Forwarded from Surge's Changelog
#Mac #Beta
Version 5.4.0-2449
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
* Added automatic recognition of HTTP/HTTPS protocols
1. Requests sent to ports 80/443 will wait for the client to send the first data packet and then determine whether it is a valid HTTP/HTTPS request to decide how to handle it. If it is not a valid HTTP request, or if the first packet is not received within 300ms, it will fall back to TCP forwarding mode. Therefore, for requests using port 80, there is no longer a need to configure the
2. Automatically recognizes the TLS Client Hello message and extracts SNI, adding rules for SNI and MITM hostname matching.
3. Protocol auto-recognition is only enabled for ports 80/443 because some protocols are initiated by the server sending data first, such as SSH, IMAP, FTP. Waiting for client data before proceeding will cause unnecessary delays for these requests. HTTP requests on other ports that need to be handled by the HTTP engine still need to be configured with
4. MITM still requires hostname configuration to be activated, but the
5. Added the parameter
* The
* Tips: If you want it to be effective only for SNI, you can use the AND logic rule combined with the
* Since forwarding QUIC traffic through TCP-based proxies can lead to performance issues and traffic waste, all proxy policies have added a
* For the TUIC/WireGuard/Vector(Ponte) protocols, QUIC traffic will be allowed under
* For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* Improved compatibility of the HTTP engine and fixed compatibility issues with some non-standard self-implemented HTTP clients.
* Other improvements.
Version 5.4.0-2449
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
Proxy = hysteria2, 1.2.3.4, 443, password=pwd, download-bandwidth=100.* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
ecn=true parameter for a TUIC policy.* Added automatic recognition of HTTP/HTTPS protocols
1. Requests sent to ports 80/443 will wait for the client to send the first data packet and then determine whether it is a valid HTTP/HTTPS request to decide how to handle it. If it is not a valid HTTP request, or if the first packet is not received within 300ms, it will fall back to TCP forwarding mode. Therefore, for requests using port 80, there is no longer a need to configure the
force-http-engine-hosts parameter.2. Automatically recognizes the TLS Client Hello message and extracts SNI, adding rules for SNI and MITM hostname matching.
3. Protocol auto-recognition is only enabled for ports 80/443 because some protocols are initiated by the server sending data first, such as SSH, IMAP, FTP. Waiting for client data before proceeding will cause unnecessary delays for these requests. HTTP requests on other ports that need to be handled by the HTTP engine still need to be configured with
force-http-engine-hosts.4. MITM still requires hostname configuration to be activated, but the
tcp-connection parameter is no longer needed and will be effective for TCP requests by default.5. Added the parameter
always-raw-tcp-hosts, which forcibly shuts down active protocol detection for specific hostnames. It is written in the same way as the force-http-engine-hosts parameter.* The
DOMAIN, DOMAIN-SUFFIX, DOMAIN-KEYWORD rules have added an optional parameter extended-matching. When this parameter is set, the rule will also try to match both the SNI and the HTTP Host Header (or :authority).* Tips: If you want it to be effective only for SNI, you can use the AND logic rule combined with the
PROTOCOL,HTTPS rule.* Since forwarding QUIC traffic through TCP-based proxies can lead to performance issues and traffic waste, all proxy policies have added a
block-quic parameter, which can be set to auto (default), on, or off. When enabled, if QUIC traffic is encountered while using this policy, it will automatically use REJECT-NO-DROP to revert to HTTPS/TCP connections.* For the TUIC/WireGuard/Vector(Ponte) protocols, QUIC traffic will be allowed under
auto, while it will not be allowed for other proxy protocols under auto.* For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* Improved compatibility of the HTTP engine and fixed compatibility issues with some non-standard self-implemented HTTP clients.
* Other improvements.
Forwarded from Surge's Changelog
#Mac #Beta
Version 5.4.0-2450
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
* Added automatic recognition of HTTP/HTTPS protocols
1. Requests sent to ports 80/443 will wait for the client to send the first data packet and then determine whether it is a valid HTTP/HTTPS request to decide how to handle it. If it is not a valid HTTP request, or if the first packet is not received within 300ms, it will fall back to TCP forwarding mode. Therefore, for requests using port 80, there is no longer a need to configure the
2. Automatically recognizes the TLS Client Hello message and extracts SNI, adding rules for SNI and MITM hostname matching.
3. Protocol auto-recognition is only enabled for ports 80/443 because some protocols are initiated by the server sending data first, such as SSH, IMAP, FTP. Waiting for client data before proceeding will cause unnecessary delays for these requests. HTTP requests on other ports that need to be handled by the HTTP engine still need to be configured with
4. MITM still requires hostname configuration to be activated, but the
5. Added the parameter
* The
* Tips: If you want it to be effective only for SNI, you can use the AND logic rule combined with the
* Since forwarding QUIC traffic through TCP-based proxies can lead to performance issues and traffic waste, all proxy policies have added a
* For the TUIC/WireGuard/Vector(Ponte) protocols, QUIC traffic will be allowed under
* For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* Improved compatibility of the HTTP engine and fixed compatibility issues with some non-standard self-implemented HTTP clients.
* Other improvements.
Version 5.4.0-2450
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
Proxy = hysteria2, 1.2.3.4, 443, password=pwd, download-bandwidth=100.* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
ecn=true parameter for a TUIC policy.* Added automatic recognition of HTTP/HTTPS protocols
1. Requests sent to ports 80/443 will wait for the client to send the first data packet and then determine whether it is a valid HTTP/HTTPS request to decide how to handle it. If it is not a valid HTTP request, or if the first packet is not received within 300ms, it will fall back to TCP forwarding mode. Therefore, for requests using port 80, there is no longer a need to configure the
force-http-engine-hosts parameter.2. Automatically recognizes the TLS Client Hello message and extracts SNI, adding rules for SNI and MITM hostname matching.
3. Protocol auto-recognition is only enabled for ports 80/443 because some protocols are initiated by the server sending data first, such as SSH, IMAP, FTP. Waiting for client data before proceeding will cause unnecessary delays for these requests. HTTP requests on other ports that need to be handled by the HTTP engine still need to be configured with
force-http-engine-hosts.4. MITM still requires hostname configuration to be activated, but the
tcp-connection parameter is no longer needed and will be effective for TCP requests by default.5. Added the parameter
always-raw-tcp-hosts, which forcibly shuts down active protocol detection for specific hostnames. It is written in the same way as the force-http-engine-hosts parameter.* The
DOMAIN, DOMAIN-SUFFIX, DOMAIN-KEYWORD rules have added an optional parameter extended-matching. When this parameter is set, the rule will also try to match both the SNI and the HTTP Host Header (or :authority).* Tips: If you want it to be effective only for SNI, you can use the AND logic rule combined with the
PROTOCOL,HTTPS rule.* Since forwarding QUIC traffic through TCP-based proxies can lead to performance issues and traffic waste, all proxy policies have added a
block-quic parameter, which can be set to auto (default), on, or off. When enabled, if QUIC traffic is encountered while using this policy, it will automatically use REJECT-NO-DROP to revert to HTTPS/TCP connections.* For the TUIC/WireGuard/Vector(Ponte) protocols, QUIC traffic will be allowed under
auto, while it will not be allowed for other proxy protocols under auto.* For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* Improved compatibility of the HTTP engine and fixed compatibility issues with some non-standard self-implemented HTTP clients.
