config.conf

# 基於Sample Quantumult Configuration
#
# 最後更新時間：2023/11/9
  
# Line started with ";" or "#" or "//" shall be comments.
# 以 ";" 或 "#" 或 "//" 开头的行为注释行。
  
[general]
# 配置文件圖標
profile_img_url =htts://img.sveir.xyz/static/favicon%40trs.png
# 網路測試鏈接
network_check_url =http://bing.com
# 伺服器測試鏈接
server_check_url =http://www.google.com/generate_204
# 測試超時時間（ms）
server_check_timeout =3000
# GEO位置檢測（如需要以中文顯示節點地區，請在下面行取消註釋）
;geo_location_checker = http://ip-api.com/json/?lang=zh-CN,https://cdn.jsdelivr.net/gh/KOP-XIAO/QuantumultX@master/Scripts/IP_API.js
# 指定WI-FI SSID的運行模式
;running_mode_trigger = filter, filter, asus-5g:all_direct, asus:all_proxy
# 資源解析
resource_parser_url = https://cdn.jsdelivr.net/gh/KOP-XIAO/QuantumultX@master/Scripts/resource-parser.js
# DNS排除列表（可一定程度防止檢測到使用代理）
dns_exclusion_list = *.lan, cable.auth.com, *.msftconnecttest.com, *.msftncsi.com, network-test.debian.org, detectportal.firefox.com, resolver1.opendns.com, *.srv.nintendo.net, *.stun.playstation.net, xbox.*.microsoft.com, *.xboxlive.com, stun.*, *.qq.com, localhost.*.qq.com, *.logon.battlenet.com.cn, *.logon.battle.net, *.blzstatic.cn, *.cmpassport.com, id6.me, open.e.189.cn, mdn.open.wo.cn, auth.wosms.cn, *.jegotrip.com.cn, *.icitymobile.mobi, *.pingan.com.cn, *.cmbchina.com, *?miwifi.com, pool.ntp.org, *.pool.ntp.org, ntp.*.com, time.*.com, ntp?.*.com, time?.*.com, time.*.gov, time.*.edu.cn, *.ntp.org.cn, time.*.apple.com, PDC._msDCS.*.*, DC._msDCS.*.*, GC._msDCS.*.*
# 排除路由
excluded_routes = 192.168.0.0/16, 172.16.0.0/12, 100.64.0.0/10, 10.0.0.0/8, 239.255.255.250/3
[dns]
;circumvent-ipv4-answer = 127.0.0.1, 0.0.0.0
;circumvent-ipv6-answer = ::
;prefer-doh3
;no-system
no-ipv6
server = 223.5.5.5
server = 114.114.114.114
server = 119.29.29.29
server = 8.8.8.8
;doq-server = quic://dns.adguard.com
;doq-server = quic://dns1.example.com, quic://dns2.example.com
;doq-server = quic://dns.adguard.com, excluded_ssids=SSID1
;doq-server = quic://dns.adguard.com, included_ssids=SSID2
;doh-server = https://dns.alidns.com/dns-query
;doh-server = https://exmaple1.com/dns-query, https://exmaple2.com/dns-query
;doh-server = https://223.6.6.6/dns-query, excluded_ssids=SSID1
;doh-server = https://223.5.5.5/dns-query, included_ssids=SSID2
;server = 8.8.8.8:53, excluded_ssids=SSID1
;server = 8.8.4.4:53, included_ssids=SSID2
;server = /example0.com/system
;server = /example1.com/8.8.4.4
;server = /*.example2.com/223.5.5.5
;doh-server = /*.example3.com/https://doh.pub/dns-query, excluded_ssids=SSID2
;doq-server = /*.example4.com/quic://dns.adguard.com, excluded_ssids=SSID3
;server = /example4.com/[2001:4860:4860::8888]:53
;address = /example5.com/192.168.16.18
;address = /example6.com/[2001:8d3:8d3:8d3:8d3:8d3:8d3:8d3]
;alias = /example7.com/another-example.com

