# sukkaw/surge **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/sukkaw-surge).** 3,710 stars · 268 forks · TypeScript · agpl-3.0 ## Links - GitHub: https://github.com/SukkaW/Surge - Homepage: https://ruleset.skk.moe - awesome-repositories: https://awesome-repositories.com/repository/sukkaw-surge.md ## Topics `clash` `clash-meta` `clash-premium` `clash-rules` `hacktoberfest` `mihomo` `mihomo-rules` `ruleset` `sing-box` `sing-box-ruleset` `stash` `surfboard` `surge` `surge-rules` ## Description Surge is a network traffic routing and configuration system designed to categorize and steer network requests using curated rule sets, domain lists, and IP databases. It provides the data structures and filtering logic necessary to manage how application traffic is directed across proxies, direct connections, or regional gateways. The project distinguishes itself through granular traffic identification and steering. It identifies network requests by matching them against system process names, user-agent strings, and geographic IP ranges to apply specific routing policies. This allows for the optimization of high-bandwidth assets via content delivery network routing and the separation of domestic and international traffic. The system provides extensive security and access control capabilities, including the blocking of trackers, telemetry, malware, and phishing domains using regular expressions and domain-suffix matching. It further manages network integrity through DNS control to prevent fake IP assignments and handles local network traffic to ensure internal requests bypass external proxies. The project is implemented in TypeScript. ## Tags ### Networking & Communication - [Network Traffic Routing](https://awesome-repositories.com/f/networking-communication/network-traffic-routing.md) — Directs application data through custom network paths using proxies and direct connections. - [Traffic Routing](https://awesome-repositories.com/f/networking-communication/traffic-routing.md) — Bypasses proxy servers and connects directly to destinations using curated sets of domains, suffixes, and keywords. ([source](https://ruleset.skk.moe/Clash/non_ip/my_direct.txt)) - [Domain Traffic Filters](https://awesome-repositories.com/f/networking-communication/domain-traffic-filters.md) — Intercepts and routes network requests based on domain suffixes and keyword matching. - [Geographic Traffic Routing](https://awesome-repositories.com/f/networking-communication/geographic-traffic-routing.md) — Directs network traffic based on the geographic origin or destination of the request. - [Local Network Traffic Forwarders](https://awesome-repositories.com/f/networking-communication/ip-forwarding/local-network-traffic-forwarders.md) — Ensures internal traffic bypasses proxies and uses local DNS resolution by listing local network domains and IP ranges. ([source](https://cdn.jsdelivr.net/gh/sukkaw/surge@master/README.md)) - [LAN Traffic Identification](https://awesome-repositories.com/f/networking-communication/local-reverse-proxies/lan-traffic-identification.md) — Ensures internal network traffic bypasses proxy routing by matching LAN IP addresses and local suffixes. ([source](https://ruleset.skk.moe/Clash/ip/lan.txt)) - [CIDR Block Filtering](https://awesome-repositories.com/f/networking-communication/network-infrastructure-routing/network-routing-traffic-management/cidr-block-filtering.md) — Implements IP matching against CIDR blocks to determine regional membership and routing policies. - [Automated Traffic Routing](https://awesome-repositories.com/f/networking-communication/network-infrastructure-routing/network-routing-traffic-management/network-traffic-management/automated-traffic-routing.md) — Automates network traffic steering to specific destinations using curated lists of domains and IP addresses. ([source](https://ruleset.skk.moe)) - [Domestic Traffic Classifiers](https://awesome-repositories.com/f/networking-communication/network-infrastructure-routing/network-routing-traffic-management/network-traffic-management/domestic-traffic-classifiers.md) — Identifies and distinguishes between domestic and international traffic using domain and IP lists. - [IP Range Routing](https://awesome-repositories.com/f/networking-communication/network-policy-enforcement/ip-range-routing.md) — Matches network traffic against CIDR blocks and IP ranges to enforce specific routing policies. ([source](https://ruleset.skk.moe/Clash/ip/apple_services.txt)) - [Hybrid Domain and IP Routing](https://awesome-repositories.com/f/networking-communication/network-policy-enforcement/ip-range-routing/hybrid-domain-and-ip-routing.md) — Applies routing and filtering policies by matching traffic against both IP ranges and domain suffixes. ([source](https://ruleset.skk.moe/sing-box/ip/neteasemusic.json)) - [Regional Routing Datasets](https://awesome-repositories.com/f/networking-communication/network-policy-enforcement/ip-range-routing/regional-routing-datasets.md) — Uses curated lists of IP ranges and CIDR blocks to enforce geographic routing