-
Notifications
You must be signed in to change notification settings - Fork 231
Customize Rule Proxy
The EAF browser is implemented based on QWebEngine.
Because of the limitations of Chromium support, QWebEngine cannot implement custom rules proxy by Qt code like QWebKit.
It is very troublesome to modify the source code of Qt5 or switch to QWebKit kernel.
So, a more reasonable solution is "Introduce an intermediate proxy to indirectly implement a custom rules proxy".
The logic principle is as follows:
EAF Browser ---> Transfer Proxy ---> Need Proxy ------> Local Proxy ---> Proxy Server ---> Target Website
|
------------> No Need Proxy ---> Target Website
Use Clash as a Transfer Proxy, it will act as an intermediate proxy between the EAF browser and the local proxy, If a condition which matches the proxy rules is reached, Clash will direct the request to the local proxy client, and then the local proxy client sends the request to the proxy server. Otherwise when a condition which matches the direct connection rule, Clash would skip the local proxy client and directly send the request to target website.
Go to Clash download and install Clash, Arch' s users can install it by pacman directly.
At first, you need configure a socks5 proxy that you can read my another article Best Proxy Practices (CN).
In this case, the local socks5 proxy is listening on port 1080 of 127.0.0.1 (if not, please create a new config.yml file and modify the proxies field in the configuration below):
# config.yml
# Port of HTTP(S) proxy server on the local end
port: 18080
# Port of SOCKS5 proxy server on the local end
socks-port: 10808
# Set to true to allow connections to the local-end server from
# other LAN IP addresses
allow-lan: false
# This is only applicable when `allow-lan` is `true`
# '*': bind all IP addresses
# 192.168.122.11: bind a single IPv4 address
# "[aaaa::a8aa:ff:fe09:57d8]": bind a single IPv6 address
bind-address: '*'
# Clash router working mode
# rule: rule-based packet routing
# global: all packets will be forwarded to a single endpoint
# direct: directly forward the packets to the Internet
mode: rule
# Clash by default prints logs to STDOUT
# info / warning / error / debug / silent
log-level: info
# When set to false, resolver won't translate hostnames to IPv6 addresses
ipv6: false
# Outbound interface name
interface-name: wlp4s0
# DNS configuration
dns:
enable: false
listen: 0.0.0.0:53
# ipv6: false # when the false, response to AAAA questions will be empty
# These nameservers are used to resolve the DNS nameserver hostnames below.
# Specify IP addresses only
default-nameserver:
- 114.114.114.114
- 8.8.8.8
enhanced-mode: redir-host # or fake-ip
fake-ip-range: 198.18.0.1/16 # Fake IP addresses pool CIDR
# use-hosts: true # lookup hosts and return IP record
# Hostnames in this list will not be resolved with fake IPs
# i.e. questions to these domain names will always be answered with their
# real IP addresses
# fake-ip-filter:
# - '*.lan'
# - localhost.ptlogin2.qq.com
# Supports UDP, TCP, DoT, DoH. You can specify the port to connect to.
# All DNS questions are sent directly to the nameserver, without proxies
# involved. Clash answers the DNS question with the first result gathered.
nameserver:
- 114.114.114.114 # default value
- 8.8.8.8 # default value
- tls://dns.rubyfish.cn:853 # DNS over TLS
- https://1.1.1.1/dns-query # DNS over HTTPS
- dhcp://en0 # dns from dhcp
# When `fallback` is present, the DNS server will send concurrent requests
# to the servers in this section along with servers in `nameservers`.
# The answers from fallback servers are used when the GEOIP country
# is not `CN`.
# fallback:
# - tcp://1.1.1.1
# If IP addresses resolved with servers in `nameservers` are in the specified
# subnets below, they are considered invalid and results from `fallback`
# servers are used instead.
#
# IP address resolved with servers in `nameserver` is used when
# `fallback-filter.geoip` is true and when GEOIP of the IP address is `CN`.
#
# If `fallback-filter.geoip` is false, results from `nameserver` nameservers
# are always used if not match `fallback-filter.ipcidr`.
#
# This is a countermeasure against DNS pollution attacks.
# fallback-filter:
# geoip: true
# geoip-code: CN
# ipcidr:
# - 240.0.0.0/4
# domain:
# - '+.google.com'
# - '+.facebook.com'
# - '+.youtube.com'
# Lookup domains via specific nameservers
# nameserver-policy:
# 'www.baidu.com': '114.114.114.114'
# '+.internal.crop.com': '10.0.0.1'
proxies:
# proxies configuration see more: https://lancellc.gitbook.io/clash/clash-config-file/an-example-configuration-file
- name: "local-socks5"
type: socks5
server: localhost
port: 1080
proxy-groups:
# url-test select which proxy will be used by benchmarking speed to a URL.
- name: "auto"
type: url-test
proxies:
- local-socks5
# tolerance: 150
url: 'http://www.gstatic.com/generate_204'
interval: 300
rules:
# Use auto strategy when the domain name is google.com
- DOMAIN-SUFFIX,google.com,auto
- DOMAIN-SUFFIX,github.com,auto
- DOMAIN-SUFFIX,gitee.com,DIRECT
- DOMAIN-SUFFIX,emacs-china.org,DIRECT
- DOMAIN-SUFFIX,ruby-china.org,DIRECT
- DOMAIN-SUFFIX,baidu.com,DIRECT
# Use auto strategy when the domain name containes keyword 'google'
- DOMAIN-KEYWORD,google,auto
- DOMAIN,google.com,auto
# When the domain name is ad.com, reject request, which can be used to block ads
- DOMAIN-SUFFIX,ad.com,REJECT
# Internal service ip does not use proxy
- SRC-IP-CIDR,192.168.1.0/32,DIRECT
- SRC-IP-CIDR,10.0.0.0/8,DIRECT
# optional param "no-resolve" for IP rules (GEOIP, IP-CIDR, IP-CIDR6)
- IP-CIDR,127.0.0.0/8,DIRECT
- GEOIP,CN,DIRECT
# When the destination port is 8888, direct access
- SRC-PORT,8888,DIRECT
# default rule
- MATCH,autoThen run the command clash -f config.yml to start Clash,Clash will expose a http proxy listens on port 18080.
Finally, setup EAF to use the Clash proxy in Emacs through the following configuration:
(setq eaf-proxy-type "http")
(setq eaf-proxy-host "127.0.0.1")
(setq eaf-proxy-port "18080")