优化细节

页面底部增加GoEdge官网和文档链接
优化升级提示文字
2021-10-10 20:17:40 +08:00 · 2021-10-10 16:38:45 +08:00 · 2021-10-10 16:33:27 +08:00 · 2021-10-10 16:30:21 +08:00 · 2021-10-10 10:52:58 +08:00 · 2021-10-10 10:35:14 +08:00
258 changed files with 9375 additions and 1555 deletions
--- a/build/build.sh
+++ b/build/build.sh
@@ -65,6 +65,8 @@ function build() {
 	# delete hidden files
 	find $DIST -name ".DS_Store" -delete
 	find $DIST -name ".gitignore" -delete
+	find $DIST -name "*.less" -delete
+	find $DIST -name "*.css.map" -delete

 	# zip
 	echo "zip files ..."
--- a/internal/configloaders/admin_module.go
+++ b/internal/configloaders/admin_module.go
@@ -182,7 +182,7 @@ func AllModuleMaps() []maps.Map {
 	}
 	if teaconst.IsPlus {
 		m = append(m, maps.Map{
-			"name": "自建DNS",
+			"name": "智能DNS",
 			"code": AdminModuleCodeNS,
 			"url":  "/ns",
 		})
--- a/internal/const/const.go
+++ b/internal/const/const.go
@@ -1,9 +1,9 @@
 package teaconst

 const (
-	Version = "0.3.1"
+	Version = "0.3.2"

-	APINodeVersion = "0.3.1"
+	APINodeVersion = "0.3.2"

 	ProductName   = "Edge Admin"
 	ProcessName   = "edge-admin"
--- a/internal/rpc/rpc_client.go
+++ b/internal/rpc/rpc_client.go
@@ -364,6 +364,14 @@ func (this *RPCClient) ACMETaskRPC() pb.ACMETaskServiceClient {
 	return pb.NewACMETaskServiceClient(this.pickConn())
 }

+func (this *RPCClient) ACMEProviderRPC() pb.ACMEProviderServiceClient {
+	return pb.NewACMEProviderServiceClient(this.pickConn())
+}
+
+func (this *RPCClient) ACMEProviderAccountRPC() pb.ACMEProviderAccountServiceClient {
+	return pb.NewACMEProviderAccountServiceClient(this.pickConn())
+}
+
 func (this *RPCClient) UserRPC() pb.UserServiceClient {
 	return pb.NewUserServiceClient(this.pickConn())
 }
--- a/internal/web/actions/default/clusters/cluster/node/nodeutils/utils.go
+++ b/internal/web/actions/default/clusters/cluster/node/nodeutils/utils.go
@@ -4,6 +4,7 @@ package nodeutils

 import (
 	"errors"
+	teaconst "github.com/TeaOSLab/EdgeAdmin/internal/const"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/iwind/TeaGo/maps"
@@ -49,7 +50,7 @@ func InitNodeInfo(parentAction *actionutils.ParentAction, nodeId int64) (*pb.Nod
 	var query = "clusterId=" + types.String(clusterId) + "&nodeId=" + types.String(nodeId)
 	var menuItem = parentAction.Data.GetString("secondMenuItem")

-	parentAction.Data["leftMenuItems"] = []maps.Map{
+	var menuItems = []maps.Map{
 		{
 			"name":     "基础设置",
 			"url":      prefix + "/update?" + query,
@@ -65,11 +66,17 @@ func InitNodeInfo(parentAction *actionutils.ParentAction, nodeId int64) (*pb.Nod
 			"url":      prefix + "/settings/cache?" + query,
 			"isActive": menuItem == "cache",
 		},
-		{
-			"name":     "阈值设置",
-			"url":      prefix + "/settings/thresholds?" + query,
-			"isActive": menuItem == "threshold",
-		},
+	}
+	if teaconst.IsPlus {
+		menuItems = append(menuItems, []maps.Map{
+			{
+				"name":     "阈值设置",
+				"url":      prefix + "/settings/thresholds?" + query,
+				"isActive": menuItem == "threshold",
+			},
+		}...)
+	}
+	menuItems = append(menuItems, []maps.Map{
 		{
 			"name":     "SSH设置",
 			"url":      prefix + "/settings/ssh?" + query,
@@ -80,7 +87,8 @@ func InitNodeInfo(parentAction *actionutils.ParentAction, nodeId int64) (*pb.Nod
 			"url":      prefix + "/settings/system?" + query,
 			"isActive": menuItem == "system",
 		},
-	}
+	}...)
+	parentAction.Data["leftMenuItems"] = menuItems

 	return nodeResp.Node, nil
 }
--- a/internal/web/actions/default/dashboard/index.go
+++ b/internal/web/actions/default/dashboard/index.go
@@ -55,13 +55,16 @@ func (this *IndexAction) RunPost(params struct{}) {
 	this.Data["dashboard"] = maps.Map{
 		"defaultClusterId": resp.DefaultNodeClusterId,

