Configuration Guide
Clash Configuration Guide
Deep dive into the core configuration of Clash / Mihomo: routing rules, policy groups, subscription import, and the API console for precise and flexible control.
Routing Rules Documentation
Understand Clash routing rule types and syntax to achieve precise control over direct and proxy traffic.
Role of Rules
The rules field in Clash determines the outbound path for every traffic request: Direct (DIRECT), a specific Proxy node, or Block (REJECT). Rules are matched from top to bottom; the first match takes effect. Therefore, specific rules should be placed first, with the catch-all MATCH at the end.
Common Rule Types
| Type | Match Logic | Example |
|---|---|---|
DOMAIN |
Exact full domain match | DOMAIN,www.google.com,Proxy |
DOMAIN-SUFFIX |
Domain suffix match (includes subdomains) | DOMAIN-SUFFIX,google.com,Proxy |
DOMAIN-KEYWORD |
Domain contains keyword | DOMAIN-KEYWORD,youtube,Proxy |
IP-CIDR |
IP CIDR range match | IP-CIDR,192.168.0.0/16,DIRECT |
GEOIP |
Based on IP country/region | GEOIP,CN,DIRECT |
MATCH |
Catch-all match (must be last) | MATCH,Proxy |
Rule Config Example (YAML)
Typical routing config: direct for domestic, proxy for overseas, and LAN bypass:
rules:
# LAN Direct
- IP-CIDR,127.0.0.0/8,DIRECT
- IP-CIDR,192.168.0.0/16,DIRECT
- IP-CIDR,10.0.0.0/8,DIRECT
# Common Domestic Domains Direct
- DOMAIN-SUFFIX,cn,DIRECT
- DOMAIN-SUFFIX,baidu.com,DIRECT
- DOMAIN-SUFFIX,taobao.com,DIRECT
- DOMAIN-SUFFIX,qq.com,DIRECT
- DOMAIN-SUFFIX,bilibili.com,DIRECT
# Common Overseas Domains Proxy
- DOMAIN-SUFFIX,google.com,Proxy
- DOMAIN-SUFFIX,youtube.com,Proxy
- DOMAIN-SUFFIX,github.com,Proxy
- DOMAIN-KEYWORD,twitter,Proxy
- DOMAIN-SUFFIX,openai.com,Proxy
# China IP Direct
- GEOIP,CN,DIRECT
# Catch-all: All others Proxy
- MATCH,Proxy
Using Rule Providers
Manual rules are hard to maintain; we recommend Rule Providers. They pull pre-made rule lists from remote URLs and update automatically. Most airport subscriptions include these out of the box.
rule-providers:
reject:
type: http
behavior: domain
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/reject.txt"
path: ./ruleset/reject.yaml
interval: 86400
proxy:
type: http
behavior: domain
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/proxy.txt"
path: ./ruleset/proxy.yaml
interval: 86400
direct:
type: http
behavior: domain
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/direct.txt"
path: ./ruleset/direct.yaml
interval: 86400
rules:
- RULE-SET,reject,REJECT
- RULE-SET,proxy,Proxy
- RULE-SET,direct,DIRECT
- GEOIP,CN,DIRECT
- MATCH,Proxy
rule-providers.
Policy Group Configuration
Use Proxy Groups to combine nodes for auto speed-testing, failover, and load balancing.
What are Policy Groups?
A Policy Group (Proxy Group) is a collection of nodes. The client can automatically select the best node or allow manual switching. Groups are used as outbound targets in rules (e.g., the Proxy in MATCH,Proxy).