* Other improvements.
Forwarded from Surge's Changelog
#Mac #Beta
Version 5.4.0-2452
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
* Added automatic recognition of HTTP/HTTPS protocols
1. Requests sent to ports 80/443 will wait for the client to send the first data packet and then determine whether it is a valid HTTP/HTTPS request to decide how to handle it. If it is not a valid HTTP request, or if the first packet is not received within 300ms, it will fall back to TCP forwarding mode. Therefore, for requests using port 80, there is no longer a need to configure the
2. Automatically recognizes the TLS Client Hello message and extracts SNI, adding rules for SNI and MITM hostname matching.
3. Protocol auto-recognition is only enabled for ports 80/443 because some protocols are initiated by the server sending data first, such as SSH, IMAP, FTP. Waiting for client data before proceeding will cause unnecessary delays for these requests. HTTP requests on other ports that need to be handled by the HTTP engine still need to be configured with
4. MITM still requires hostname configuration to be activated, but the
5. Added the parameter
* The
* Tips: If you want it to be effective only for SNI, you can use the AND logic rule combined with the
* Since forwarding QUIC traffic through TCP-based proxies can lead to performance issues and traffic waste, all proxy policies have added a
* For the TUIC/WireGuard/Vector(Ponte) protocols, QUIC traffic will be allowed under
* For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* Improved compatibility of the HTTP engine and fixed compatibility issues with some non-standard self-implemented HTTP clients.
* Other improvements.
Version 5.4.0-2452
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
Proxy = hysteria2, 1.2.3.4, 443, password=pwd, download-bandwidth=100.* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
ecn=true parameter for a TUIC policy.* Added automatic recognition of HTTP/HTTPS protocols
1. Requests sent to ports 80/443 will wait for the client to send the first data packet and then determine whether it is a valid HTTP/HTTPS request to decide how to handle it. If it is not a valid HTTP request, or if the first packet is not received within 300ms, it will fall back to TCP forwarding mode. Therefore, for requests using port 80, there is no longer a need to configure the
force-http-engine-hosts parameter.2. Automatically recognizes the TLS Client Hello message and extracts SNI, adding rules for SNI and MITM hostname matching.
3. Protocol auto-recognition is only enabled for ports 80/443 because some protocols are initiated by the server sending data first, such as SSH, IMAP, FTP. Waiting for client data before proceeding will cause unnecessary delays for these requests. HTTP requests on other ports that need to be handled by the HTTP engine still need to be configured with
force-http-engine-hosts.4. MITM still requires hostname configuration to be activated, but the
tcp-connection parameter is no longer needed and will be effective for TCP requests by default.5. Added the parameter
always-raw-tcp-hosts, which forcibly shuts down active protocol detection for specific hostnames. It is written in the same way as the force-http-engine-hosts parameter.* The
DOMAIN, DOMAIN-SUFFIX, DOMAIN-KEYWORD rules have added an optional parameter extended-matching. When this parameter is set, the rule will also try to match both the SNI and the HTTP Host Header (or :authority).* Tips: If you want it to be effective only for SNI, you can use the AND logic rule combined with the
PROTOCOL,HTTPS rule.* Since forwarding QUIC traffic through TCP-based proxies can lead to performance issues and traffic waste, all proxy policies have added a
block-quic parameter, which can be set to auto (default), on, or off. When enabled, if QUIC traffic is encountered while using this policy, it will automatically use REJECT-NO-DROP to revert to HTTPS/TCP connections.* For the TUIC/WireGuard/Vector(Ponte) protocols, QUIC traffic will be allowed under
auto, while it will not be allowed for other proxy protocols under auto.* For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* Improved compatibility of the HTTP engine and fixed compatibility issues with some non-standard self-implemented HTTP clients.
* Other improvements.
Forwarded from Surge's Changelog
#Mac #Beta
Version 5.4.0-2453
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
* Added automatic recognition of HTTP/HTTPS protocols
1. Requests sent to ports 80/443 will wait for the client to send the first data packet and then determine whether it is a valid HTTP/HTTPS request to decide how to handle it. If it is not a valid HTTP request, or if the first packet is not received within 300ms, it will fall back to TCP forwarding mode. Therefore, for requests using port 80, there is no longer a need to configure the
2. Automatically recognizes the TLS Client Hello message and extracts SNI, adding rules for SNI and MITM hostname matching.
3. Protocol auto-recognition is only enabled for ports 80/443 because some protocols are initiated by the server sending data first, such as SSH, IMAP, FTP. Waiting for client data before proceeding will cause unnecessary delays for these requests. HTTP requests on other ports that need to be handled by the HTTP engine still need to be configured with
4. MITM still requires hostname configuration to be activated, but the
5. Added the parameter
* The
* Tips: If you want it to be effective only for SNI, you can use the AND logic rule combined with the
* Since forwarding QUIC traffic through TCP-based proxies can lead to performance issues and traffic waste, all proxy policies have added a
* For the TUIC/WireGuard/Vector(Ponte) protocols, QUIC traffic will be allowed under
* For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* Improved compatibility of the HTTP engine and fixed compatibility issues with some non-standard self-implemented HTTP clients.
* Other improvements.
Version 5.4.0-2453
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
Proxy = hysteria2, 1.2.3.4, 443, password=pwd, download-bandwidth=100.* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
ecn=true parameter for a TUIC policy.* Added automatic recognition of HTTP/HTTPS protocols
1. Requests sent to ports 80/443 will wait for the client to send the first data packet and then determine whether it is a valid HTTP/HTTPS request to decide how to handle it. If it is not a valid HTTP request, or if the first packet is not received within 300ms, it will fall back to TCP forwarding mode. Therefore, for requests using port 80, there is no longer a need to configure the
force-http-engine-hosts parameter.2. Automatically recognizes the TLS Client Hello message and extracts SNI, adding rules for SNI and MITM hostname matching.
3. Protocol auto-recognition is only enabled for ports 80/443 because some protocols are initiated by the server sending data first, such as SSH, IMAP, FTP. Waiting for client data before proceeding will cause unnecessary delays for these requests. HTTP requests on other ports that need to be handled by the HTTP engine still need to be configured with
force-http-engine-hosts.4. MITM still requires hostname configuration to be activated, but the
tcp-connection parameter is no longer needed and will be effective for TCP requests by default.5. Added the parameter
always-raw-tcp-hosts, which forcibly shuts down active protocol detection for specific hostnames. It is written in the same way as the force-http-engine-hosts parameter.* The
DOMAIN, DOMAIN-SUFFIX, DOMAIN-KEYWORD rules have added an optional parameter extended-matching. When this parameter is set, the rule will also try to match both the SNI and the HTTP Host Header (or :authority).* Tips: If you want it to be effective only for SNI, you can use the AND logic rule combined with the
PROTOCOL,HTTPS rule.* Since forwarding QUIC traffic through TCP-based proxies can lead to performance issues and traffic waste, all proxy policies have added a
block-quic parameter, which can be set to auto (default), on, or off. When enabled, if QUIC traffic is encountered while using this policy, it will automatically use REJECT-NO-DROP to revert to HTTPS/TCP connections.* For the TUIC/WireGuard/Vector(Ponte) protocols, QUIC traffic will be allowed under
auto, while it will not be allowed for other proxy protocols under auto.* For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* Improved compatibility of the HTTP engine and fixed compatibility issues with some non-standard self-implemented HTTP clients.