#
# static policy points to the server in candidates you manually selected.
# available policy points to the first available server in candidates based on server_check_url(concurrent url latency test will be immediately launched when the policy has been triggered and the policy result is unavailable. If no network request is taking the policy at that time, that means the policy is in the idle state and the test won't be launched even if the server is down. At that time you can update the server status by manually launching the test, but it doesn't make any sense).
# round-robin policy points to the next server in candidates for next connection.
# dest-hash policy points to the server according to hash function that uses the destination address (domain or IP) as input. This policy is particularly useful for use cases that require session persistence. Adding or removing servers from the policy may change the results.
# url-latency-benchmark policy points to the server with the best (the param tolerance ms will be considered) url latency result. When the user starts the url test in Quantumult X container app manually, the policy result will also be updated. This type policy has a param called check-interval (seconds), if this policy has been activated by any request then the interval will be considered. If the alive-checking is true, then even the policy is in the idle state the interval will still be considered and the benchmark will be launched.
# ssid policy points to the server depending on the network environment.
# Param resource-tag-regex and server-tag-regex only work for static, available and round-robin type of polices.
#
[policy]
;static = policy-name-1, Sample-A, Sample-B, Sample-C, img-url=http://example.com/icon.png
;available = policy-name-2, Sample-A, Sample-B, Sample-C
;round-robin = policy-name-3, Sample-A, Sample-B, Sample-C
;ssid = policy-name-4, Sample-A, Sample-B, LINK_22E171:Sample-B, LINK_22E172:Sample-C
;static = policy-name-5, resource-tag-regex=^sample, server-tag-regex=^example, img-url=http://example.com/icon.png
;available = policy-name-6, resource-tag-regex=^sample, server-tag-regex=^example
;round-robin = policy-name-7, resource-tag-regex=^sample, server-tag-regex=^example
;dest-hash = policy-name-8, resource-tag-regex=^sample, server-tag-regex=^example
;url-latency-benchmark = policy-name-9, resource-tag-regex=^sample, server-tag-regex=^example, check-interval=600, alive-checking=false, tolerance=0

#
# Params "tag" and "enabled" are optional.
# The default sync interval for all kinds of remote resources is 86400 seconds.
# You can set update-interval=172800 to customize your auto sync interval(seconds), negative number means disable auto sync.
# If the require-devices is set, this line of configuration will only be loaded when current Quantumult device ID belongs to the require-devices. The Quantumult device ID can be found in "Settings - Misc Settings - About".
#
[server_remote]
;https://raw.githubusercontent.com/crossutility/Quantumult-X/master/server.snippet, tag=Sample-01
;https://raw.githubusercontent.com/crossutility/Quantumult-X/master/server.snippet, opt-parser=true, tag=Sample-01
;https://raw.githubusercontent.com/crossutility/Quantumult-X/master/server.snippet, update-interval=-1, tag=Sample-01
;https://raw.githubusercontent.com/crossutility/Quantumult-X/master/server-complete.snippet, tag=Sample-02, as-policy=static, img-url=http://example.com/icon.png, enabled=false
;https://example.com/server.snippet, tag=Sample-03, img-url=http://example.com/icon.png, require-devices=ID1, ID2, enabled=false

#
# Params "tag", "force-policy" and "enabled" are optional.
# When there is a force-policy, then the policy in filter of remote resource will be ignored and the force-policy will be used.
#
[filter_remote]
FILTER_LAN, tag=LAN, force-policy=direct, enabled=true
FILTER_REGION, tag=CN, force-policy=direct, enabled=true
;https://raw.githubusercontent.com/crossutility/Quantumult-X/master/filter.snippet, tag=Sample, force-policy=your-policy-name, enabled=true
;https://example.com/filter.snippet, tag=Sample, force-policy=your-policy-name, require-devices=ID1, ID2, enabled=true

#
# Params "tag" and "enabled" are optional.
#
[rewrite_remote]
;https://raw.githubusercontent.com/crossutility/Quantumult-X/master/sample-import-rewrite.snippet, tag=Sample, enabled=true
;https://example.com/rewrite.snippet, tag=Sample, require-devices=ID1, ID2, enabled=true

