GuanM/hysteria
1
0
Fork 0
mirror of https://github.com/cedar2025/hysteria.git synced 2025-06-28 15:30:03 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

ACL README

Browse Source
This commit is contained in:
Toby 2020-04-26 16:42:43 -07:00
parent 654787cebd
commit ea7b596f79
2 changed files with 86 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
ACL.md Normal file
View File

@ -0,0 +1,43 @@
# ACL File Format
ACL files describe how to process incoming requests. Both the server and the client support ACL and follow the identical syntax.
```
action condition_type condition argument
```
Example:
```
direct domain evil.corp
proxy domain-suffix google.com
block ip 1.2.3.4
hijack cidr 192.168.1.1/24 127.0.0.1
direct all
```
Hysteria acts according to the first matching rule in the file for each request. When there is no match, the default behavior is to proxy all connections. You can override this by adding a rule at the end of the file with the condition "all".
4 actions:
`direct` - connect directly to the target server without going through the proxy
`proxy` - connect to the target server through the proxy (only available on the client)
`block` - block the connection from establishing
`hijack` - hijack the connection to another target address (must be specified in the argument)
5 condition types:
`domain` - match a specific domain (does NOT match subdomains! e.g. `apple.com` will not match `cdn.apple.com`)
`domain-suffix` - match a domain suffix (match subdomains, but `apple.com` will still not match `fakeapple.com`)
`cidr` - IPv4 or IPv6 CIDR
`ip` - IPv4 or IPv6 address
`all` - match anything (usually placed at the end of the file as a default rule)
For domain requests, Hysteria will try to resolve the domains and match both domain & IP rules. In other words, an IP rule covers all connections that would end up connecting to this IP, regardless of whether the client requests with IP or domain.

43
ACL.zh.md Normal file
View File

@ -0,0 +1,43 @@
# ACL File Format
ACL 文件描述如何处理传入请求。服务器和客户端都支持 ACL并且遵循相同的语法。
```
处理方式 条件类型 条件 参数
```
例子:
```
direct domain evil.corp
proxy domain-suffix google.com
block ip 1.2.3.4
hijack cidr 192.168.1.1/24 127.0.0.1
direct all
```
Hysteria 根据文件中第一个匹配到规则对每个请求进行操作。当没有匹配时默认的行为是代理连接。可以通过在文件的末尾添加一个规则加上条件 "all" 来设置默认行为。
4 种处理方式:
`direct` - 直接连接到目标服务器,不经过代理
`proxy` - 通过代理连接到目标服务器(仅在客户端上可用)
`block` - 拒绝连接建立
`hijack` - 把连接劫持到另一个目的地 (必须在参数中指定)
5 种条件类型:
`domain` - 匹配特定的域名(不匹配子域名!例如:`apple.com` 不匹配 `cdn.apple.com`
`domain-suffix` - 匹配域名后缀(包含子域名,但 `apple.com` 仍不会匹配 `fakeapple.com`
`cidr` - IPv4 / IPv6 CIDR
`ip` - IPv4 / IPv6 地址
`all` - 匹配所有地址 (通常放在文件尾作为默认规则)
对于域名请求Hysteria 将尝试解析域名并同时匹配域名规则和 IP 规则。换句话说IP 规则能覆盖到所有连接,无论客户端是用 IP 还是域名请求。