocks=example.com:80, method=aes-128-gcm, password=pwd, obfs=ws, obfs-uri=/ws, fast-open=false, udp-relay=false, tag=ss-ws-02
;shadowsocks=example.com:443, method=aes-128-gcm, password=pwd, obfs=wss, obfs-uri=/ws, fast-open=false, udp-relay=false, tag=ss-ws-tls-01
;shadowsocks=example.com:443, method=aes-128-gcm, password=pwd, obfs=wss, obfs-uri=/ws, tls13=true, fast-open=false, udp-relay=false, tag=ss-ws-tls-02
#
# Optional field tls13 is only for vmess obfs=over-tls and obfs=wss
;vmess=example.com:80, method=none, password=23ad6b10-8d1a-40f7-8ad0-e3e35cd32291, fast-open=false, udp-relay=false, tag=vmess-01
;vmess=example.com:80, method=aes-128-gcm, password=23ad6b10-8d1a-40f7-8ad0-e3e35cd32291, fast-open=false, udp-relay=false, tag=vmess-02
;vmess=example.com:443, method=none, password=23ad6b10-8d1a-40f7-8ad0-e3e35cd32291, obfs=over-tls, fast-open=false, udp-relay=false, tag=vmess-tls-01
;vmess=192.168.1.1:443, method=none, password=23ad6b10-8d1a-40f7-8ad0-e3e35cd32291, obfs=over-tls, obfs-host=example.com, fast-open=false, udp-relay=false, tag=vmess-tls-02
;vmess=192.168.1.1:443, method=none, password=23ad6b10-8d1a-40f7-8ad0-e3e35cd32291, obfs=over-tls, obfs-host=example.com, tls13=true, fast-open=false, udp-relay=false, tag=vmess-tls-03
;vmess=example.com:80, method=chacha20-poly1305, password=23ad6b10-8d1a-40f7-8ad0-e3e35cd32291, obfs=ws, obfs-uri=/ws, fast-open=false, udp-relay=false, tag=vmess-ws-01
;vmess=192.168.1.1:80, method=chacha20-poly1305, password=23ad6b10-8d1a-40f7-8ad0-e3e35cd32291, obfs=ws, obfs-host=example.com, obfs-uri=/ws, fast-open=false, udp-relay=false, tag=vmess-ws-02
;vmess=example.com:443, method=chacha20-poly1305, password=23ad6b10-8d1a-40f7-8ad0-e3e35cd32291, obfs=wss, obfs-uri=/ws, fast-open=false, udp-relay=false, tag=vmess-ws-tls-01
;vmess=192.168.1.1:443, method=chacha20-poly1305, password=23ad6b10-8d1a-40f7-8ad0-e3e35cd32291, obfs=wss, obfs-host=example.com, obfs-uri=/ws, fast-open=false, udp-relay=false, tag=vmess-ws-tls-02
;vmess=192.168.1.1:443, method=chacha20-poly1305, password=23ad6b10-8d1a-40f7-8ad0-e3e35cd32291, obfs=wss, obfs-host=example.com, obfs-uri=/ws, tls13=true, fast-open=false, udp-relay=false, tag=vmess-ws-tls-03
#
# Optional field tls13 is only for http over-tls=true
;http=example.com:80,fast-open=false, udp-relay=false, tag=http-01
;http=example.com:80, username=name, password=pwd, fast-open=false, udp-relay=false, tag=http-02
;http=example.com:443, username=name, password=pwd, over-tls=true, tls-host=example.com, tls-verification=true, fast-open=false, udp-relay=false, tag=http-tls-01
;http=example.com:443, username=name, password=pwd, over-tls=true, tls-host=example.com, tls-verification=true, tls13=true, fast-open=false, udp-relay=false, tag=http-tls-02
#
# Optional field tls13 is only for trojan over-tls=true
;trojan=example.com:443, password=pwd, over-tls=true, tls-verification=true, fast-open=false, udp-relay=false, tag=trojan-tls-01
;trojan=example.com:443, password=pwd, over-tls=true, tls-verification=true, tls13=true, fast-open=false, udp-relay=false, tag=trojan-tls-02
;trojan=192.168.1.1:443, password=pwd, over-tls=true, tls-host=example.com, tls-verification=true, fast-open=false, udp-relay=false, tag=trojan-tls-03
;trojan=192.168.1.1:443, password=pwd, over-tls=true, tls-host=example.com, tls-verification=true, tls13=true, fast-open=false, udp-relay=false, tag=trojan-tls-04
[filter_local]