#
# Only obfs=http, obfs=ws, obfs=wss can have optional "obfs-uri" field.
# The obfs-host param in wss will be used for TLS handshake and for HTTP header host field, if obfs-host is not set for wss the server address will be used.
# When using obfs=ws and obfs=wss the server side can be deployed by v2ray-plugin with mux = 0 or by v2ray-core or the trojan-go.
# It is worth noting that the udp-over-tcp for shadowsocks is only supported by the server deployed with shadowsocksr python version, other versions only support the UDP relay itself. If you are combing udp-relay and udp-over-tcp for shadowsocks you must be sure your server is deployed with shadowsocksr python version.
# It is worth noting that the obfs=tls is different from the obfs=over-tls. The obfs=tls is the obfuscation plugin related to shadowsocks project, it is just an obfuscation of the TLS protocol. The obfs=over-tls is the TLS protocol. Quantumult X supports both of them for shadowsocks.
# The obfs plugin tls1.2_ticket_auth has one more RTT than tls1.2_ticket_fastauth and obfs tls, you'd better use tls1.2_ticket_fastauth instead.
# The method chacha20-ietf-poly1305 and chacha20-poly1305 have the same effect in VMess configuration.
# The tls-cert-sha256 or tls-pubkey-sha256 used for SSL pinning can be generated by openssl using below commands:
# openssl x509 -noout -fingerprint -sha256 -inform pem -in your-cert.pem
# openssl x509 -inform pem -pubkey -noout < your-cert.pem | openssl pkey -pubin -outform der | openssl dgst -sha256
# If the tls-verification is false then the tls-cert-sha256 and tls-pubkey-sha256 will be ignored.
# If the tls-pubkey-sha256 is set then the tls-cert-sha256 will be ignored.
# The optional tls-alpn for TLS is hex format of the ALPN extension content, eg: "02:68:32:08:68:74:74:70:2f:31:2e:31" or "02683208687474702f312e31" represents ALPN "h2" and "http/1.1" ({2, 'h', '2', 8, 'h', 't', 't', 'p', '/', '1', '.', '1'})
# The tls-no-session-ticket param for TLS is optional, this is only for special use cases. By default session ticket is enabled (tls-no-session-ticket=false). If you want to disable sessioin ticket just set tls-no-session-ticket=true, keep in mind that the session may still be reused from session ID for new connection if server supports it.
# The tls-no-session-reuse param for TLS is optional, this is only for special use cases. By default session reuse is enabled (tls-no-session-reuse=false). If you want to disable sessioin reuse just set tls-no-session-reuse=true, this will force Quantumult X perform a full TLS handshake for every new connection.
# The tls13 param has been deprecated (deprecated since v1.0.26), and TLS version 1.3 is always supported no matter what you set.
# The obfs=http for shadowsocks protocol follows the shadowsocks project's simple-obfs plugin. The obfs=http for VMess protocol follows V2Ray's implementation. These 2 obfuscations are totally different. Sometimes to comply with your special server settings (「shadowsocks」 + 「http obfuscation of VMess」 or 「VMess」 + 「http obfuscation of shadowsocks」. The latter rarely happens, and the former happens when the server side deployed by V2Ray (or similar programs) with shadowsocks protocol and V2Ray built-in http obfuscation), you may set obfs=vemss-http for shadowsocks protocol, or obfs=shadowsocks-http for vmess protocol.
#
[server_local]
;shadowsocks=example.com:80, method=chacha20, password=pwd, obfs=http, obfs-host=bing.com, obfs-uri=/resource/file, fast-open=false, udp-relay=false, server_check_url=http://www.apple.com/generate_204, tag=ss-obfs-http-01
;shadowsocks=example.com:80, method=chacha20, password=pwd, obfs=http, obfs-host=bing.com, obfs-uri=/resource/file, fast-open=false, udp-relay=false, tag=ss-obfs-http-02
;shadowsocks=example.com:443, method=chacha20, password=pwd, obfs=tls, obfs-host=bing.com, fast-open=false, udp-relay=false, tag=ss-obfs-tls-01
;shadowsocks=example.com:443, method=chacha20, password=pwd, obfs=over-tls, obfs-host=bing.com, tls-verification=true, tls-cert-sha256=b0088370d6c8e02d6e38c443abf81be2aaf1e18f00435aaf0b39852c338f7aaa, fast-open=false, udp-relay=false, tag=ss-tls-01
;shadowsocks=example.com:443, method=chacha20, password=pwd, obfs=over-tls, obfs-host=bing.com, tls-verification=true, tls-pubkey-sha256=eb5ec6684564fd0d04975903ed75342d1b9fdc2096ea54b4cf8caf4740f4ae25, fast-open=false, udp-relay=false, tag=ss-tls-02
;shadowsocks=example.com:443, method=chacha20, password=pwd, obfs=over-tls, obfs-host=bing.com, tls-verification=true, tls-pubkey-sha256=eb5ec6684564fd0d04975903ed75342d1b9fdc2096ea54b4cf8caf4740f4ae25, tls-alpn=02683208687474702f312e31, fast-open=false, udp-relay=false, tag=ss-tls-03
;shadowsocks=example.com:443, method=chacha20, password=pwd, ssr-protocol=auth_chain_b, ssr-protocol-param=def, obfs=tls1.2_ticket_fastauth, obfs-host=bing.com, tag=ssr
;shadowsocks=example.com:80, method=aes-128-gcm, password=pwd, obfs=ws, fast-open=false, udp-relay=false, tag=ss-ws-01
;shadowsocks=example.com:80, method=aes-128-gcm, password=pwd, obfs=ws, obfs-uri=/ws, fast-open=false, udp-relay=false, tag=ss-ws-02
;shadowsocks=example.com:443, method=aes-128-gcm, password=pwd, obfs=wss, obfs-uri=/ws, fast-open=false, udp-relay=false, tag=ss-ws-tls-01
;shadowsocks=example.com:443, method=aes-128-gcm, password=pwd, obfs=wss, obfs-uri=/ws, tls13=true, fast-open=false, udp-relay=false, tag=ss-ws-tls-02
;shadowsocks=example.com:80, method=chacha20, password=pwd, fast-open=false, udp-relay=true, udp-over-tcp=true, tag=ss-udp-over-tcp
