Clash Guide 2026: Mastering Proxy Modes, Policy Groups and Rules

Demystifying Proxy Modes: Global, Rule, and Direct

In the world of Clash, the "Proxy Mode" is the master switch that dictates how the core handles every single packet leaving your device. In 2026, most modern clients like Clash Verge Rev or Mihomo Party offer three primary modes. Understanding these is the first step toward network mastery.

1. Rule Mode (The Recommended Choice)

This is the "intelligent" mode. Clash uses the rules: section of your configuration file to decide whether a connection should go through a proxy, stay local (Direct), or be blocked. It enables split tunneling, allowing you to access domestic services at full speed while seamlessly proxying international traffic.

2. Global Mode

In Global mode, the rules are ignored. All traffic is forced through a single proxy group (usually named "GLOBAL"). This is useful when you are troubleshooting or when you need every single application—even those that usually bypass proxy settings—to route through a specific node.

3. Direct Mode

Direct mode bypasses the proxy core entirely for all traffic. It is essentially the "off" switch for proxying, though the Clash core still handles DNS if configured to do so. It’s a quick way to test if a connectivity issue is caused by your proxy provider or your local ISP.

Understanding Policy Groups: The Logic of Choice

If rules are the "instructions," Policy Groups are the "actors." A policy group is a collection of proxies (nodes) or even other policy groups. They allow you to organize your nodes and define how Clash should select them.

select: The most common type. It allows you to manually pick a node from a list in the GUI.
url-test: Automatically selects the node with the lowest latency by periodically testing a specific URL (usually a Google or Cloudflare health check).
fallback: Similar to url-test, but it only switches nodes if the current one becomes unavailable.
load-balance: Distributes traffic across multiple nodes to maximize throughput and prevent any single node from being overwhelmed.

By nesting these groups, you can create complex logic. For example, a group named "Streaming" could be a url-test group containing only high-speed nodes, which is then used by a "Netflix" rule.

Rule Types: DOMAIN, IP-CIDR, and GEOIP Explained

Clash rules are evaluated from top to bottom. Each rule consists of a type, a value, and a target (a policy group or the keyword DIRECT/REJECT).

- DOMAIN-SUFFIX,google.com,Proxy
- DOMAIN-KEYWORD,github,Proxy
- IP-CIDR,192.168.1.0/24,DIRECT
- GEOIP,CN,DIRECT
- MATCH,Proxy

DOMAIN-SUFFIX matches any domain ending with the specified string, while DOMAIN-KEYWORD is more aggressive, matching any domain containing the keyword. IP-CIDR is used for specific network segments, and GEOIP uses a local database to identify the country of the destination IP. The final MATCH rule is the "catch-all"—if no other rules match, the traffic follows this instruction.

The Hierarchy of Rule Matching: Why Order Matters

A common mistake for beginners is placing broad rules above specific ones. Because Clash stops at the first match, order is everything. You should always place your LAN bypass and REJECT rules at the very top.

ℹ Pro Tip: Always place GEOIP,CN,DIRECT near the bottom of your list, but before the MATCH rule. This ensures that specific international domains are proxied even if their CDNs happen to have local IP addresses.

In 2026, many users use Rule Providers. These are remote lists of rules that are updated automatically. When using multiple providers, ensure the most critical ones (like your company's internal domains) are listed before general-purpose lists.

Real-time Monitoring: Using Traffic Logs to Debug

When a website doesn't load, don't guess—check the logs. Every modern Clash GUI has a "Logs" or "Connections" tab. This is arguably the most powerful tool in the Clash ecosystem.

The logs will show you:

The Source IP and process name (if in TUN mode).
The Destination Domain or IP.
Which Rule was triggered.
Which Policy Group and Node were used.

If you see a connection to example.com using MATCH,DIRECT but the site is blocked, you know you need to add a DOMAIN-SUFFIX,example.com,Proxy rule.

Advanced Usage: Load Balancing and Health Checks

For power users, Load Balancing is the ultimate way to utilize multiple subscriptions. By setting the strategy to consistent-hashing, you can ensure that a single session (like a login to a bank) stays on the same IP, while different downloads use different nodes.

Health Checks are equally vital. A node might respond to a ping (ICMP) but fail to complete an HTTPS handshake. Clash's url-test performs a real HTTP GET request, ensuring that the selected node is actually capable of browsing the web, not just "alive" on the network level.

Conclusion: Designing Your Perfect Routing Strategy

Mastering Clash is about moving from "it just works" to "it works exactly how I want." By combining the right Proxy Mode with well-structured Policy Groups and precise Rules, you can create a network environment that is fast, secure, and completely transparent.

Compared to traditional VPNs that offer a simple "on/off" switch, Clash provides a surgical level of control. While other tools might slow down your entire system just to access one blocked site, Clash ensures that your high-bandwidth local traffic stays local while your restricted traffic finds the most efficient path.

→ Download Clash for free and experience the difference—take control of your digital borders today and enjoy a truly borderless internet experience.