The symptom: Reddit looks “half online” while Clash is enabled

You have already turned the proxy on, chosen a node that works for general browsing, and maybe even streamed video without drama. Then you open Reddit in a browser or the official app: the frame appears, the top bar renders, maybe the snoo icon shows up—but the home feed is an endless skeleton, posts never expand, or the comment section displays a spinner that outlasts your patience. Click a redd.it short link from another site and the tab stays blank long enough that you assume the link died. Thumbnails and inline video previews fail while text-only subreddits feel “fine,” which is maddening because it does not look like a clean block on the whole domain.

That inconsistency is the diagnostic signature. A truly dead exit is usually consistently dead. What looks like “Reddit is flaky today” is often a routing problem: some hostnames associated with the product resolve and connect through the policy group you expect, while others match an earlier rule that sends traffic DIRECT, fall into a GEOIP shortcut meant for domestic sites, or never traverse Clash at all because the application used a DNS path that bypasses the core. Reddit’s own architecture amplifies the effect: the main site, short links, image previews, static bundles, and GraphQL APIs do not all live on a single cute hostname. If your profile was tuned for a generic “social” bucket, it may cover reddit.com but omit redd.it, or it may classify a CDN name in a way that collides with an imported rule-set you did not read line by line.

This article is intentionally narrower than a catch-all list of every feed on the internet. If you want the parallel pattern for chat apps with different transport shapes, compare Telegram and MTProto split rules and Discord UDP and domain rules—Reddit is HTTPS-heavy like the modern web, but its hostname surface is still wide enough to deserve explicit lines in YAML.

Why Reddit traffic splits even when “reddit.com” is “proxied”

People say “I added Reddit to the proxy” when they mean they noticed www.reddit.com in a connection log. That is a good start and also an incomplete picture. The product fetches JSON from GraphQL endpoints, loads JavaScript from static hosts, pulls media from preview domains on the redd.it registrable suffix, and resolves short URLs on the dedicated short-link domain redd.it—note the spelling: redd.it, not reddit.it, which is a common typo in search queries. Each of those names is a separate TLS handshake and a separate opportunity for your rule engine to match a different line than the one you thought applied to “Reddit.”

Community subscription bundles and region lists help, but they are not guaranteed to track Reddit’s vendor changes at the same pace the product team ships front-end updates. A rule-set that was almost right last quarter can still miss a new asset host or mis-order relative to your personal GEOIP,XX,DIRECT shortcuts. The safe operational habit is to give Reddit a first-class section in your own YAML: a small stack of DOMAIN-SUFFIX lines you own, ordered ahead of geography guesses, instead of hoping an opaque import happened to include every edge name you will hit during a scroll session.

There is also a process-level split familiar from other vendors: the browser might respect the system proxy while a helper tool, an old bookmarklet, or a native app uses its own DNS client. TUN mode can mask that gap for many programs, but TUN brings its own DNS integration story. The theme repeats across this site: name the traffic, align DNS with Fake-IP, and then read the log. For the underlying mechanics, keep Clash YAML: routing rules, proxy groups, and Fake-IP open as a reference while you tune Reddit.

Hostnames to pin: core site, short links, media, and API-shaped traffic

Start from suffix coverage that tracks how users actually experience Reddit. The primary registrable domain is reddit.com, including www, old, np (no-participation) variants people still type for workflows, and country-oriented subdomains if your account forces a locale hop. A single DOMAIN-SUFFIX,reddit.com,REDDIT line is the backbone rule: it catches the HTML shell, many API paths, and future subdomains the vendor adds without forcing you to fork your profile every month.

Short links are a distinct registrable domain: redd.it. Outbound links, marketing emails, and cross-posts often use that host even when the discussion page lives on reddit.com. If reddit.com is routed but redd.it is not, users see the precise “main site works, short links die” bug report that shows up in support forums. Add DOMAIN-SUFFIX,redd.it,REDDIT explicitly; do not assume it is folded into “social” imports.