#
# To disable aead header for vmess, just set aead=false, the default value is true. If your server(V2Ray) version is less than v4.28 please set aead=false
;vmess=example.com:80, method=none, password=23ad6b10-8d1a-40f7-8ad0-e3e35cd32291, fast-open=false, udp-relay=false, tag=vmess-01
;vmess=example.com:80, method=aes-128-gcm, password=23ad6b10-8d1a-40f7-8ad0-e3e35cd32291, fast-open=false, udp-relay=false, aead=false, tag=vmess-02
;vmess=example.com:443, method=none, password=23ad6b10-8d1a-40f7-8ad0-e3e35cd32291, obfs=over-tls, fast-open=false, udp-relay=false, tag=vmess-tls-01
;vmess=example.com:80, method=chacha20-poly1305, password=23ad6b10-8d1a-40f7-8ad0-e3e35cd32291, obfs=http, obfs-host=bing.com, obfs-uri=/resource/file, fast-open=false, udp-relay=false, server_check_url=http://www.apple.com/generate_204, tag=vmess-http
;vmess=192.168.1.1:443, method=none, password=23ad6b10-8d1a-40f7-8ad0-e3e35cd32291, obfs=over-tls, obfs-host=example.com, fast-open=false, udp-relay=false, tag=vmess-tls-02
;vmess=192.168.1.1:443, method=none, password=23ad6b10-8d1a-40f7-8ad0-e3e35cd32291, obfs=over-tls, obfs-host=example.com, tls13=true, fast-open=false, udp-relay=false, tag=vmess-tls-03
;vmess=example.com:80, method=chacha20-poly1305, password=23ad6b10-8d1a-40f7-8ad0-e3e35cd32291, obfs=ws, obfs-uri=/ws, fast-open=false, udp-relay=false, tag=vmess-ws-01
;vmess=192.168.1.1:80, method=chacha20-poly1305, password=23ad6b10-8d1a-40f7-8ad0-e3e35cd32291, obfs=ws, obfs-host=example.com, obfs-uri=/ws, fast-open=false, udp-relay=false, tag=vmess-ws-02
;vmess=example.com:443, method=chacha20-poly1305, password=23ad6b10-8d1a-40f7-8ad0-e3e35cd32291, obfs=wss, obfs-uri=/ws, fast-open=false, udp-relay=false, tag=vmess-ws-tls-01
;vmess=192.168.1.1:443, method=chacha20-poly1305, password=23ad6b10-8d1a-40f7-8ad0-e3e35cd32291, obfs=wss, obfs-host=example.com, obfs-uri=/ws, fast-open=false, udp-relay=false, tag=vmess-ws-tls-02
;vmess=192.168.1.1:443, method=chacha20-poly1305, password=23ad6b10-8d1a-40f7-8ad0-e3e35cd32291, obfs=wss, obfs-host=example.com, obfs-uri=/ws, tls13=true, fast-open=false, udp-relay=false, tag=vmess-ws-tls-03
#
# The obfs field is not supported for http
;http=example.com:80,fast-open=false, udp-relay=false, tag=http-01
;http=example.com:80, username=name, password=pwd, fast-open=false, udp-relay=false, tag=http-02
;http=example.com:443, username=name, password=pwd, over-tls=true, tls-host=example.com, tls-verification=true, fast-open=false, udp-relay=false, tag=http-tls-01
;http=example.com:443, username=name, password=pwd, over-tls=true, tls-host=example.com, tls-verification=true, tls-pubkey-sha256=eb5ec6684564fd0d04975903ed75342d1b9fdc2096ea54b4cf8caf4740f4ae25, fast-open=false, udp-relay=false, tag=http-tls-02
;http=example.com:443, username=name, password=pwd, over-tls=true, tls-host=example.com, tls-verification=true, tls-pubkey-sha256=eb5ec6684564fd0d04975903ed75342d1b9fdc2096ea54b4cf8caf4740f4ae25, tls-alpn=02683208687474702f312e31, fast-open=false, udp-relay=false, tag=http-tls-03
#
;socks5=example.com:80,fast-open=false, udp-relay=false, tag=socks5-01
;socks5=example.com:80, username=name, password=pwd, fast-open=false, udp-relay=false, tag=socks5-02
;socks5=example.com:443, username=name, password=pwd, over-tls=true, tls-host=example.com, tls-verification=true, fast-open=false, udp-relay=false, tag=socks5-tls-01
;socks5=example.com:443, username=name, password=pwd, over-tls=true, tls-host=example.com, tls-verification=true, tls-pubkey-sha256=eb5ec6684564fd0d04975903ed75342d1b9fdc2096ea54b4cf8caf4740f4ae25, fast-open=false, udp-relay=false, tag=socks5-tls-02
;socks5=example.com:443, username=name, password=pwd, over-tls=true, tls-host=example.com, tls-verification=true, tls-pubkey-sha256=eb5ec6684564fd0d04975903ed75342d1b9fdc2096ea54b4cf8caf4740f4ae25, tls-alpn=02683208687474702f312e31, fast-open=false, udp-relay=false, tag=socks5-tls-03
#
# The obfs field is only supported with websocket over tls for trojan. When using websocket over tls you should not set over-tls and tls-host options anymore, instead set obfs=wss and obfs-host options.
;trojan=example.com:443, password=pwd, over-tls=true, tls-verification=true, fast-open=false, udp-relay=false, tag=trojan-tls-01
;trojan=example.com:443, password=pwd, over-tls=true, tls-verification=true, tls13=true, fast-open=false, udp-relay=false, tag=trojan-tls-02
;trojan=192.168.1.1:443, password=pwd, over-tls=true, tls-host=example.com, tls-verification=true, fast-open=false, udp-relay=false, tag=trojan-tls-03
;trojan=192.168.1.1:443, password=pwd, over-tls=true, tls-host=example.com, tls-verification=true, tls13=true, fast-open=false, udp-relay=false, tag=trojan-tls-04
;trojan=192.168.1.1:443, password=pwd, over-tls=true, tls-host=example.com, tls-verification=true, tls-cert-sha256=b0088370d6c8e02d6e38c443abf81be2aaf1e18f00435aaf0b39852c338f7aaa, tls13=true, fast-open=false, udp-relay=false, tag=trojan-tls-05
;trojan=192.168.1.1:443, password=pwd, over-tls=true, tls-host=example.com, tls-verification=true, tls-pubkey-sha256=eb5ec6684564fd0d04975903ed75342d1b9fdc2096ea54b4cf8caf4740f4ae25, tls13=true, fast-open=false, udp-relay=false, tag=trojan-tls-06
;trojan=192.168.1.1:443, password=pwd, over-tls=true, tls-host=example.com, tls-verification=true, tls-pubkey-sha256=eb5ec6684564fd0d04975903ed75342d1b9fdc2096ea54b4cf8caf4740f4ae25, tls-alpn=02683208687474702f312e31, tls13=true, fast-open=false, udp-relay=false, tag=trojan-tls-07
;trojan=192.168.1.1:443, password=pwd, obfs=wss, obfs-host=example.com, obfs-uri=/path, udp-relay=true, tag=trojan-wss-05

