api-server: "0.0.0.0:9000" # RESTful API server listen address, empty to disable
api-server-secret: "" # api-server secret for authentication

server-mode: SOCKS5 # HTTP, SOCKS5, TPROXY, REDIRECT, NFQUEUE
bind-address: 127.0.0.1
port: 1080
include-lan-routes: false # include LAN routes from proxying

bpf-offload: false # enable BPF offload on Linux

log-level: info # debug, info, warn, error

rewrite-mode: RULE # GLOBAL, DIRECT, RULE

user-agent: "FFF"
user-agent-regex: ""
user-agent-partial-replace: false

l3-rewrite:
  ttl: false
  ipid: false
  tcpts: false
  tcpwin: false
  block-quic: false
  bpf-offload: false

desync:
  reorder: false
  reorder-bytes: 8
  reorder-packets: 1500
  inject: false
  inject-ttl: 3

# type: HEADER-KEYWORD, HEADER-REGEX, DEST-PORT, IP-CIDR, SRC-IP, DOMAIN-SET, DOMAIN-SUFFIX, DOMAIN-KEYWORD, DOMAIN, URL-REGEX, FINAL
# action: DIRECT, REPLACE, REPLACE-REGEX, DELETE, ADD, REJECT, DROP
# rewrite-direction: REQUEST, RESPONSE
header-rewrite:
  - type: DOMAIN-SUFFIX
    match-value: "ua-check.stagoh.com"
    action: REPLACE
    rewrite-direction: REQUEST
    rewrite-header: "User-Agent"
    rewrite-value: "UA3F"
  - type: DEST-PORT
    match-value: "22"
    action: DIRECT
  - type: HEADER-KEYWORD
    match-header: "User-Agent"
    match-value: "MicroMessenger Client"
    action: DIRECT
  - type: HEADER-KEYWORD
    match-header: "User-Agent"
    match-value: "Bilibili Freedoooooom/MarkII"
    action: DIRECT
  - type: HEADER-KEYWORD
    match-header: "User-Agent"
    match-value: "Valve/Steam HTTP Client 1.0"
    action: DIRECT
    continue: true
  - type: DOMAIN-KEYWORD
    match-value: "httpbin.org"
    action: REPLACE
    rewrite-header: "Server"
    rewrite-value: "FFF"
    rewrite-direction: RESPONSE
  - type: HEADER-KEYWORD
    match-header: "User-Agent"
    match-value: "Mac"
    action: REPLACE
    rewrite-header: "User-Agent"
    rewrite-value: "FFF"
  - type: HEADER-REGEX
    match-header: "User-Agent"
    match-value: "(Apple|iPhone|iPad|Macintosh|Mac OS X|Mac|Darwin|Microsoft|Windows|Linux|Android|OpenHarmony|HUAWEI|OPPO|Vivo|XiaoMi|Mobile|Dalvik)"
    action: REPLACE-REGEX
    rewrite-header: "User-Agent"
    rewrite-regex: "(Apple|iPhone|iPad|Macintosh|Mac OS X|Mac|Darwin|Microsoft|Windows|Linux|Android|OpenHarmony|HUAWEI|OPPO|Vivo|XiaoMi|Mobile|Dalvik)"
    rewrite-value: "FFF"
  - type: FINAL
    action: REPLACE
    rewrite-header: "User-Agent"
    rewrite-value: "FFF"

body-rewrite:
  - type: URL-REGEX
    match-value: "^http://ua-check.stagoh.com"
    action: REPLACE-REGEX
    rewrite-direction: RESPONSE
    rewrite-regex: "UA2F"
    rewrite-value: "UA3F"

url-redirect:
  - type: URL-REGEX
    match-value: "^http://example.com/"
    action: REDIRECT-307
    rewrite-regex: "^http://example.com/(.*)"
    rewrite-value: "https://example.com/$1"

mitm:
  enabled: false
  hostname: "*.httpbin.com, example.com:8000"
  insecure-skip-verify: true
  ca-passphrase: ""
  ca-p12-base64: ""