Switched to latest VISION flow - block private address access by default

2025-06-28 13:16:06 +08:00 · 2023-01-10 14:26:39 +03:30 · 2023-01-10 14:26:39 +03:30 · 5f0b06b10f
commit 5f0b06b10f
parent 3de196c60e
1 changed files with 12 additions and 9 deletions
--- a/All-in-One-fallbacks-Nginx/server.json
+++ b/All-in-One-fallbacks-Nginx/server.json
@ -11,7 +11,8 @@
        "clients": [
          {
            "id": "90e4903e-66a4-45f7-abda-fd5d5ed7f797",
-            "flow": "xtls-rprx-direct" //To enable XTLS Direct, this configuration must be added; otherwise, delete it. V2Ray has deleted the XTLS application since version v4.33.0. If you want to use this application, it is recommended to choose Xray.
+            "flow": "xtls-rprx-vision"
+            // "flow": "xtls-rprx-direct"
          }
        ],
        "decryption": "none",
@ -98,9 +99,11 @@
      },
      "streamSettings": {
        "network": "tcp",
-        "security": "xtls", //If XTLS Direct is enabled, tls must be changed to xtls; otherwise, tls will be restored.
-        "xtlsSettings": {
-          //If XTLS Direct is enabled, tlsSettings must be changed to xtlsSettings; otherwise, restore tlsSettings.
+        // If XTLS Vision is enabled, "security" must be "tls"
+        // If XTLS Direct is enabled, "security" must be "xtls"
+        "security": "tls",
+        // If XTLS Direct is enabled, "tlsSettings" should also be changed to "xtlsSettings"
+        "tlsSettings": {
          "certificates": [
            {
              "ocspStapling": 3600, //The Xray version is not less than v1.3.0 to support configuring the time interval between OCSP stapling update and certificate hot reload. Currently V2Ray does not support it. If you use V2Ray as the server, you must delete this configuration.
@ -594,11 +597,6 @@
    "domainStrategy": "AsIs",
    "settings": {
      "rules": [
-        // {
-        //   "type": "field",
-        //   "outboundTag": "blackhole",
-        //   "ip": ["geoip:private"]
-        // },
        // {
        //   // DNS Cache rule
        //   "type": "field",
@ -606,6 +604,11 @@
        //   "network": "tcp,udp",
        //   "outboundTag": "DNS-Internal"
        // },
+        {
+          "type": "field",
+          "outboundTag": "blackhole",
+          "ip": ["geoip:private"]
+        },
        {
          "type": "field", // Block BitTorrent protocol
          "outboundTag": "blackhole",