[filter_local]
;user-agent, ?abc*, proxy
;host, www.google.com, proxy
;host-keyword, adsite, reject
;host-wildcard, *.goo?le.com, proxy
;host-suffix, googleapis.com, proxy
;host-suffix, googleapis.com, proxy, force-cellular
;host-suffix, googleapis.com, proxy, multi-interface
;host-suffix, googleapis.com, proxy, multi-interface-balance
;host-suffix, googleapis.com, proxy, via-interface=pdp_ip0
;ip6-cidr, 2001:4860:4860::8888/32, direct
;ip-cidr, 10.0.0.0/8, direct
;ip-cidr, 127.0.0.0/8, direct
;ip-cidr, 172.16.0.0/12, direct
;ip-cidr, 192.168.0.0/16, direct
;ip-cidr, 224.0.0.0/24, direct
;geoip, cn, direct
;geoip, cn, direct, force-cellular
;ip-asn, 6185, proxy
# You can add below host-keyword rule to skip the DNS query for all the non-matched hosts. Pure IP requests won't be matched by the host related rules.
;host-keyword, ., proxy
final, proxy


#
# The "reject" returns HTTP status code 404 with no content. This type of rewrite has some kind of dynamic delay (0~5 seconds) mechanism of response for repeated requests in a short period of time. The less the repetition, the shorter the delay (0). The more the repetition, the greater the delay (5).
# The "reject-200" returns HTTP status code 200 with no content.
# The "reject-img" returns HTTP status code 200 with content of 1px gif.
# The "reject-dict" returns HTTP status code 200 with content of empty json object.
# The "reject-array" returns HTTP status code 200 with content of empty json array.
# The "request-header" works for all the http headers not just one single header, so you can match two or more headers including CRLF in one regular expression.
# The "echo-response" just reply back the body of the content type response for matched URL, the body file should be saved at "On My iPhone - Quantumult X - Data".
# The length and encoding related HTTP header fields will be automatically processed by Quantumult if the "rewrite" is body related, so you should not handle them by yourself. The max supported original response body size is 4 MB(iOS 13+) for script-response-body.
# The body related rewrite will not be executed if the body is empty.
# When using javascript in rewrite, you can use those objects: $request, $response, $notify(title, subtitle, message), console.log(message) and Quantumult's built-in objects all have prefix "$".
# Supports: $request.sessionIndex, $request.scheme, $request.method, $request.url, $request.path, $request.headers,$response.sessionIndex, $response.statusCode, $response.headers, $response.body
# The $request.sessionIndex is equal to $response.sessionIndex when the response is related to the request. The sessionIndex has nothing to do with the index of TCP records in the orange "Activity" panel.
# The $notify(title, subtitle, message) will post iOS notifications if Quantumult notification has been enabled.
# The $prefs is for persistent store: $prefs.valueForKey(key), $prefs.setValueForKey(value, key), $prefs.removeValueForKey(key), $prefs.removeAllValues().
# The console.log(message)  will output logs to Quantumult log file.
# The setTimeout(function() { }, interval) will run function after interval(ms).
# The scripts for script-request-header, script-request-body, script-response-header, script-response-body, script-echo-response and script-analyze-echo-response should be saved in local "On My iPhone - Quantumult X - Scripts" or "iCloud Drive - Quantumult X - Scripts". Samples can be found at https://github.com/crossutility/Quantumult-X
# The difference between script-analyze-echo-response and script-echo-response is that the former will wait for the request body.
#
# The HTTP(HTTPS) request will be matched if the URL and the headers are both matched for the url-and-header rewrite (The URL will be evaluated first, and if it is not matched then the headers will not be evaluated at all). The string of the headers to compare contains the method, path and key-value headers.
#
[rewrite_local]
;^http://example\.com/resource1/1/ url reject
;^http://example\.com/resource1/2/ url reject-img
;^http://example\.com/resource1/3/ url reject-200
;^http://example\.com/resource1/4/ url reject-dict
;^http://example\.com/resource1/5/ url reject-array
;^http://example\.com/resource2/ url 302 http://example.com/new-resource2/
;^http://example\.com/resource3/ url 307 http://example.com/new-resource3/
;^http://example\.com/resource4/ url request-header ^GET /resource4/ HTTP/1\.1(\r\n) request-header GET /api/ HTTP/1.1$1
;^http://example\.com/resource4/ url request-header (\r\n)User-Agent:.+(\r\n) request-header $1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36$2
;^http://example\.com/resource5/ url request-body "info":\[.+\],"others" request-body "info":[],"others"
;^http://example\.com/resource5/ url response-body "info":\[.+\],"others" response-body "info":[],"others"
;^http://example\.com/resource5/ url echo-response text/html echo-response index.html
;^http://example\.com/resource6/ url script-response-body response-body.js
;^http://example\.com/resource7/ url script-echo-response script-echo.js
;^http://example\.com/resource8/ url script-response-header response-header.js
;^http://example\.com/resource9/ url script-request-header request-header.js
;^http://example\.com/resource10/ url script-request-body request-body.js
;^http://example\.com/resource1/1/ \r\nUser-Agent: example-agent url-and-header reject
;^http://example\.com/resource1/1/ ^POST url-and-header reject