* Other improvements.
Forwarded from Surge's Changelog
#iOS #TestFlight
Surge 5 5.21.0 (2926) is ready to test on iOS.
What to Test:
- 修改了协议嗅探器的逻辑,不再预先假设协议类型进行探测,这表示 force-http-engine-hosts 参数的实际语意已变为“是否开启特定端口或主机的协议嗅探”,但出于兼容性考虑,不再修改该参数名称。
默认情况相当于下配置了 force-http-engine-hosts = *:80, *:443
现在可使用该参数开启对非标准端口的 TLS SNI 嗅探。
注:always-raw-tcp-hosts 参数的优先级高于该参数与 MITM 配置。
- 修正部分连接未能正确开启 MITM 的问题(非标端口号和 SNI 不匹配时)
- 尝试修正部分用户遇到的 Message too long 错误,如果仍然出现请反馈
- 一些细节问题和崩溃修正
Surge 5 5.21.0 (2926) is ready to test on iOS.
What to Test:
- 修改了协议嗅探器的逻辑,不再预先假设协议类型进行探测,这表示 force-http-engine-hosts 参数的实际语意已变为“是否开启特定端口或主机的协议嗅探”,但出于兼容性考虑,不再修改该参数名称。
默认情况相当于下配置了 force-http-engine-hosts = *:80, *:443
现在可使用该参数开启对非标准端口的 TLS SNI 嗅探。
注:always-raw-tcp-hosts 参数的优先级高于该参数与 MITM 配置。
- 修正部分连接未能正确开启 MITM 的问题(非标端口号和 SNI 不匹配时)
- 尝试修正部分用户遇到的 Message too long 错误,如果仍然出现请反馈
- 一些细节问题和崩溃修正
Forwarded from Surge's Changelog
#Mac #Beta
Version 5.4.0-2454
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
* Added automatic recognition of HTTP/HTTPS protocols
1. Requests sent to ports 80/443 will wait for the client to send the first data packet and then determine whether it is a valid HTTP/HTTPS request to decide how to handle it. If it is not a valid HTTP request, or if the first packet is not received within 300ms, it will fall back to TCP forwarding mode. Therefore, for requests using port 80, there is no longer a need to configure the
2. Automatically recognizes the TLS Client Hello message and extracts SNI, adding rules for SNI and MITM hostname matching.
3. Protocol auto-recognition is only enabled for ports 80/443 because some protocols are initiated by the server sending data first, such as SSH, IMAP, FTP. Waiting for client data before proceeding will cause unnecessary delays for these requests. HTTP requests on other ports that need to be handled by the HTTP engine still need to be configured with
4. MITM still requires hostname configuration to be activated, but the
5. Added the parameter
* The
* Tips: If you want it to be effective only for SNI, you can use the AND logic rule combined with the
* Since forwarding QUIC traffic through TCP-based proxies can lead to performance issues and traffic waste, all proxy policies have added a
* For the TUIC/WireGuard/Vector(Ponte) protocols, QUIC traffic will be allowed under
* For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* Improved compatibility of the HTTP engine and fixed compatibility issues with some non-standard self-implemented HTTP clients.
* Other improvements.
Version 5.4.0-2454
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
Proxy = hysteria2, 1.2.3.4, 443, password=pwd, download-bandwidth=100.* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
ecn=true parameter for a TUIC policy.* Added automatic recognition of HTTP/HTTPS protocols
1. Requests sent to ports 80/443 will wait for the client to send the first data packet and then determine whether it is a valid HTTP/HTTPS request to decide how to handle it. If it is not a valid HTTP request, or if the first packet is not received within 300ms, it will fall back to TCP forwarding mode. Therefore, for requests using port 80, there is no longer a need to configure the
force-http-engine-hosts parameter.2. Automatically recognizes the TLS Client Hello message and extracts SNI, adding rules for SNI and MITM hostname matching.
3. Protocol auto-recognition is only enabled for ports 80/443 because some protocols are initiated by the server sending data first, such as SSH, IMAP, FTP. Waiting for client data before proceeding will cause unnecessary delays for these requests. HTTP requests on other ports that need to be handled by the HTTP engine still need to be configured with
force-http-engine-hosts.4. MITM still requires hostname configuration to be activated, but the
tcp-connection parameter is no longer needed and will be effective for TCP requests by default.5. Added the parameter
always-raw-tcp-hosts, which forcibly shuts down active protocol detection for specific hostnames. It is written in the same way as the force-http-engine-hosts parameter.* The
DOMAIN, DOMAIN-SUFFIX, DOMAIN-KEYWORD rules have added an optional parameter extended-matching. When this parameter is set, the rule will also try to match both the SNI and the HTTP Host Header (or :authority).* Tips: If you want it to be effective only for SNI, you can use the AND logic rule combined with the
PROTOCOL,HTTPS rule.* Since forwarding QUIC traffic through TCP-based proxies can lead to performance issues and traffic waste, all proxy policies have added a
block-quic parameter, which can be set to auto (default), on, or off. When enabled, if QUIC traffic is encountered while using this policy, it will automatically use REJECT-NO-DROP to revert to HTTPS/TCP connections.* For the TUIC/WireGuard/Vector(Ponte) protocols, QUIC traffic will be allowed under
auto, while it will not be allowed for other proxy protocols under auto.* For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* Improved compatibility of the HTTP engine and fixed compatibility issues with some non-standard self-implemented HTTP clients.
* Other improvements.
Forwarded from Surge's Changelog
#iOS #TestFlight
Surge 5 5.21.0 (2928) is ready to test on iOS.
What to Test:
- 修正 ASN 相关功能无效的问题
- 彻底修正 Message too long 错误
- 优化了 QUIC 类协议在 IPv6 下的表现
Surge 5 5.21.0 (2928) is ready to test on iOS.
What to Test:
- 修正 ASN 相关功能无效的问题
- 彻底修正 Message too long 错误
- 优化了 QUIC 类协议在 IPv6 下的表现
Forwarded from Surge's Changelog
#Mac #Beta
Version 5.4.0-2455
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
* Added automatic recognition of HTTP/HTTPS protocols
1. Requests sent to ports 80/443 will wait for the client to send the first data packet and then determine whether it is a valid HTTP/HTTPS request to decide how to handle it. If it is not a valid HTTP request, or if the first packet is not received within 300ms, it will fall back to TCP forwarding mode. Therefore, for requests using port 80, there is no longer a need to configure the
2. Automatically recognizes the TLS Client Hello message and extracts SNI, adding rules for SNI and MITM hostname matching.
