Custom Routing Rules

Deep dive into Clash Party's Configuration Override feature, learn how to write custom routing rules, and master common rule syntax like DOMAIN and IP-CIDR.

Clash Party’s “Configuration Override” feature allows you to inject custom configurations without modifying the original subscription file. This is extremely useful when you need to force specific websites to proxy, direct connection, or block them.

This article will detail the rule writing syntax and provide plenty of practical examples.

What are Routing Rules?

Routing Rules are the core logic for how Clash handles network requests. Whenever a network request is initiated, Clash matches it against the rule list from top to bottom.

  • Once a match is found, the request is handled according to the Strategy specified by that rule (e.g., Proxy, Direct, or Reject).
  • If no rules match, the default fallback strategy (usually MATCH or FINAL) is used.

How to Add Custom Rules

Here are the steps to add custom rules in Clash Party:

  1. Go to Settings > Configuration Override.
  2. Click the New button.
  3. Select the Rules type.
  4. Enter your rules in the editor (YAML format).
  5. Save and enable the override configuration.

Tip

Rules in Configuration Override are usually inserted at the very beginning (Prepend) of the subscription’s original rules, meaning your custom rules have higher priority.

Rule Syntax Structure

A standard Clash rule consists of three parts, separated by commas:

Type,Value,Strategy
  • Type: The matching method, such as domain suffix, keyword, IP range, etc.
  • Value: The specific content to match, like google.com or 192.168.0.0/16.
  • Strategy: The action to take after matching, such as Proxy, Direct, Reject, or the specific name of your proxy group (e.g., US Node).

Common Strategies

  • DIRECT: Connect directly, bypassing the proxy.
  • REJECT: Reject the request, blocking traffic (often used for ad blocking).
  • PROXY / Proxy: Use the default proxy node or proxy group (depends on your main group name, usually subscriptions have a group named Proxy or Selector).
  • Proxy Group Name: You can fill in any proxy group name that exists in your subscription here, such as Streaming, Apple, etc.

Rule Types Explained

1. Domain Rules

DOMAIN-SUFFIX

The most commonly used rule type. Matches the domain and all its subdomains.

  • Syntax: DOMAIN-SUFFIX,domain,Strategy
  • Example:
    # Matches google.com, www.google.com, maps.google.com, etc.
- DOMAIN-SUFFIX,google.com,Proxy

DOMAIN-KEYWORD

Matches if the domain contains the keyword. Slightly slower, recommended only when the full domain is unknown.

  • Syntax: DOMAIN-KEYWORD,keyword,Strategy
  • Example:
    # Matches adservice.google.com, my-ad-site.com, etc.
- DOMAIN-KEYWORD,ad,REJECT

DOMAIN

Exact match of the entire domain; subdomains do not take effect.

  • Syntax: DOMAIN,domain,Strategy
  • Example:
    # Matches www.google.com only, does not match mail.google.com
- DOMAIN,www.google.com,Proxy

2. IP Rules

IP-CIDR / IP-CIDR6

Matches if the destination IP address is within the specified network range. no-resolve is an optional parameter indicating no DNS resolution should be performed (if the request is already in IP form).

  • Syntax: IP-CIDR,IP/Mask,Strategy[,no-resolve]
  • Example:
    # Direct connection for LAN
- IP-CIDR,192.168.0.0/16,DIRECT
# Proxy for Google DNS
- IP-CIDR,8.8.8.8/32,Proxy

GEOIP

Matches based on the country/region of the destination IP. Depends on the GeoIP database.

  • Syntax: GEOIP,CountryCode,Strategy[,no-resolve]
  • Example:
    # Direct connection for Mainland China IPs
- GEOIP,CN,DIRECT

3. Port and Process Rules

DST-PORT

Matches the destination port of the request.

  • Syntax: DST-PORT,Port,Strategy
  • Example:
    # Block HTTP traffic on port 80 (example only, use with caution)
- DST-PORT,80,REJECT

PROCESS-NAME

Matches the name of the application initiating the request. Very useful on Windows/macOS.