Static assets and embeds frequently load from redditmedia.com and redditstatic.com families, including style and script hosts your browser needs to turn a sparse JSON response into a rendered thread. Image and video previews often appear on hostnames under redd.it (for example preview-style paths on the *.redd.it namespace) and may also touch additional media hosts as the player stack evolves. Cover the stable vendor suffixes first: DOMAIN-SUFFIX,redditmedia.com,REDDIT and DOMAIN-SUFFIX,redditstatic.com,REDDIT. When your connection panel shows a one-off third-party domain during playback, add a narrow rule only after logs prove it needs the same exit characteristics as core Reddit—blindly wildcarding unrelated CDNs clutters debugging.

Modern Reddit is API-driven. Browser sessions call GraphQL over HTTPS on names such as gql.reddit.com for many interactive operations. OAuth and account flows use additional hostname patterns under the same registrable domains. If your failure mode is specifically “shell renders, feeds never hydrate,” watch for GQL or gateway hosts in logs and confirm they inherit the same REDDIT policy group rather than an older “catch-all Proxy” bucket you forgot to tune.

Enterprise and campus networks occasionally layer split-horizon DNS or TLS inspection on top of Reddit’s own complexity. This guide assumes you legally route traffic you are permitted to carry. Corporate inspection that replaces certificates may break SPA sites independent of Clash; when only the office Wi-Fi fails, suspect policy boxes before your exit node.

Designing the REDDIT policy group

Create a proxy group whose job is carrying Reddit-associated flows. Label it REDDIT and reference that label from every Reddit rule you add. A select group is enough for deliberate manual choice; add fallback or url-test variants if you want automatic failover among exits that all support sustained HTTPS sessions. Attach health-check targets that respond quickly on HTTPS; keep intervals reasonable so your checks do not look like abusive probing.

Resist folding Reddit into an enormous “Foreign media” group unless you truly want identical semantics for unrelated sites. Separation costs one extra YAML block but buys clarity in connection logs: when only Reddit regresses after a subscription refresh, you adjust REDDIT without perturbing unrelated traffic. That separation mirrors what we recommend for other picky platforms on this blog: narrow groups, explicit names, fewer mysteries.

A minimal skeleton compatible with mihomo-style profiles could look like this:

proxy-groups:
  - name: REDDIT
    type: select
    proxies:
      - <your preferred exit node>
      - DIRECT

rules:
  - DOMAIN-SUFFIX,reddit.com,REDDIT
  - DOMAIN-SUFFIX,redd.it,REDDIT
  - DOMAIN-SUFFIX,redditmedia.com,REDDIT
  - DOMAIN-SUFFIX,redditstatic.com,REDDIT
  # Keep vendor-specific lines before broad GEOIP / MATCH fallbacks

Whether to keep DIRECT inside the group depends on your threat model. Some operators include it for controlled testing; others remove it to avoid accidental domestic paths. Document the choice in a comment so future profile edits do not reintroduce surprises.

Rule order: keep Reddit above GEOIP and heavy rule-sets

Clash evaluates rules in order and stops at the first match. Profiles tuned for regional performance often insert aggressive GEOIP lines or import large community collections. Global CDNs can carry Reddit traffic from addresses that do not line up with intuitive geography in third-party databases. The safe pattern is to place your explicit DOMAIN-SUFFIX Reddit stack in a dedicated section near the top of the vendor-specific part of the list, before imported RULE-SET entries that might swallow a hostname first, and well before broad shortcuts that send “domestic” traffic direct.

If you subscribe to a “social media” bundle, open it once and confirm which group it maps Reddit names to. If the upstream classification disagrees with your intent, shadow it by repeating your suffix lines above the import. Shadowing beats editing vendor files you do not control: your line wins on first match, and future bundle updates will not silently revert a personal preference.

For comparison with other split-tunnel patterns you may already use, scan split routing for AI sites for the same “explicit names before geography” discipline applied to a different vendor stack. The hostname list changes; the ordering philosophy does not.