3. Protocol auto-recognition is only enabled for ports 80/443 because some protocols are initiated by the server sending data first, such as SSH, IMAP, FTP. Waiting for client data before proceeding will cause unnecessary delays for these requests. HTTP requests on other ports that need to be handled by the HTTP engine still need to be configured with
4. MITM still requires hostname configuration to be activated, but the
5. Added the parameter
* The
* Tips: If you want it to be effective only for SNI, you can use the AND logic rule combined with the
* Since forwarding QUIC traffic through TCP-based proxies can lead to performance issues and traffic waste, all proxy policies have added a
* For the TUIC/WireGuard/Vector(Ponte) protocols, QUIC traffic will be allowed under
* For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* Improved compatibility of the HTTP engine and fixed compatibility issues with some non-standard self-implemented HTTP clients.
* Other improvements.
Version 5.4.0-2455
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
Proxy = hysteria2, 1.2.3.4, 443, password=pwd, download-bandwidth=100.* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
ecn=true parameter for a TUIC policy.* Added automatic recognition of HTTP/HTTPS protocols
1. Requests sent to ports 80/443 will wait for the client to send the first data packet and then determine whether it is a valid HTTP/HTTPS request to decide how to handle it. If it is not a valid HTTP request, or if the first packet is not received within 300ms, it will fall back to TCP forwarding mode. Therefore, for requests using port 80, there is no longer a need to configure the
force-http-engine-hosts parameter.2. Automatically recognizes the TLS Client Hello message and extracts SNI, adding rules for SNI and MITM hostname matching.
3. Protocol auto-recognition is only enabled for ports 80/443 because some protocols are initiated by the server sending data first, such as SSH, IMAP, FTP. Waiting for client data before proceeding will cause unnecessary delays for these requests. HTTP requests on other ports that need to be handled by the HTTP engine still need to be configured with
force-http-engine-hosts.4. MITM still requires hostname configuration to be activated, but the
tcp-connection parameter is no longer needed and will be effective for TCP requests by default.5. Added the parameter
always-raw-tcp-hosts, which forcibly shuts down active protocol detection for specific hostnames. It is written in the same way as the force-http-engine-hosts parameter.* The
DOMAIN, DOMAIN-SUFFIX, DOMAIN-KEYWORD rules have added an optional parameter extended-matching. When this parameter is set, the rule will also try to match both the SNI and the HTTP Host Header (or :authority).* Tips: If you want it to be effective only for SNI, you can use the AND logic rule combined with the
PROTOCOL,HTTPS rule.* Since forwarding QUIC traffic through TCP-based proxies can lead to performance issues and traffic waste, all proxy policies have added a
block-quic parameter, which can be set to auto (default), on, or off. When enabled, if QUIC traffic is encountered while using this policy, it will automatically use REJECT-NO-DROP to revert to HTTPS/TCP connections.* For the TUIC/WireGuard/Vector(Ponte) protocols, QUIC traffic will be allowed under
auto, while it will not be allowed for other proxy protocols under auto.* For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* Improved compatibility of the HTTP engine and fixed compatibility issues with some non-standard self-implemented HTTP clients.
* Other improvements.
Forwarded from Surge's Changelog
#Mac #Beta
Version 5.4.0-2456
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
* Added automatic recognition of HTTP/HTTPS protocols
1. Requests sent to ports 80/443 will wait for the client to send the first data packet and then determine whether it is a valid HTTP/HTTPS request to decide how to handle it. If it is not a valid HTTP request, or if the first packet is not received within 300ms, it will fall back to TCP forwarding mode. Therefore, for requests using port 80, there is no longer a need to configure the
2. Automatically recognizes the TLS Client Hello message and extracts SNI, adding rules for SNI and MITM hostname matching.
3. Protocol auto-recognition is only enabled for ports 80/443 because some protocols are initiated by the server sending data first, such as SSH, IMAP, FTP. Waiting for client data before proceeding will cause unnecessary delays for these requests. HTTP requests on other ports that need to be handled by the HTTP engine still need to be configured with
4. MITM still requires hostname configuration to be activated, but the
5. Added the parameter
* The
* Tips: If you want it to be effective only for SNI, you can use the AND logic rule combined with the
* Since forwarding QUIC traffic through TCP-based proxies can lead to performance issues and traffic waste, all proxy policies have added a
* For the TUIC/WireGuard/Vector(Ponte) protocols, QUIC traffic will be allowed under
* For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* Improved compatibility of the HTTP engine and fixed compatibility issues with some non-standard self-implemented HTTP clients.
* Other improvements.
Version 5.4.0-2456
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
Proxy = hysteria2, 1.2.3.4, 443, password=pwd, download-bandwidth=100.* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
ecn=true parameter for a TUIC policy.* Added automatic recognition of HTTP/HTTPS protocols
1. Requests sent to ports 80/443 will wait for the client to send the first data packet and then determine whether it is a valid HTTP/HTTPS request to decide how to handle it. If it is not a valid HTTP request, or if the first packet is not received within 300ms, it will fall back to TCP forwarding mode. Therefore, for requests using port 80, there is no longer a need to configure the
force-http-engine-hosts parameter.2. Automatically recognizes the TLS Client Hello message and extracts SNI, adding rules for SNI and MITM hostname matching.
3. Protocol auto-recognition is only enabled for ports 80/443 because some protocols are initiated by the server sending data first, such as SSH, IMAP, FTP. Waiting for client data before proceeding will cause unnecessary delays for these requests. HTTP requests on other ports that need to be handled by the HTTP engine still need to be configured with
force-http-engine-hosts.4. MITM still requires hostname configuration to be activated, but the
tcp-connection parameter is no longer needed and will be effective for TCP requests by default.5. Added the parameter
always-raw-tcp-hosts, which forcibly shuts down active protocol detection for specific hostnames. It is written in the same way as the force-http-engine-hosts parameter.* The
DOMAIN, DOMAIN-SUFFIX, DOMAIN-KEYWORD rules have added an optional parameter extended-matching. When this parameter is set, the rule will also try to match both the SNI and the HTTP Host Header (or :authority).* Tips: If you want it to be effective only for SNI, you can use the AND logic rule combined with the
PROTOCOL,HTTPS rule.* Since forwarding QUIC traffic through TCP-based proxies can lead to performance issues and traffic waste, all proxy policies have added a
block-quic parameter, which can be set to auto (default), on, or off. When enabled, if QUIC traffic is encountered while using this policy, it will automatically use REJECT-NO-DROP to revert to HTTPS/TCP connections.* For the TUIC/WireGuard/Vector(Ponte) protocols, QUIC traffic will be allowed under
auto, while it will not be allowed for other proxy protocols under auto.* For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* Improved compatibility of the HTTP engine and fixed compatibility issues with some non-standard self-implemented HTTP clients.
* Other improvements.
Forwarded from Surge's Changelog
#Mac #Beta
Version 5.4.0-2457
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
* Added automatic recognition of HTTP/HTTPS protocols
1. Requests sent to ports 80/443 will wait for the client to send the first data packet and then determine whether it is a valid HTTP/HTTPS request to decide how to handle it. If it is not a valid HTTP request, or if the first packet is not received within 300ms, it will fall back to TCP forwarding mode. Therefore, for requests using port 80, there is no longer a need to configure the
2. Automatically recognizes the TLS Client Hello message and extracts SNI, adding rules for SNI and MITM hostname matching.