;user-agent, ?abc*, proxy
;host, www.google.com, proxy
;host-keyword, adsite, reject
;host-suffix, googleapis.com, proxy
;ip6-cidr, 2001:4860:4860::8888/32, direct
ip-cidr, 10.0.0.0/8, direct
ip-cidr, 127.0.0.0/8, direct
ip-cidr, 172.16.0.0/12, direct
ip-cidr, 192.168.0.0/16, direct
ip-cidr, 224.0.0.0/24, direct
geoip, cn, direct
final, proxy
#
# The "reject" returns HTTP status code 404 with no content.
# The "reject-200" returns HTTP status code 200 with no content.
# The "reject-img" returns HTTP status code 200 with content of 1px gif.
# The "reject-dict" returns HTTP status code 200 with content of empty json object.
# The "reject-array" returns HTTP status code 200 with content of empty json array.
# The "request-header" works for all the http headers not just one single header, so you can match two or more headers including CRLF in one regular expression.
# The length and encoding related HTTP header fields will be automatically processed by Quantumult if the "rewrite" is body related, so you should not handle them by yourself. The max supported response size is 1024kB(decompressed) for response-body and script-response-body.
# The body related rewrite will not be executed if the body is empty.
# When using javascript in rewrite, you can use those objects: $request, $response, $notify(title, subtitle, message), console.log(message) and Quantumult's built-in objects all have prefix "$".
# Supports: $request.scheme, $request.method, $request.url, $request.path, $request.headers, $response.statusCode, $response.headers, $response.body
# The $notify(title, subtitle, message) will post iOS notifications if Quantumult notification has been enabled.
# The $prefs is for persistent store: $prefs.valueForKey(key), $prefs.setValueForKey(value, key), $prefs.removeValueForKey(key), $prefs.removeAllValues().
# The console.log(message) will output logs to Quantumult log file if the log level is "debug".
# The setTimeout(function() { }, interval) will run function after interval(ms).
# The scripts for script-request-header, script-request-body, script-response-header, script-response-body and script-echo-response should be saved in local "On My iPhone - Quantumult X - Scripts" or "iCloud Drive - Quantumult X - Scripts". Samples can be found at https://github.com/crossutility/Quantumult-X
#
[rewrite_local]
;^http://example\.com/resource1/1/ url reject
;^http://example\.com/resource1/2/ url reject-img
;^http://example\.com/resource1/3/ url reject-200
;^http://example\.com/resource1/4/ url reject-dict
;^http://example\.com/resource1/5/ url reject-array
;^http://example\.com/resource2/ url 302 http://example.com/new-resource2/
;^http://example\.com/resource3/ url 307 http://example.com/new-resource3/
;^http://example\.com/resource4/ url request-header ^GET /resource4/ HTTP/1\.1(\r\n) request-header GET /api/ HTTP/1.1$1
;^http://example\.com/resource4/ url request-header (\r\n)User-Agent:.+(\r\n) request-header $1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36$2
;^http://example\.com/resource5/ url request-body "info":\[.+\],"others" request-body "info":[],"others"
;^http://example\.com/resource5/ url response-body "info":\[.+\],"others" response-body "info":[],"others"
;^http://example\.com/resource6/ url script-response-body response-body.js
;^http://example\.com/resource7/ url script-echo-response script-echo.js
;^http://example\.com/resource8/ url script-response-header response-header.js
;^http://example\.com/resource9/ url script-request-header request-header.js
;^http://example\.com/resource10/ url script-request-body request-body.js
#
# The $task.fetch() compose a HTTP request and deal with the response, only text body is supported. A $task.fetch() can be embeded in the completion handler of another $task.fetch(), if you want serial requests not current requests.
# The scripts should be saved in local "On My iPhone - Quantumult X - Scripts" or "iCloud Drive - Quantumult X - Scripts". Samples can be found at https://github.com/crossutility/Quantumult-X/blob/master/sample-task.js
# The default HTTP request timeout is 10 seconds.
#
# Supports 5 fields of cron excluding the command field.
#
[task_local]
;* * * * * sample-task.js
#
# Only the TLS SNI or destination address in "hostname" will be handled by MitM.
#
# You should always keep your CA passphrase and p12 private.
#
[mitm]
;passphrase =
;p12 =
;skip_validating_cert = false
;force_sni_domain_name = false
;hostname = *.example.com, *.sample.com