Differences between REJECT Policies

Surge has built-in multiple different REJECT policies, with some subtle differences between them:

REJECT: Rejects the request; when the connection type is HTTP, an error page will be returned. (This behavior can be controlled by the show-error-page-for-reject parameter)
REJECT-TINYGIF: Rejects the request; when the connection type is HTTP, it returns a 1px GIF image response. If the connection is of other types, it is disconnected directly. This policy is mainly used for Web ad blocking.
REJECT-DROP: Rejects the request; unlike REJECT, this policy silently discards the request. Some applications have very aggressive retry logic and will immediately retry when the connection fails, causing a request storm that can waste system resources.

If a large number of requests to a particular hostname trigger the REJECT/REJECT-TINYGIF policy within a short period (the threshold for the current version is 10 times within 30 seconds), Surge will automatically upgrade the REJECT policy to the REJECT-DROP policy.

REJECT-NO-DROP: Generally, it is the same as the REJECT policy. The difference is that using this rule will not trigger the automatic upgrade behavior mentioned above.

PreviousTesting Strategy for Automatic Policy Groups NextUser Agent Rules

Last updated 1 year ago