3. Protocol auto-recognition is only enabled for ports 80/443 because some protocols are initiated by the server sending data first, such as SSH, IMAP, FTP. Waiting for client data before proceeding will cause unnecessary delays for these requests. HTTP requests on other ports that need to be handled by the HTTP engine still need to be configured with
4. MITM still requires hostname configuration to be activated, but the
5. Added the parameter
* The
* Tips: If you want it to be effective only for SNI, you can use the AND logic rule combined with the
* Since forwarding QUIC traffic through TCP-based proxies can lead to performance issues and traffic waste, all proxy policies have added a
* For the TUIC/WireGuard/Vector(Ponte) protocols, QUIC traffic will be allowed under
* For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* Improved compatibility of the HTTP engine and fixed compatibility issues with some non-standard self-implemented HTTP clients.
* Other improvements.
Version 5.4.0-2457
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
Proxy = hysteria2, 1.2.3.4, 443, password=pwd, download-bandwidth=100.* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
ecn=true parameter for a TUIC policy.* Added automatic recognition of HTTP/HTTPS protocols
1. Requests sent to ports 80/443 will wait for the client to send the first data packet and then determine whether it is a valid HTTP/HTTPS request to decide how to handle it. If it is not a valid HTTP request, or if the first packet is not received within 300ms, it will fall back to TCP forwarding mode. Therefore, for requests using port 80, there is no longer a need to configure the
force-http-engine-hosts parameter.2. Automatically recognizes the TLS Client Hello message and extracts SNI, adding rules for SNI and MITM hostname matching.
3. Protocol auto-recognition is only enabled for ports 80/443 because some protocols are initiated by the server sending data first, such as SSH, IMAP, FTP. Waiting for client data before proceeding will cause unnecessary delays for these requests. HTTP requests on other ports that need to be handled by the HTTP engine still need to be configured with
force-http-engine-hosts.4. MITM still requires hostname configuration to be activated, but the
tcp-connection parameter is no longer needed and will be effective for TCP requests by default.5. Added the parameter
always-raw-tcp-hosts, which forcibly shuts down active protocol detection for specific hostnames. It is written in the same way as the force-http-engine-hosts parameter.* The
DOMAIN, DOMAIN-SUFFIX, DOMAIN-KEYWORD rules have added an optional parameter extended-matching. When this parameter is set, the rule will also try to match both the SNI and the HTTP Host Header (or :authority).* Tips: If you want it to be effective only for SNI, you can use the AND logic rule combined with the
PROTOCOL,HTTPS rule.* Since forwarding QUIC traffic through TCP-based proxies can lead to performance issues and traffic waste, all proxy policies have added a
block-quic parameter, which can be set to auto (default), on, or off. When enabled, if QUIC traffic is encountered while using this policy, it will automatically use REJECT-NO-DROP to revert to HTTPS/TCP connections.* For the TUIC/WireGuard/Vector(Ponte) protocols, QUIC traffic will be allowed under
auto, while it will not be allowed for other proxy protocols under auto.* For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* Improved compatibility of the HTTP engine and fixed compatibility issues with some non-standard self-implemented HTTP clients.
* Other improvements.
Forwarded from Surge's Changelog
#iOS #TestFlight
Surge 5 5.21.0 (2930) is ready to test on iOS.
What to Test:
- SOCKS 代理连接迁移至新架构,保证各参数行为一致
- 修正编辑策略组时错误信息无法显示的问题
- 再次修正部分低 MTU 网络下使用 QUIC 出现的问题
Surge 5 5.21.0 (2930) is ready to test on iOS.
What to Test:
- SOCKS 代理连接迁移至新架构,保证各参数行为一致
- 修正编辑策略组时错误信息无法显示的问题
- 再次修正部分低 MTU 网络下使用 QUIC 出现的问题
Forwarded from Surge's Changelog
#Mac #Beta
Version 5.4.0-2459
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
* Added automatic recognition of HTTP/HTTPS protocols
1. Requests sent to ports 80/443 will wait for the client to send the first data packet and then determine whether it is a valid HTTP/HTTPS request to decide how to handle it. If it is not a valid HTTP request, or if the first packet is not received within 300ms, it will fall back to TCP forwarding mode. Therefore, for requests using port 80, there is no longer a need to configure the
2. Automatically recognizes the TLS Client Hello message and extracts SNI, adding rules for SNI and MITM hostname matching.
3. Protocol auto-recognition is only enabled for ports 80/443 because some protocols are initiated by the server sending data first, such as SSH, IMAP, FTP. Waiting for client data before proceeding will cause unnecessary delays for these requests. HTTP requests on other ports that need to be handled by the HTTP engine still need to be configured with
4. MITM still requires hostname configuration to be activated, but the
5. Added the parameter
* The
* Tips: If you want it to be effective only for SNI, you can use the AND logic rule combined with the
* Since forwarding QUIC traffic through TCP-based proxies can lead to performance issues and traffic waste, all proxy policies have added a
* For the TUIC/WireGuard/Vector(Ponte) protocols, QUIC traffic will be allowed under
* For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* Improved compatibility of the HTTP engine and fixed compatibility issues with some non-standard self-implemented HTTP clients.
* Other improvements.
Version 5.4.0-2459
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
Proxy = hysteria2, 1.2.3.4, 443, password=pwd, download-bandwidth=100.* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
ecn=true parameter for a TUIC policy.* Added automatic recognition of HTTP/HTTPS protocols
1. Requests sent to ports 80/443 will wait for the client to send the first data packet and then determine whether it is a valid HTTP/HTTPS request to decide how to handle it. If it is not a valid HTTP request, or if the first packet is not received within 300ms, it will fall back to TCP forwarding mode. Therefore, for requests using port 80, there is no longer a need to configure the
force-http-engine-hosts parameter.2. Automatically recognizes the TLS Client Hello message and extracts SNI, adding rules for SNI and MITM hostname matching.
3. Protocol auto-recognition is only enabled for ports 80/443 because some protocols are initiated by the server sending data first, such as SSH, IMAP, FTP. Waiting for client data before proceeding will cause unnecessary delays for these requests. HTTP requests on other ports that need to be handled by the HTTP engine still need to be configured with
force-http-engine-hosts.4. MITM still requires hostname configuration to be activated, but the
tcp-connection parameter is no longer needed and will be effective for TCP requests by default.5. Added the parameter
always-raw-tcp-hosts, which forcibly shuts down active protocol detection for specific hostnames. It is written in the same way as the force-http-engine-hosts parameter.* The
DOMAIN, DOMAIN-SUFFIX, DOMAIN-KEYWORD rules have added an optional parameter extended-matching. When this parameter is set, the rule will also try to match both the SNI and the HTTP Host Header (or :authority).* Tips: If you want it to be effective only for SNI, you can use the AND logic rule combined with the
PROTOCOL,HTTPS rule.* Since forwarding QUIC traffic through TCP-based proxies can lead to performance issues and traffic waste, all proxy policies have added a
block-quic parameter, which can be set to auto (default), on, or off. When enabled, if QUIC traffic is encountered while using this policy, it will automatically use REJECT-NO-DROP to revert to HTTPS/TCP connections.* For the TUIC/WireGuard/Vector(Ponte) protocols, QUIC traffic will be allowed under
auto, while it will not be allowed for other proxy protocols under auto.* For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* Improved compatibility of the HTTP engine and fixed compatibility issues with some non-standard self-implemented HTTP clients.