#
# If the require-devices is set, this line of configuration will only be loaded when current Quantumult device ID belongs to the require-devices. The Quantumult device ID can be found in "Settings - Misc Settings - About".
# The $task.fetch() compose a HTTP request and deal with the response, only text body is supported. A $task.fetch() can be embeded in the completion handler of another $task.fetch(), if you want serial requests not current requests.
# The scripts should be saved in local "On My iPhone - Quantumult X - Scripts" or "iCloud Drive - Quantumult X - Scripts". Samples can be found at https://github.com/crossutility/Quantumult-X/blob/master/sample-task.js
# The default HTTP request timeout is 10 seconds.
#
# Supports 5 or 6 fields of cron excluding the command field. The event-network will be triggered when network changed. The event-interaction will be triggered when user tapped a UIAction. The event related task only can be triggered when the Quantumult X Tunnel is running.
#
[task_local]
;* * * * * sample-task.js
;* * * * * sample-task2.js, img-url=https://raw.githubusercontent.com/crossutility/Quantumult-X/master/quantumult-x.png, tag=Sample, enabled=true
;* * * * * sample-task3.js, img-url=https://raw.githubusercontent.com/crossutility/Quantumult-X/master/quantumult-x.png, tag=Sample, require-devices=ID1, ID2, enabled=true
;event-network sample-task3.js
;event-interaction sample-task4.js
#
# Just like any web browser, http(s) url string after # is never sent to the server. You can add # to the script http(s) url to append customized params, and using API $environment.sourcePath to get the whole path (https://example.com/sample.js#this-is-not-sent-to-server&key1=value1&key2=value2) and extract the customized params in the script by yourself.
#
;* * * * * https://example.com/sample.js#this-is-not-sent-to-server&key1=value1&key2=value2, tag=Sample, enabled=true