policies. - [Service-Specific Routing Rules](https://awesome-repositories.com/f/networking-communication/proxy-routing-services/service-specific-routing-rules.md) — Implements rule-based categorization to route traffic for regional services through appropriate proxy nodes. ([source](https://ruleset.skk.moe/List/non_ip/global.conf)) - [Regional IP Identification](https://awesome-repositories.com/f/networking-communication/regional-ip-identification.md) — Determines if a network address originates from a specific region, such as Mainland China. ([source](https://ruleset.skk.moe/List/ip/domestic.conf)) - [Proxy Routing](https://awesome-repositories.com/f/networking-communication/request-proxies/proxy-routing.md) — Implements logic to route requests across proxy servers or directly to bypass network restrictions. ([source](https://ruleset.skk.moe/Clash/non_ip/direct.txt)) - [Application Filters](https://awesome-repositories.com/f/networking-communication/traffic-filters/application-filters.md) — Isolates network traffic based on the specific application process name producing the request. - [Client-Based Filters](https://awesome-repositories.com/f/networking-communication/traffic-filters/client-based-filters.md) — Implements routing rules based on the originating application's process name and user-agent string. ([source](https://ruleset.skk.moe/List/non_ip/stream_hk.conf)) - [Traffic Routing Configurations](https://awesome-repositories.com/f/networking-communication/traffic-routing-configurations.md) — Manages internet traffic flow by directing requests through specific proxies, direct connections, or gateways. - [Process-Based Routing](https://awesome-repositories.com/f/networking-communication/traffic-routing-rules/process-based-routing.md) — Determines routing paths by matching network requests to specific local system process names. ([source](https://ruleset.skk.moe/List/non_ip/stream_tw.conf)) - [Traffic Rule Sets](https://awesome-repositories.com/f/networking-communication/traffic-rule-sets.md) — Provides management of organized collections of routing rules to automate traffic steering. - [Application-Specific Routing](https://awesome-repositories.com/f/networking-communication/traffic-tunneling/application-specific-routing.md) — Provides granular routing controls that direct traffic from specific local applications based on process names. ([source](https://ruleset.skk.moe/Clash/non_ip/sogouinput.txt)) - [User Agent Routing](https://awesome-repositories.com/f/networking-communication/user-agent-routing.md) — Applies targeted routing policies by identifying network requests via their user-agent strings. ([source](https://ruleset.skk.moe/List/non_ip/stream_tw.conf)) - [Private Relay Identification](https://awesome-repositories.com/f/networking-communication/domain-traffic-filters/private-relay-identification.md) — Provides a curated list of iCloud Private Relay endpoints to facilitate intercepted routing. ([source](https://ruleset.skk.moe/Clash/domainset/icloud_private_relay.txt)) - [CDN Integrations](https://awesome-repositories.com/f/networking-communication/network-infrastructure-routing/network-routing-traffic-management/network-traffic-management/cdn-integrations.md) — Routes network traffic through content delivery networks to improve download speeds and streaming stability. - [CDN Routing Gateways](https://awesome-repositories.com/f/networking-communication/network-infrastructure-routing/network-routing-traffic-management/network-traffic-management/cdn-routing-gateways.md) — Identifies Microsoft CDN domains to apply specific routing rules for updates and downloads. ([source](https://ruleset.skk.moe/Clash/non_ip/microsoft_cdn.txt)) - [Object Storage Routing](https://awesome-repositories.com/f/networking-communication/network-infrastructure-routing/network-routing-traffic-management/network-traffic-management/cdn-routing-gateways/object-storage-routing.md) — Applies routing policies by identifying IP addresses and domains used for object storage and static assets. ([source](https://ruleset.skk.moe/List/ip/cdn.conf)) - [Apple CDN Routing](https://awesome-repositories.com/f/networking-communication/network-infrastructure-routing/network-routing-traffic-management/network-traffic-management/proxy-routing-rules/apple-cdn-routing.md) — Optimizes download speeds by directing Apple CDN traffic through specific proxy or direct rules. ([source](https://ruleset.skk.moe/Clash/non_ip/apple_cdn.txt)) - [Fake-IP Filters](https://awesome-repositories.com/f/networking-communication/network-reliability-diagnostics/network-filtering/ip-address-filters/fake-ip-filters.md) — Ensures domains are resolved via real DNS lookups by preventing them from being assigned fake IP addresses. ([source](https://ruleset.skk.moe/Clash/domainset/clash_fake_ip_filter.txt)) - [Media Source Routing Rules](https://awesome-repositories.com/f/networking-communication/network-routing-rules/media-source-routing-rules.md) — Provides routing rules to direct traffic from global media streaming services to specific