* Other improvements.
Forwarded from Surge's Changelog
#Mac #Beta
Version 5.4.0-2460
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
* Added automatic recognition of HTTP/HTTPS protocols
1. Requests sent to ports 80/443 will wait for the client to send the first data packet and then determine whether it is a valid HTTP/HTTPS request to decide how to handle it. If it is not a valid HTTP request, or if the first packet is not received within 300ms, it will fall back to TCP forwarding mode. Therefore, for requests using port 80, there is no longer a need to configure the
2. Automatically recognizes the TLS Client Hello message and extracts SNI, adding rules for SNI and MITM hostname matching.
3. Protocol auto-recognition is only enabled for ports 80/443 because some protocols are initiated by the server sending data first, such as SSH, IMAP, FTP. Waiting for client data before proceeding will cause unnecessary delays for these requests. HTTP requests on other ports that need to be handled by the HTTP engine still need to be configured with
4. MITM still requires hostname configuration to be activated, but the
5. Added the parameter
* The
* Tips: If you want it to be effective only for SNI, you can use the AND logic rule combined with the
* Since forwarding QUIC traffic through TCP-based proxies can lead to performance issues and traffic waste, all proxy policies have added a
* For the TUIC/WireGuard/Vector(Ponte) protocols, QUIC traffic will be allowed under
* For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* Improved compatibility of the HTTP engine and fixed compatibility issues with some non-standard self-implemented HTTP clients.
* Other improvements.
Version 5.4.0-2460
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
Proxy = hysteria2, 1.2.3.4, 443, password=pwd, download-bandwidth=100.* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
ecn=true parameter for a TUIC policy.* Added automatic recognition of HTTP/HTTPS protocols
1. Requests sent to ports 80/443 will wait for the client to send the first data packet and then determine whether it is a valid HTTP/HTTPS request to decide how to handle it. If it is not a valid HTTP request, or if the first packet is not received within 300ms, it will fall back to TCP forwarding mode. Therefore, for requests using port 80, there is no longer a need to configure the
force-http-engine-hosts parameter.2. Automatically recognizes the TLS Client Hello message and extracts SNI, adding rules for SNI and MITM hostname matching.
3. Protocol auto-recognition is only enabled for ports 80/443 because some protocols are initiated by the server sending data first, such as SSH, IMAP, FTP. Waiting for client data before proceeding will cause unnecessary delays for these requests. HTTP requests on other ports that need to be handled by the HTTP engine still need to be configured with
force-http-engine-hosts.4. MITM still requires hostname configuration to be activated, but the
tcp-connection parameter is no longer needed and will be effective for TCP requests by default.5. Added the parameter
always-raw-tcp-hosts, which forcibly shuts down active protocol detection for specific hostnames. It is written in the same way as the force-http-engine-hosts parameter.* The
DOMAIN, DOMAIN-SUFFIX, DOMAIN-KEYWORD rules have added an optional parameter extended-matching. When this parameter is set, the rule will also try to match both the SNI and the HTTP Host Header (or :authority).* Tips: If you want it to be effective only for SNI, you can use the AND logic rule combined with the
PROTOCOL,HTTPS rule.* Since forwarding QUIC traffic through TCP-based proxies can lead to performance issues and traffic waste, all proxy policies have added a
block-quic parameter, which can be set to auto (default), on, or off. When enabled, if QUIC traffic is encountered while using this policy, it will automatically use REJECT-NO-DROP to revert to HTTPS/TCP connections.* For the TUIC/WireGuard/Vector(Ponte) protocols, QUIC traffic will be allowed under
auto, while it will not be allowed for other proxy protocols under auto.* For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* Improved compatibility of the HTTP engine and fixed compatibility issues with some non-standard self-implemented HTTP clients.
* Other improvements.
Forwarded from Surge's Changelog
#Mac #Beta
Version 5.4.0-2461
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
* Added automatic recognition of HTTP/HTTPS protocols
1. Requests sent to ports 80/443 will wait for the client to send the first data packet and then determine whether it is a valid HTTP/HTTPS request to decide how to handle it. If it is not a valid HTTP request, or if the first packet is not received within 300ms, it will fall back to TCP forwarding mode. Therefore, for requests using port 80, there is no longer a need to configure the
2. Automatically recognizes the TLS Client Hello message and extracts SNI, adding rules for SNI and MITM hostname matching.
3. Protocol auto-recognition is only enabled for ports 80/443 because some protocols are initiated by the server sending data first, such as SSH, IMAP, FTP. Waiting for client data before proceeding will cause unnecessary delays for these requests. HTTP requests on other ports that need to be handled by the HTTP engine still need to be configured with
4. MITM still requires hostname configuration to be activated, but the
5. Added the parameter
* The
* Tips: If you want it to be effective only for SNI, you can use the AND logic rule combined with the
* Since forwarding QUIC traffic through TCP-based proxies can lead to performance issues and traffic waste, all proxy policies have added a
* For the TUIC/WireGuard/Vector(Ponte) protocols, QUIC traffic will be allowed under
* For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* Improved compatibility of the HTTP engine and fixed compatibility issues with some non-standard self-implemented HTTP clients.
* Other improvements.
Version 5.4.0-2461
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
Proxy = hysteria2, 1.2.3.4, 443, password=pwd, download-bandwidth=100.* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
ecn=true parameter for a TUIC policy.* Added automatic recognition of HTTP/HTTPS protocols
1. Requests sent to ports 80/443 will wait for the client to send the first data packet and then determine whether it is a valid HTTP/HTTPS request to decide how to handle it. If it is not a valid HTTP request, or if the first packet is not received within 300ms, it will fall back to TCP forwarding mode. Therefore, for requests using port 80, there is no longer a need to configure the
force-http-engine-hosts parameter.2. Automatically recognizes the TLS Client Hello message and extracts SNI, adding rules for SNI and MITM hostname matching.
3. Protocol auto-recognition is only enabled for ports 80/443 because some protocols are initiated by the server sending data first, such as SSH, IMAP, FTP. Waiting for client data before proceeding will cause unnecessary delays for these requests. HTTP requests on other ports that need to be handled by the HTTP engine still need to be configured with
force-http-engine-hosts.4. MITM still requires hostname configuration to be activated, but the
tcp-connection parameter is no longer needed and will be effective for TCP requests by default.5. Added the parameter
always-raw-tcp-hosts, which forcibly shuts down active protocol detection for specific hostnames. It is written in the same way as the force-http-engine-hosts parameter.* The
DOMAIN, DOMAIN-SUFFIX, DOMAIN-KEYWORD rules have added an optional parameter extended-matching. When this parameter is set, the rule will also try to match both the SNI and the HTTP Host Header (or :authority).* Tips: If you want it to be effective only for SNI, you can use the AND logic rule combined with the
PROTOCOL,HTTPS rule.* Since forwarding QUIC traffic through TCP-based proxies can lead to performance issues and traffic waste, all proxy policies have added a
block-quic parameter, which can be set to auto (default), on, or off. When enabled, if QUIC traffic is encountered while using this policy, it will automatically use REJECT-NO-DROP to revert to HTTPS/TCP connections.* For the TUIC/WireGuard/Vector(Ponte) protocols, QUIC traffic will be allowed under
auto, while it will not be allowed for other proxy protocols under auto.* For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* Improved compatibility of the HTTP engine and fixed compatibility issues with some non-standard self-implemented HTTP clients.