#
# Deploy a local HTTP server and use JavaScript for data processing.
# If the require-devices is set, this line of configuration will only be loaded when current Quantumult device ID belongs to the require-devices. The Quantumult device ID can be found in "Settings - Misc Settings - About".
# The input variables are $reqeust.url, $reqeust.path, $reqeust.headers, $reqeust.body
# The output using $done like $done({status:"HTTP/1.1 200 OK"}, headers:{}, body:"here is a string") to sendback the response.
# Further more you can use a signature or any other validation method to verify if the request is legitimate.
# After the deployment you should visit it through http://127.0.0.1:9999/your-path/your-api/.
#
[http_backend]
;https://raw.githubusercontent.com/crossutility/Quantumult-X/master/sample-backend.js, tag=fileConverter, path=^/example/v1/
;preference.js, tag=userPreference, path=^/preference/v1/, img-url=https://example.com, enabled=true
;sample.js, tag=sample, path=^/sample/v1/, require-devices=ID1, ID2, enabled=true
;convert.js, tag=fileConverter, path=^/convert/v1/


#
# If the source IP of the TCP connection is matched by the skip_src_ip, the hostname will not be evaluated. The wildcard * and ? are supported.
# If the destination IP of the TCP connection is matched by the skip_dst_ip, the hostname will not be evaluated. The wildcard * and ? are supported.
# Only the TLS SNI or destination address in "hostname" will be handled by MitM. The wildcard * and ? are supported.
#
# Important !!! You should always keep your CA passphrase and p12 private.
#
[mitm]
;passphrase =
;p12 =
;skip_validating_cert = false
;skip_src_ip = 192.168.1.5, 192.168.1.6
;skip_dst_ip = 17.0.0.1
;hostname = *.example.com, *.sample.com, non-existed-domain.com, *.non-connected-domain.com