  • Syntax: PROCESS-NAME,ProcessName,Strategy
  • Example:
    # Force Telegram to use Proxy
- PROCESS-NAME,Telegram.exe,Proxy
# Force Spotify to connect Direct
- PROCESS-NAME,Spotify.exe,DIRECT

Example Library

Here are some common configuration scenarios you can copy directly into Configuration Override.

Scenario 1: Force Specific Sites to Proxy

Sometimes automatic routing rules might be inaccurate, or you want to force a specific site to use proxy (e.g., for testing).

- DOMAIN-SUFFIX,bilibili.com,Proxy
- DOMAIN-SUFFIX,weibo.com,Proxy

Scenario 2: Custom Ad Blocking

Block specific trackers or ad domains.

- DOMAIN-SUFFIX,doubleclick.net,REJECT
- DOMAIN-KEYWORD,analytics,REJECT

Scenario 3: Fix Banking App Access Issues

Some banking apps or websites are very sensitive to proxies and must be forced to connect directly.

- DOMAIN-SUFFIX,chase.com,DIRECT
- DOMAIN-SUFFIX,paypal.com,DIRECT
- DOMAIN-KEYWORD,bank,DIRECT

Scenario 4: Specific Software Routing

Force Zoom meeting software to connect directly for stability, and force Discord to use proxy.

# Windows Example
- PROCESS-NAME,Zoom.exe,DIRECT
- PROCESS-NAME,Discord.exe,Proxy

# macOS Example (usually doesn't need .app suffix, depends on actual process name)
- PROCESS-NAME,Zoom,DIRECT
- PROCESS-NAME,Discord,Proxy

Scenario 5: Development Environment Routing

If you are a developer, you may need to connect to company intranets or specific test servers.

# Direct connection for company intranet IP range
- IP-CIDR,10.0.0.0/8,DIRECT
# Proxy for specific test domain
- DOMAIN-SUFFIX,test-env.company.com,Proxy

FAQ & Notes

  1. Priority Issues: Custom rules are usually added to the top of the list, so they have the highest priority. If you write DOMAIN-SUFFIX,google.com,DIRECT, even if the subscription has google.com,Proxy, your direct rule will be executed first.

  2. Proxy Group Name Must Exist: If you fill in a specific proxy group name (like Netflix) in the strategy part instead of DIRECT or REJECT, please ensure that a proxy group with this name actually exists in your subscription, otherwise it will cause configuration errors.

  3. YAML Format Sensitivity:

    • There is usually a space after the colon.
    • Indentation must use spaces, not Tabs.
    • List items start with -.

  4. Role of no-resolve: Using no-resolve in IP rules prevents Clash from making unnecessary DNS resolution requests to match IP rules. If the traffic itself is domain-based, Clash will resolve the domain to get the IP before matching IP rules. With no-resolve, if the request is a domain, this IP rule is skipped directly (unless DNS resolution has already been completed in previous steps). It is generally recommended to add ,no-resolve to the end of GEOIP and IP-CIDR rules.

If you need extensive, well-categorized rules (such as “all Apple services”, “all ad domains”, etc.), writing them by hand can be tedious. Here are some well-known community-maintained rule set projects that you can reference or reference via rule-providers (advanced usage):

  1. Loyalsoldier/clash-rules

    • Features: Very famous, focuses on GeoIP and domain categorization, suitable as a base rule library.
    • Includes: Google, Apple, Telegram, GFW, Greatfire, etc.
    • Link: GitHub Repository

  2. ACL4SSR/ACL4SSR

    • Features: Long history, extremely detailed categorization, used by default in many subscription conversion services.
    • Includes: Netflix, Disney+, Spotify, Steam, OneDrive and various streaming and app routing.
    • Link: GitHub Repository

  3. blackmatrix7/ios_rule_script

    • Features: Extremely high update frequency, covers a massive amount of apps and services, you can find rules for almost any app you’ve heard of.
    • Includes: Categorized by APP name (e.g., TikTok, Twitter, OpenAI, etc.), perfect for finding domain lists for specific apps.
    • Link: GitHub Repository

By mastering these rule writing techniques, you can fully control Clash Party’s routing behavior and create the network environment that suits you best.