What Are Clash Split-Routing Rules?

Many newcomers hit the same wall: with global proxy enabled, Chinese sites such as Baidu, Taobao, and Bilibili feel sluggish—videos buffer, pages load slowly. The reason is simple: global mode sends everything through an overseas relay, often adding well over 100 ms round-trip latency. Requests that would take a few milliseconds on a domestic path end up taking the long way around.

Split routing (rule-based routing) is how Clash fixes that. With a careful rule list, Clash decides each hostname or IP: Mainland China traffic goes direct; overseas traffic uses your proxy. Once rules are in place, you rarely flip modes by hand—local sites stay fast while foreign ones stay reachable.

This guide walks through how the rule engine works, core syntax, GEOIP CN for China-direct paths, Rule Providers for maintainable rule sets, and a copy-paste YAML skeleton. It is aimed at readers who already know the basics and want precise split routing.

How the Rule Engine Works

To write good split rules, you need to know how Clash matches them. The engine follows this pattern:

Match order: top to bottom, first hit wins

For each new connection, Clash walks the rules: list in order. When a rule matches, it applies that rule’s policy (DIRECT, REJECT, or a proxy group) and stops—nothing below is evaluated. Order therefore matters a lot:

• Put the most specific rules first: e.g. a full DOMAIN match should appear before a broader DOMAIN-SUFFIX.
• Put catch-alls last: MATCH,Proxy or MATCH,DIRECT belongs at the bottom for traffic nothing else matched.
• Allowlists before blocklists: if one subdomain must bypass a parent-domain block, the allow rule must sit above the block rule.

Rule shape

Each rule has three comma-separated fields:

RULE_TYPE,MATCH_ARGUMENT,TARGET_POLICY

Examples:

DOMAIN-SUFFIX,google.com,Proxy
GEOIP,CN,DIRECT
MATCH,Proxy

The target policy can be a built-in policy (DIRECT, REJECT, …) or any name you define under proxy-groups: (e.g. Proxy, Auto).

Six Rule Types You Will Use Most

Clash (Mihomo core) supports many rule types; these six cover most real configs:

Domain rules

IP rules

Use IP rules for LAN segments and fixed prefixes. They usually apply after resolution: Clash may resolve a name to an IP to evaluate them (unless no-resolve is set). If a domain rule already matched, later IP rules for that flow may not run—IP rules matter most when the client connects by raw IP or once an IP is known.

GEOIP country codes

GEOIP,CN,DIRECT is the usual backbone for “China mainland → direct.” After Clash knows the destination IP, it looks it up in the bundled GeoIP data; if the country is CN, the traffic goes direct; otherwise evaluation continues down the list.

# Let all China mainland IPs connect directly
GEOIP,CN,DIRECT,no-resolve

Add no-resolve so this GEOIP line does not force extra DNS work just to test the rule: it applies when the destination is already an IP (or after resolution happens through another path), which trims redundant lookups and latency.

MATCH catch-all

MATCH must be last. It has no match argument—only a policy—and means “everything earlier missed.” Typical overseas-default setups use:

# Catch-all: unmatched traffic goes to proxy
MATCH,Proxy

Anything not covered above goes to the Proxy group, so new foreign sites still use your relay without hand-maintaining every domain.

Fine-Grained China-Direct Routing

GEOIP,CN,DIRECT alone is not always enough: some mainland services sit behind offshore CDNs or hybrid BGP paths and can look “foreign” to GEOIP alone. A layered approach helps:

Layer 1 — LAN and reserved ranges

# LAN and reserved addresses go direct
IP-CIDR,10.0.0.0/8,DIRECT,no-resolve
IP-CIDR,172.16.0.0/12,DIRECT,no-resolve
IP-CIDR,192.168.0.0/16,DIRECT,no-resolve
IP-CIDR,127.0.0.0/8,DIRECT,no-resolve

Layer 2 — High-traffic China domains

List major Chinese platforms with DOMAIN-SUFFIX above GEOIP. Domain rules are evaluated without needing resolution first, so they feel snappier than GEOIP-only stacks:

DOMAIN-SUFFIX,baidu.com,DIRECT
DOMAIN-SUFFIX,qq.com,DIRECT
DOMAIN-SUFFIX,weixin.qq.com,DIRECT
DOMAIN-SUFFIX,taobao.com,DIRECT
DOMAIN-SUFFIX,tmall.com,DIRECT
DOMAIN-SUFFIX,jd.com,DIRECT
DOMAIN-SUFFIX,bilibili.com,DIRECT
DOMAIN-SUFFIX,zhihu.com,DIRECT
DOMAIN-SUFFIX,weibo.com,DIRECT
DOMAIN-SUFFIX,bytedance.com,DIRECT
DOMAIN-SUFFIX,douyin.com,DIRECT

Layer 3 — GEOIP CN fallback

GEOIP,CN,DIRECT,no-resolve

Together, these layers keep most mainland traffic direct—saving proxy quota and latency.

Rule Providers (Maintainable Rule Sets)

Maintaining hundreds of lines by hand does not scale. Mihomo-style Clash adds Rule Providers: pull rule sets from HTTP URLs or local files, subscribe to community updates, and reference them from RULE-SET lines.