* Other improvements.
Forwarded from Surge's Changelog
#iOS #TestFlight
Surge 5 5.21.0 (2931) is ready to test on iOS.
What to Test:
- 由于架构变化,移除了 WireGuard 的 IP/TCP 层转发功能
- 当多个 WireGuard 配置使用了同一个私钥时进行警告,这种配置会导致冲突
- 由于请求的首数据包时间不可控(如高 CPU 占用时),导致即使 300ms 的超时也有可能使得部分请求无法被嗅探回退 TCP 转发。
该版本中,由 force-http-engine-hosts 和 [MITM] hostname 配置所触发的嗅探,超时时间延长至 3s。
- 由于 [MITM] hostname 参数现在也可对 SNI 生效,且 SNI 中并不包含端口号,所以当非 443 端口的 HTTPS 请求被开启嗅探后,MITM 配置即使未指定端口号,也会因匹配 SNI 而启动。
如果只希望对标准主机名匹配,而不对 SNI 进行匹配,可写为 example.com:443
- 修正 UI 上多个开关无法关闭的问题
Surge 5 5.21.0 (2931) is ready to test on iOS.
What to Test:
- 由于架构变化,移除了 WireGuard 的 IP/TCP 层转发功能
- 当多个 WireGuard 配置使用了同一个私钥时进行警告,这种配置会导致冲突
- 由于请求的首数据包时间不可控(如高 CPU 占用时),导致即使 300ms 的超时也有可能使得部分请求无法被嗅探回退 TCP 转发。
该版本中,由 force-http-engine-hosts 和 [MITM] hostname 配置所触发的嗅探,超时时间延长至 3s。
- 由于 [MITM] hostname 参数现在也可对 SNI 生效,且 SNI 中并不包含端口号,所以当非 443 端口的 HTTPS 请求被开启嗅探后,MITM 配置即使未指定端口号,也会因匹配 SNI 而启动。
如果只希望对标准主机名匹配,而不对 SNI 进行匹配,可写为 example.com:443
- 修正 UI 上多个开关无法关闭的问题
Forwarded from Surge's Changelog
#Mac #Beta
Version 5.4.0-2462
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
* Added automatic recognition of HTTP/HTTPS protocols
1. Requests sent to ports 80/443 will wait for the client to send the first data packet and then determine whether it is a valid HTTP/HTTPS request to decide how to handle it. If it is not a valid HTTP request, or if the first packet is not received within 300ms, it will fall back to TCP forwarding mode. Therefore, for requests using port 80, there is no longer a need to configure the
2. Automatically recognizes the TLS Client Hello message and extracts SNI, adding rules for SNI and MITM hostname matching.
3. Protocol auto-recognition is only enabled for ports 80/443 because some protocols are initiated by the server sending data first, such as SSH, IMAP, FTP. Waiting for client data before proceeding will cause unnecessary delays for these requests. HTTP requests on other ports that need to be handled by the HTTP engine still need to be configured with
4. MITM still requires hostname configuration to be activated, but the
5. Added the parameter
* The
* Tips: If you want it to be effective only for SNI, you can use the AND logic rule combined with the
* Since forwarding QUIC traffic through TCP-based proxies can lead to performance issues and traffic waste, all proxy policies have added a
* For the TUIC/WireGuard/Vector(Ponte) protocols, QUIC traffic will be allowed under
* For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* Improved compatibility of the HTTP engine and fixed compatibility issues with some non-standard self-implemented HTTP clients.
* Other improvements.
Version 5.4.0-2462
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
Proxy = hysteria2, 1.2.3.4, 443, password=pwd, download-bandwidth=100.* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
ecn=true parameter for a TUIC policy.* Added automatic recognition of HTTP/HTTPS protocols
1. Requests sent to ports 80/443 will wait for the client to send the first data packet and then determine whether it is a valid HTTP/HTTPS request to decide how to handle it. If it is not a valid HTTP request, or if the first packet is not received within 300ms, it will fall back to TCP forwarding mode. Therefore, for requests using port 80, there is no longer a need to configure the
force-http-engine-hosts parameter.2. Automatically recognizes the TLS Client Hello message and extracts SNI, adding rules for SNI and MITM hostname matching.
3. Protocol auto-recognition is only enabled for ports 80/443 because some protocols are initiated by the server sending data first, such as SSH, IMAP, FTP. Waiting for client data before proceeding will cause unnecessary delays for these requests. HTTP requests on other ports that need to be handled by the HTTP engine still need to be configured with
force-http-engine-hosts.4. MITM still requires hostname configuration to be activated, but the
tcp-connection parameter is no longer needed and will be effective for TCP requests by default.5. Added the parameter
always-raw-tcp-hosts, which forcibly shuts down active protocol detection for specific hostnames. It is written in the same way as the force-http-engine-hosts parameter.* The
DOMAIN, DOMAIN-SUFFIX, DOMAIN-KEYWORD rules have added an optional parameter extended-matching. When this parameter is set, the rule will also try to match both the SNI and the HTTP Host Header (or :authority).* Tips: If you want it to be effective only for SNI, you can use the AND logic rule combined with the
PROTOCOL,HTTPS rule.* Since forwarding QUIC traffic through TCP-based proxies can lead to performance issues and traffic waste, all proxy policies have added a
block-quic parameter, which can be set to auto (default), on, or off. When enabled, if QUIC traffic is encountered while using this policy, it will automatically use REJECT-NO-DROP to revert to HTTPS/TCP connections.* For the TUIC/WireGuard/Vector(Ponte) protocols, QUIC traffic will be allowed under
auto, while it will not be allowed for other proxy protocols under auto.* For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* Improved compatibility of the HTTP engine and fixed compatibility issues with some non-standard self-implemented HTTP clients.
* Other improvements.
Forwarded from Surge's Changelog
#iOS #TestFlight
Surge 5 5.21.0 (2932) is ready to test on iOS.
What to Test:
- 修正上个版本使用 WireGuard 可能崩溃的问题
Surge 5 5.21.0 (2932) is ready to test on iOS.
What to Test:
- 修正上个版本使用 WireGuard 可能崩溃的问题
Forwarded from Surge's Changelog
#Mac #Beta
Version 5.4.0-2463
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
* Added automatic recognition of HTTP/HTTPS protocols
1. Requests sent to ports 80/443 will wait for the client to send the first data packet and then determine whether it is a valid HTTP/HTTPS request to decide how to handle it. If it is not a valid HTTP request, or if the first packet is not received within 300ms, it will fall back to TCP forwarding mode. Therefore, for requests using port 80, there is no longer a need to configure the
2. Automatically recognizes the TLS Client Hello message and extracts SNI, adding rules for SNI and MITM hostname matching.