Old Reddit, new Reddit, and third-party clients

Power users still force old.reddit.com for readability. That hostname sits under the reddit.com suffix rule, so you usually do not need an extra line unless your profile split subdomains in an unusual way. Third-party mobile clients and scripts may call documented OAuth endpoints; those calls should still terminate on names covered by your suffix rules if you implemented reddit.com broadly.

If a specific client hard-codes an IP or pins DNS outside Clash, domain rules cannot help until the traffic actually reaches the core. In that situation, TUN mode or per-app VPN features on mobile become relevant: the policy applies at the interface layer instead of hoping the app respected HTTP proxy settings it never read.

DNS, Fake-IP, and resolver alignment

Fake-IP mode hands clients synthetic addresses so Clash can defer resolution until it knows which rule matched. That design is elegant until a program queries public resolvers directly while still trying to connect through paths that assume Fake-IP semantics. For Reddit, verify that names like gql.reddit.com and redd.it are not stranded in a fake-ip-filter misconfiguration that sends some stacks to real resolvers while others stay in the synthetic pool.

Watch nameserver-policy and split DNS setups: if different resolvers return different address families or geolocated answers for the same name, you can get “random” failures that look like bad nodes. Keep resolver policy as boring and documented as your rule list. When in doubt, reproduce the issue with logging enabled, then adjust DNS once, not five times in parallel.

IPv6 paths add another wrinkle on dual-stack networks. If one address family routes through Clash and the other does not, symptoms look intermittent. Alignment beats superstition: either route the family you use consistently or disable the path you are not prepared to policy-route under your OS and profile combination.

TUN mode versus system proxy for browsers

System proxy mode is often enough for desktop browsers that honor OS settings, but Reddit’s SPA stack issues many parallel requests. TUN mode forces more processes through the core without relying on application cooperation. The tradeoff is complexity: TUN interacts with other VPNs, corporate split tunnels, and OS firewalls. On Windows, see Fix Clash TUN on Windows: routing, firewall, and stack conflicts when enabling TUN creates new issues rather than solving old ones. The Reddit domain rules themselves stay the same; only the delivery mechanism to the Clash listener changes.

Verification: logs first, browser second, node hopping last

Open your client’s live traffic or connection panel and reload Reddit. You want to see reddit.com, redd.it, redditmedia.com, redditstatic.com, and GraphQL-shaped hosts mapped to REDDIT, not drifting into GEOIP buckets or stale generic groups you have not curated in months. If anything shows DIRECT while similar names show REDDIT, reorder or extend coverage before blaming Reddit’s servers.

For a quick HTTPS sanity probe through your mixed port (adjust the port to your setup):

curl -I --proxy http://127.0.0.1:7890 https://www.reddit.com/ 2>&1 | head -20
curl -I --proxy http://127.0.0.1:7890 https://redd.it/ 2>&1 | head -20

HTTP status lines and TLS success tell you routing is fundamentally sound even when a rich SPA still misbehaves for unrelated reasons (extensions, blocking lists, script errors). Immediate connection refusal usually means the proxy port or namespace mismatch, not Reddit itself.

Mobile apps may log less clearly than desktop GUIs; when possible, test the same account in a desktop browser with logging visible so you isolate routing from app-specific quirks.

Quick symptom map

Intended use

This guide is written for lawful, transparent routing of Reddit traffic where you already have permission to reach the service. It does not condone circumventing Reddit’s terms, moderator actions, workplace acceptable-use policies, or regional restrictions your jurisdiction places on internet access.

Closing: fewer hostnames guessed, clearer logs

Reddit failures behind Clash are rarely mystical. They are usually a small set of predictable gaps: forgetting redd.it as a first-class suffix, under-covering Reddit CDN static families, or letting GEOIP shortcuts win before your explicit lines. Put the names in YAML, keep them above geography guesses, align DNS with Fake-IP, and let the connection log tell you which hostname still needs a home.

Compared with opaque clients that hide matches, Clash-family cores show which rule fired and which group carried the flow—the kind of feedback that turns a vague “comments never load” report into a configuration you can maintain. When you want installers and documentation in one place, open the download page first. → Download Clash for free and experience the difference.