Three behavior modes

Remote rule sets

This example uses the community-maintained blackmatrix7 rule collections:

rule-providers:
  # Direct list for China mainland domains
  ChinaDomain:
    type: http
    behavior: domain
    url: "https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Clash/ChinaMax/ChinaMax_Domain.txt"
    path: ./ruleset/ChinaDomain.txt
    interval: 86400     # Refresh every 24 hours

  # Proxy list for common proxy targets
  ProxyGFW:
    type: http
    behavior: domain
    url: "https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Clash/Global/Global_Domain.txt"
    path: ./ruleset/ProxyGFW.txt
    interval: 86400

Wire them into rules: with RULE-SET:

rules:
  # LAN direct connect
  - IP-CIDR,192.168.0.0/16,DIRECT,no-resolve
  # China domain set — direct
  - RULE-SET,ChinaDomain,DIRECT
  # Proxy target set — use proxy group
  - RULE-SET,ProxyGFW,Proxy
  # China IPs direct
  - GEOIP,CN,DIRECT,no-resolve
  # Catch-all
  - MATCH,Proxy

Full Example Skeleton

Below is a YAML skeleton tying together proxy groups, providers, and rules:

# ── Proxy Groups ──────────────────────────────────────
proxy-groups:
  - name: "Proxy"
    type: select
    proxies:
      - Auto
      - HK-01
      - JP-01
      - US-01

  - name: "Auto"
    type: url-test
    url: "https://www.gstatic.com/generate_204"
    interval: 300
    proxies:
      - HK-01
      - JP-01
      - US-01

# ── Rule Providers ─────────────────────────────────────
rule-providers:
  ChinaDomain:
    type: http
    behavior: domain
    url: "https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Clash/ChinaMax/ChinaMax_Domain.txt"
    path: ./ruleset/ChinaDomain.txt
    interval: 86400

  ProxyGFW:
    type: http
    behavior: domain
    url: "https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Clash/Global/Global_Domain.txt"
    path: ./ruleset/ProxyGFW.txt
    interval: 86400

# ── Rules ──────────────────────────────────────────────
rules:
  # LAN and loopback direct
  - IP-CIDR,127.0.0.0/8,DIRECT,no-resolve
  - IP-CIDR,10.0.0.0/8,DIRECT,no-resolve
  - IP-CIDR,172.16.0.0/12,DIRECT,no-resolve
  - IP-CIDR,192.168.0.0/16,DIRECT,no-resolve

  # High-frequency China domains (faster than GeoIP)
  - DOMAIN-SUFFIX,baidu.com,DIRECT
  - DOMAIN-SUFFIX,qq.com,DIRECT
  - DOMAIN-SUFFIX,taobao.com,DIRECT
  - DOMAIN-SUFFIX,jd.com,DIRECT
  - DOMAIN-SUFFIX,bilibili.com,DIRECT
  - DOMAIN-SUFFIX,zhihu.com,DIRECT

  # China domain rule-set
  - RULE-SET,ChinaDomain,DIRECT

  # Proxy target rule-set
  - RULE-SET,ProxyGFW,Proxy

  # China IPs fallback
  - GEOIP,CN,DIRECT,no-resolve

  # Catch-all: unmatched traffic → proxy
  - MATCH,Proxy

In production, rename HK-01, JP-01, and US-01 to match the node names from your subscription.

Troubleshooting

Issue 1 — A China site uses the proxy

Often the resolved IP belongs to an offshore CDN edge, so GEOIP no longer says CN. Mitigations:

• Add DOMAIN-SUFFIX,example.com,DIRECT above your GEOIP lines.
• If you run dns.enhanced-mode: fake-ip, extend fake-ip-filter with known mainland domains so they do not get synthetic offshore-looking paths.
• Confirm the domain appears in your China rule provider; if not, patch it in manually or fork the list.

Issue 2 — An overseas site goes direct

Something above MATCH matched DIRECT incorrectly. Work through:

1. Open the client’s Connections view, pick the flow, and read which rule fired.
2. If a China rule set swallowed a foreign brand domain, insert a higher-priority proxy rule for that host.
3. Verify MATCH still targets your proxy group—not DIRECT.

Verbose logging

Set log-level: debug near the top of the profile while reproducing the issue; Clash prints how each connection matched:

log-level: debug  # Options: silent / error / warning / info / debug

Switch back to info or warning afterward—debug spam hurts performance on busy machines.

Pick a Client That Keeps Up

Perfect YAML cannot compensate for a client missing rule-engine features, clunky Rule Provider updates, or stale cores. Legacy apps illustrate the gap:

• Clash for Windows (CFW): archived upstream; last meaningful release predates modern Mihomo features such as optimized behavior: domain stores, so provider throughput suffers.
• ClashX (macOS): unmaintained for new protocols (Hysteria 2, VLESS Reality, …) and manual provider refreshes.
• Some Android forks: minimal UX, buried TUN toggles, opaque proxy-group switching.

Actively maintained clients typically ship:

• Live connection inspectors that surface the exact rule per request.
• One-click or scheduled Rule Provider refresh.
• Full Mihomo capability coverage—including Hysteria 2, VLESS Reality, and TUN.
• Clear dashboards for group switching and latency tests.

If your split routing still feels wrong after tuning YAML, upgrade the client; routing accuracy and stability often jump immediately. You can grab current builds for every platform on our download hub—no GitHub scavenger hunt required:

Download Clash clients