3. Protocol auto-recognition is only enabled for ports 80/443 because some protocols are initiated by the server sending data first, such as SSH, IMAP, FTP. Waiting for client data before proceeding will cause unnecessary delays for these requests. HTTP requests on other ports that need to be handled by the HTTP engine still need to be configured with
4. MITM still requires hostname configuration to be activated, but the
5. Added the parameter
* The
* Tips: If you want it to be effective only for SNI, you can use the AND logic rule combined with the
* Since forwarding QUIC traffic through TCP-based proxies can lead to performance issues and traffic waste, all proxy policies have added a
* For the TUIC/WireGuard/Vector(Ponte) protocols, QUIC traffic will be allowed under
* For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* Improved compatibility of the HTTP engine and fixed compatibility issues with some non-standard self-implemented HTTP clients.
* Other improvements.
Version 5.4.0-2463
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
Proxy = hysteria2, 1.2.3.4, 443, password=pwd, download-bandwidth=100.* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
ecn=true parameter for a TUIC policy.* Added automatic recognition of HTTP/HTTPS protocols
1. Requests sent to ports 80/443 will wait for the client to send the first data packet and then determine whether it is a valid HTTP/HTTPS request to decide how to handle it. If it is not a valid HTTP request, or if the first packet is not received within 300ms, it will fall back to TCP forwarding mode. Therefore, for requests using port 80, there is no longer a need to configure the
force-http-engine-hosts parameter.2. Automatically recognizes the TLS Client Hello message and extracts SNI, adding rules for SNI and MITM hostname matching.
3. Protocol auto-recognition is only enabled for ports 80/443 because some protocols are initiated by the server sending data first, such as SSH, IMAP, FTP. Waiting for client data before proceeding will cause unnecessary delays for these requests. HTTP requests on other ports that need to be handled by the HTTP engine still need to be configured with
force-http-engine-hosts.4. MITM still requires hostname configuration to be activated, but the
tcp-connection parameter is no longer needed and will be effective for TCP requests by default.5. Added the parameter
always-raw-tcp-hosts, which forcibly shuts down active protocol detection for specific hostnames. It is written in the same way as the force-http-engine-hosts parameter.* The
DOMAIN, DOMAIN-SUFFIX, DOMAIN-KEYWORD rules have added an optional parameter extended-matching. When this parameter is set, the rule will also try to match both the SNI and the HTTP Host Header (or :authority).* Tips: If you want it to be effective only for SNI, you can use the AND logic rule combined with the
PROTOCOL,HTTPS rule.* Since forwarding QUIC traffic through TCP-based proxies can lead to performance issues and traffic waste, all proxy policies have added a
block-quic parameter, which can be set to auto (default), on, or off. When enabled, if QUIC traffic is encountered while using this policy, it will automatically use REJECT-NO-DROP to revert to HTTPS/TCP connections.* For the TUIC/WireGuard/Vector(Ponte) protocols, QUIC traffic will be allowed under
auto, while it will not be allowed for other proxy protocols under auto.* For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* Improved compatibility of the HTTP engine and fixed compatibility issues with some non-standard self-implemented HTTP clients.
* Other improvements.
Forwarded from Surge's Changelog
#Mac #Beta
Version 5.4.0-2464
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
* Added automatic recognition of HTTP/HTTPS protocols
1. Requests sent to ports 80/443 will wait for the client to send the first data packet and then determine whether it is a valid HTTP/HTTPS request to decide how to handle it. If it is not a valid HTTP request, or if the first packet is not received within 300ms, it will fall back to TCP forwarding mode. Therefore, for requests using port 80, there is no longer a need to configure the
2. Automatically recognizes the TLS Client Hello message and extracts SNI, adding rules for SNI and MITM hostname matching.
3. Protocol auto-recognition is only enabled for ports 80/443 because some protocols are initiated by the server sending data first, such as SSH, IMAP, FTP. Waiting for client data before proceeding will cause unnecessary delays for these requests. HTTP requests on other ports that need to be handled by the HTTP engine still need to be configured with
4. MITM still requires hostname configuration to be activated, but the
5. Added the parameter
* The
* Tips: If you want it to be effective only for SNI, you can use the AND logic rule combined with the
* Since forwarding QUIC traffic through TCP-based proxies can lead to performance issues and traffic waste, all proxy policies have added a
* For the TUIC/WireGuard/Vector(Ponte) protocols, QUIC traffic will be allowed under
* For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* Improved compatibility of the HTTP engine and fixed compatibility issues with some non-standard self-implemented HTTP clients.
* Other improvements.
Version 5.4.0-2464
* The HTTP capture function has been significantly improved, with the addition of automatic shutdown and MITM automatic activation features. At the same time, related settings are no longer written into the main configuration.
* New proxy protocol supported: Hysteria2. Please visit the project page for more information. https://github.com/apernet/hysteria. Proxy declaration example:
Proxy = hysteria2, 1.2.3.4, 443, password=pwd, download-bandwidth=100.* Completed support for ECN (Explicit Congestion Notification) of Vector (Surge Ponte) and TUIC protocols, significantly improving bandwidth performance in poor network environments.
* Due to compatibility issues, this function is turned off by default. Please enable it by configuring the
ecn=true parameter for a TUIC policy.* Added automatic recognition of HTTP/HTTPS protocols
1. Requests sent to ports 80/443 will wait for the client to send the first data packet and then determine whether it is a valid HTTP/HTTPS request to decide how to handle it. If it is not a valid HTTP request, or if the first packet is not received within 300ms, it will fall back to TCP forwarding mode. Therefore, for requests using port 80, there is no longer a need to configure the
force-http-engine-hosts parameter.2. Automatically recognizes the TLS Client Hello message and extracts SNI, adding rules for SNI and MITM hostname matching.
3. Protocol auto-recognition is only enabled for ports 80/443 because some protocols are initiated by the server sending data first, such as SSH, IMAP, FTP. Waiting for client data before proceeding will cause unnecessary delays for these requests. HTTP requests on other ports that need to be handled by the HTTP engine still need to be configured with
force-http-engine-hosts.4. MITM still requires hostname configuration to be activated, but the
tcp-connection parameter is no longer needed and will be effective for TCP requests by default.5. Added the parameter
always-raw-tcp-hosts, which forcibly shuts down active protocol detection for specific hostnames. It is written in the same way as the force-http-engine-hosts parameter.* The
DOMAIN, DOMAIN-SUFFIX, DOMAIN-KEYWORD rules have added an optional parameter extended-matching. When this parameter is set, the rule will also try to match both the SNI and the HTTP Host Header (or :authority).* Tips: If you want it to be effective only for SNI, you can use the AND logic rule combined with the
PROTOCOL,HTTPS rule.* Since forwarding QUIC traffic through TCP-based proxies can lead to performance issues and traffic waste, all proxy policies have added a
block-quic parameter, which can be set to auto (default), on, or off. When enabled, if QUIC traffic is encountered while using this policy, it will automatically use REJECT-NO-DROP to revert to HTTPS/TCP connections.* For the TUIC/WireGuard/Vector(Ponte) protocols, QUIC traffic will be allowed under
auto, while it will not be allowed for other proxy protocols under auto.* For QUIC traffic that hits the MITM hostname, it will also be automatically rejected.
* Improved compatibility of the HTTP engine and fixed compatibility issues with some non-standard self-implemented HTTP clients.
* Other improvements.
Forwarded from Surge TestFlight Feed
Forwarded from Surge TestFlight Feed