network destinations. ([source](https://ruleset.skk.moe/Clash/non_ip/stream.txt)) - [AI Platform Routing](https://awesome-repositories.com/f/networking-communication/proxy-routing-services/service-specific-routing-rules/ai-platform-routing.md) — Directs network traffic to specific proxies by identifying domains and keywords associated with AI platforms. ([source](https://ruleset.skk.moe/Clash/non_ip/ai.txt)) - [Apple Intelligence Routing](https://awesome-repositories.com/f/networking-communication/proxy-routing-services/service-specific-routing-rules/apple-intelligence-routing.md) — Enables targeted routing and blocking behaviors for domains associated with Apple Intelligence services. ([source](https://ruleset.skk.moe/sing-box/non_ip/apple_intelligence.json)) - [Apple Service Routing](https://awesome-repositories.com/f/networking-communication/proxy-routing-services/service-specific-routing-rules/apple-service-routing.md) — Applies specific routing or filtering rules by identifying domains and process names associated with Apple services. ([source](https://ruleset.skk.moe/Clash/non_ip/apple_services.txt)) - [Regional Content Routing Policies](https://awesome-repositories.com/f/networking-communication/regional-content-routing-policies.md) — Applies regional routing policies for streaming services using domains, user agents, and process names. ([source](https://ruleset.skk.moe/List/non_ip/stream_us.conf)) - [Private Relay Enablements](https://awesome-repositories.com/f/networking-communication/relay-server-configurations/private-relay-enablements.md) — Identifies Private Relay domains to ensure encrypted DNS and traffic are routed correctly. ([source](https://ruleset.skk.moe/sing-box/domainset/icloud_private_relay.json)) - [Routing Optimization Utilities](https://awesome-repositories.com/f/networking-communication/routing-optimization-utilities.md) — Directs high-bandwidth traffic through optimal paths to enhance download performance. ([source](https://cdn.jsdelivr.net/gh/sukkaw/surge@master/README.md)) - [ASN-Based Routing](https://awesome-repositories.com/f/networking-communication/traffic-routing-rules/asn-based-routing.md) — Applies specific routing rules to providers by identifying traffic based on Autonomous System Numbers. ([source](https://ruleset.skk.moe/Clash/ip/telegram_asn.txt)) - [CDN Domain Routing](https://awesome-repositories.com/f/networking-communication/traffic-routing-rules/cdn-domain-routing.md) — Categorizes network traffic based on curated CDN domain lists to apply specific routing rules. ([source](https://ruleset.skk.moe/sing-box/domainset/cdn.json)) - [IPv6 Routing Rules](https://awesome-repositories.com/f/networking-communication/traffic-routing-rules/ipv6-routing-rules.md) — Applies network routing rules based on destination or origin IPv6 CIDR ranges. ([source](https://ruleset.skk.moe/sing-box/ip/china_ip_ipv6.json)) - [Software Update Routing](https://awesome-repositories.com/f/networking-communication/traffic-routing-rules/software-update-routing.md) — Directs traffic from software update servers to specific proxies to optimize download speeds. ([source](https://ruleset.skk.moe/Clash/domainset/download.txt)) - [Static Asset Routing](https://awesome-repositories.com/f/networking-communication/traffic-routing-rules/static-asset-routing.md) — Implements specific routing rules for CDNs by identifying object storage and static asset delivery domains. ([source](https://ruleset.skk.moe/Clash/ip/cdn.txt)) - [Update and Large File Routing](https://awesome-repositories.com/f/networking-communication/traffic-routing-rules/update-and-large-file-routing.md) — Optimizes routing by identifying domains and IPs used for software updates and large file hosting. ([source](https://ruleset.skk.moe/List/ip/download.conf)) ### Part of an Awesome List - [Tracking Prevention Lists](https://awesome-repositories.com/f/awesome-lists/data/analytics-and-tracking/tracking-prevention-lists.md) — Prevents network requests to telemetry, analytics, and tracking endpoints by matching specific domains and suffixes. ([source](https://ruleset.skk.moe/sing-box/non_ip/reject-drop.json)) - [Domain and Keyword Routing](https://awesome-repositories.com/f/awesome-lists/devtools/regex-and-pattern-matching/domain-pattern-matching/domain-keyword-matchers/domain-and-keyword-routing.md) — Determines the appropriate routing path by matching requests against domains, suffixes, and keywords. ([source](https://ruleset.skk.moe/Clash/domainset/apple_cdn.txt)) ### Education & Learning Resources - [Proxy Rule Sets](https://awesome-repositories.com/f/education-learning-resources/proxy-rule-sets.md) — Provides curated collections of traffic rules for routing network requests through proxies. ### Security & Cryptography - [App-Based Traffic Control](https://awesome-repositories.com/f/security-cryptography/app-based-traffic-control.md) — Manages internet traffic on a per-application basis by identifying specific system process names. ([source](https://ruleset.skk.moe/Clash/non_ip/stream_hk.txt)) - [DNS