Four Policy Group Types
| Type | Behavior | Example |
|---|---|---|
url-test |
Periodic speed tests; auto-selects lowest latency node | Main proxy group for daily use (Recommended) |
fallback |
Uses the first node; switches to the next if unavailable | High-availability backup configuration |
load-balance |
Distributes traffic across multiple nodes | Load balancing for high-traffic scenarios |
select |
Manually select a node from the list | For pinning a specific node when needed |
Policy Group Example (YAML)
Includes auto speed-test (Proxy), manual selection, and failover groups:
proxy-groups:
# Auto speed-test, select lowest latency (Recommended)
- name: Proxy
type: url-test
url: https://www.gstatic.com/generate_204
interval: 300 # Test every 300 seconds
tolerance: 50 # Don't switch if latency diff < 50ms
proxies:
- HK-01
- HK-02
- US-01
- JP-01
# Manual Select
- name: Manual
type: select
proxies:
- Proxy # Can nest other policy groups
- HK-01
- US-01
- DIRECT
# Auto Failover
- name: Fallback
type: fallback
url: https://www.gstatic.com/generate_204
interval: 120
proxies:
- HK-01
- US-01
- JP-01
# Load Balancing
- name: LoadBalance
type: load-balance
url: https://www.gstatic.com/generate_204
interval: 300
strategy: round-robin
proxies:
- HK-01
- HK-02
- HK-03
Usage Advice
Standard subscriptions usually come with pre-set groups. For custom needs, use the Override feature in apps like Clash Verge Rev instead of editing YAML files directly.
proxies list with node names (matching the name field in proxies:) or other policy group names.
Subscription Usage Guide
From getting your airport URL to importing it into your Clash client.
What is a Subscription Link?
A Subscription URL is a private link provided by your airport (service provider). It contains all node info, which Clash parses automatically to build your node list.
Supported Formats
Clash (Mihomo kernel) supports these mainstream formats:
- Clash YAML (Recommended): The native
config.yamlformat with nodes and rules built-in. - Base64: A common list of SS/VMess nodes that Clash auto-converts.
- SIP008: The standard Shadowsocks subscription format.
- clash:// protocol: Links that automatically trigger a client import.
How to Get Your Link
- Log into your airport dashboard.
- Look for "Subscription," "Nodes," or "One-click Import."
- Select the Clash or Mihomo format.
- Click Copy to get the full URL.
How to Import (Using Clash Verge Rev)
- Open the app and click the Subscription menu.
- Click the + button and select Import.
- Paste your link in the URL field and give it a name.
- Click Import and wait for the download to finish.
- Click the Activate button on the card to set it as current.
Auto Updates
Nodes may change; we recommend enabling auto-updates. In Verge Rev, right-click the card → Edit → set an interval (e.g., 24h). The client will refresh node info automatically.
API & Console Guide
Monitor traffic, manage nodes, and switch groups in real-time via the RESTful API and Web UI.
Enable External Controller
The Mihomo kernel includes a RESTful API service via external-controller, listening on 127.0.0.1:9090 by default for Web UI communication.
# External controller address and port
external-controller: 127.0.0.1:9090
# API secret (leave empty for no password)
secret: "your-secret-here"
# Static file directory for Web UI (optional, for local UI panels)
external-ui: /path/to/ui/folder
Using Web UI Consoles
Clients usually have built-in consoles, but you can also use external ones:
| Name | Features | Online URL |
|---|---|---|
| Yacd | Simple, featured, most popular | yacd.haishan.me |
| MetaCubeX Dashboard | Official, full features, dark theme | d.metacubex.one |
| Zashboard | Beautiful UI, great visuals | github.com/Zephyruso/zashboard |
| Built-in UI | Built into most modern clients | Open directly from app menu |
secret key to connect.
Common API Endpoints
Base path: http://127.0.0.1:9090. Headers must include Authorization: Bearer :
# Get current version info
GET /version
# View all proxy nodes (with latency)
GET /proxies
# Switch node in policy group
PUT /proxies/{groupName}
Body: { "name": "node name" }
# Test latency for a node
GET /proxies/{name}/delay?url=https://www.gstatic.com/generate_204&timeout=5000
# View all active connections
GET /connections
# Force close all connections
DELETE /connections
# View current rule list
GET /rules
# Get global config
GET /configs
# Modify global config (e.g., switch proxy mode)
PATCH /configs
Body: { "mode": "rule" } # rule / global / direct
In-Client Usage
GUIs wrap these APIs into easy operations: the "Proxies" page for switching/testing, "Connections" for monitoring, and "Settings" for mode switching. Most users won't need direct API calls.
wiki.metacubex.one).
Setup complete! Download a client to start.
Get the right client for your platform, import your link, and start browsing securely.