Filtering](https://awesome-repositories.com/f/security-cryptography/dns-filtering.md) — Intercepts and blocks network requests by mapping advertisement and tracker domains to null addresses. - [Domain Name Blocking](https://awesome-repositories.com/f/security-cryptography/domain-based-access-controls/domain-name-blocking.md) — Rejects advertisements, analytics, and telemetry by maintaining curated lists of domains for network proxies to block. ([source](https://ruleset.skk.moe/sing-box/domainset/reject.json)) - [Process-Based Blocking](https://awesome-repositories.com/f/security-cryptography/domain-based-access-controls/domain-name-blocking/process-based-blocking.md) — Prevents tracking or unwanted connections by defining a list of domains, keywords, and process names for rejection. ([source](https://ruleset.skk.moe/Clash/non_ip/my_reject.txt)) - [Malicious IP Blocklists](https://awesome-repositories.com/f/security-cryptography/ip-blacklisting/ip-and-cidr-blocking/malicious-ip-blocklists.md) — Prevents connections to harmful hosts by identifying and blocking traffic to known malicious IP addresses and CIDR ranges. ([source](https://ruleset.skk.moe/Clash/ip/reject.txt)) - [Malicious Domain Filtering](https://awesome-repositories.com/f/security-cryptography/malicious-domain-filtering.md) — Prevents connections to harmful endpoints by filtering requests against curated lists of known malicious domains. ([source](https://ruleset.skk.moe/sing-box/ip/reject.json)) - [Malicious Traffic Blocking](https://awesome-repositories.com/f/security-cryptography/malicious-traffic-blocking.md) — Secures network connections by blocking traffic to known malicious IP addresses and phishing domains. - [Privacy and Ad Blocking](https://awesome-repositories.com/f/security-cryptography/privacy-and-ad-blocking.md) — Prevents tracking and blocks connections to advertisement, telemetry, and analytics servers. - [Telemetry Blocking](https://awesome-repositories.com/f/security-cryptography/privacy-and-ad-blocking/telemetry-blocking.md) — Prevents connections to telemetry, advertising, and tracking servers by matching requests against lists of forbidden domains. ([source](https://ruleset.skk.moe/List/non_ip/reject.conf)) - [User-Agent Filters](https://awesome-repositories.com/f/security-cryptography/signature-based-filtering/user-agent-filters.md) — Applies targeted routing and filtering based on the client user-agent strings. ([source](https://ruleset.skk.moe/List/non_ip/stream_eu.conf)) - [Traffic Filtering](https://awesome-repositories.com/f/security-cryptography/traffic-filtering.md) — Stops advertisements, telemetry, and malicious traffic by preventing network requests to specific domains, suffixes, and keywords. ([source](https://ruleset.skk.moe/Clash/domainset/reject.txt)) - [URL Regex Filters](https://awesome-repositories.com/f/security-cryptography/content-filtering-rules/response-analysis-filters/url-pattern-filters/url-regex-filters.md) — Filters network requests by matching outgoing URLs against regular expression patterns to block specific content. - [URL-Specific Blockings](https://awesome-repositories.com/f/security-cryptography/domain-based-access-controls/domain-name-blocking/url-specific-blockings.md) — Prevents connections to unwanted or malicious web addresses by matching network requests against regular expressions. ([source](https://ruleset.skk.moe/Clash/non_ip/reject-url-regex.txt)) - [User-Agent and Domain Blocking](https://awesome-repositories.com/f/security-cryptography/domain-based-access-controls/user-agent-and-domain-blocking.md) — Prevents connectivity to designated services by filtering network requests based on hostnames, domain suffixes, or user agents. ([source](https://ruleset.skk.moe/List/non_ip/sogouinput.conf)) - [P2P Traffic Blocking](https://awesome-repositories.com/f/security-cryptography/network-traffic-filters/p2p-traffic-blocking.md) — Prevents unwanted data usage or connection instability by rejecting peer-to-peer network traffic using domain and suffix lists. ([source](https://ruleset.skk.moe/Clash/non_ip/reject-no-drop.txt)) - [Regex Filters](https://awesome-repositories.com/f/security-cryptography/privacy-filtering/regex-filters.md) — Prevents access to specified malicious or unwanted URLs by filtering outgoing network requests using regular expression patterns. ([source](https://ruleset.skk.moe/sing-box/non_ip/reject-url-regex.json)) - [Application Network Isolation](https://awesome-repositories.com/f/security-cryptography/privacy-protection/application-network-isolation.md) — Stops specific apps from transmitting sensitive data or keystrokes to remote servers through targeted network filtering. ([source](https://cdn.jsdelivr.net/gh/sukkaw/surge@master/README.md)) ### Programming Languages & Runtimes - [Process Name Filters](https://awesome-repositories.com/f/programming-languages-runtimes/literal-matching/literal-pattern-matching/process-name-filters.md) — Matches executable process names against predefined lists to identify and route traffic from specific applications.