-		"countServers":      resp.CountServers,
-		"countNodeClusters": resp.CountNodeClusters,
-		"countNodes":        resp.CountNodes,
-		"countUsers":        resp.CountUsers,
-		"countAPINodes":     resp.CountAPINodes,
-		"countDBNodes":      resp.CountDBNodes,
-		"countUserNodes":    resp.CountUserNodes,
+		"countServers":          resp.CountServers,
+		"countNodeClusters":     resp.CountNodeClusters,
+		"countNodes":            resp.CountNodes,
+		"countOfflineNodes":     resp.CountOfflineNodes,
+		"countUsers":            resp.CountUsers,
+		"countAPINodes":         resp.CountAPINodes,
+		"countOfflineAPINodes":  resp.CountOfflineAPINodes,
+		"countDBNodes":          resp.CountDBNodes,
+		"countUserNodes":        resp.CountUserNodes,
+		"countOfflineUserNodes": resp.CountOfflineUserNodes,

 		"canGoServers":  configloaders.AllowModule(this.AdminId(), configloaders.AdminModuleCodeServer),
 		"canGoNodes":    configloaders.AllowModule(this.AdminId(), configloaders.AdminModuleCodeNode),
--- a/internal/web/actions/default/servers/addPortPopup.go
+++ b/internal/web/actions/default/servers/addPortPopup.go
@@ -5,6 +5,7 @@ import (
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
 	"github.com/iwind/TeaGo/actions"
 	"github.com/iwind/TeaGo/maps"
+	"github.com/iwind/TeaGo/types"
 	"regexp"
 	"strings"
 )
@@ -18,9 +19,10 @@ func (this *AddPortPopupAction) Init() {
 }

 func (this *AddPortPopupAction) RunGet(params struct {
-	ServerType string
-	Protocol   string
-	From       string
+	ServerType   string
+	Protocol     string
+	From         string
+	SupportRange bool
 }) {
 	this.Data["from"] = params.From

@@ -36,10 +38,14 @@ func (this *AddPortPopupAction) RunGet(params struct {
 	}
 	this.Data["protocols"] = protocols

+	this.Data["supportRange"] = params.SupportRange
+
 	this.Show()
 }

 func (this *AddPortPopupAction) RunPost(params struct {
+	SupportRange bool
+
 	Protocol string
 	Address  string

@@ -50,26 +56,69 @@ func (this *AddPortPopupAction) RunPost(params struct {
 		"protocol":  params.Protocol,
 		"host":      "",
 		"portRange": "",
+		"minPort":   0,
+		"maxPort":   0,
 	}

-	// TODO 判断端口不能小于1
-	// TODO 判断端口号不能大于65535
-
-	digitRegexp := regexp.MustCompile(`^\d+$`)
-	if digitRegexp.MatchString(params.Address) {
-		addr["portRange"] = params.Address
-	} else if strings.Contains(params.Address, ":") {
+	var portRegexp = regexp.MustCompile(`^\d+$`)
+	if portRegexp.MatchString(params.Address) { // 单个端口
+		addr["portRange"] = this.checkPort(params.Address)
+	} else if params.SupportRange && regexp.MustCompile(`^\d+\s*-\s*\d+$`).MatchString(params.Address) { // Port1-Port2
+		addr["portRange"], addr["minPort"], addr["maxPort"] = this.checkPortRange(params.Address)
+	} else if strings.Contains(params.Address, ":") { // IP:Port
 		index := strings.LastIndex(params.Address, ":")
 		addr["host"] = strings.TrimSpace(params.Address[:index])
 		port := strings.TrimSpace(params.Address[index+1:])
-		if !digitRegexp.MatchString(port) {
-			this.Fail("端口只能是一个数字")
+		if portRegexp.MatchString(port) {
+			addr["portRange"] = this.checkPort(port)
+		} else if params.SupportRange && regexp.MustCompile(`^\d+\s*-\s*\d+$`).MatchString(port) { // Port1-Port2
+			addr["portRange"], addr["minPort"], addr["maxPort"] = this.checkPortRange(port)
+		} else {
+			this.FailField("address", "请输入正确的端口或者网络地址")
 		}
-		addr["portRange"] = port
 	} else {
-		this.Fail("请输入正确的端口或者网络地址")
+		this.FailField("address", "请输入正确的端口或者网络地址")
 	}

 	this.Data["address"] = addr
 	this.Success()
 }
+
+func (this *AddPortPopupAction) checkPort(port string) (portRange string) {
+	var intPort = types.Int(port)
+	if intPort < 1 {
+		this.FailField("address", "端口号不能小于1")
+	}
+	if intPort > 65535 {
+		this.FailField("address", "端口号不能大于65535")
+	}
+	return port
+}
+
+func (this *AddPortPopupAction) checkPortRange(port string) (portRange string, minPort int, maxPort int) {
+	var pieces = strings.Split(port, "-")
+	var piece1 = strings.TrimSpace(pieces[0])
+	var piece2 = strings.TrimSpace(pieces[1])
+	var port1 = types.Int(piece1)
+	var port2 = types.Int(piece2)
+
+	if port1 < 1 {
+		this.FailField("address", "端口号不能小于1")
+	}
+	if port1 > 65535 {
+		this.FailField("address", "端口号不能大于65535")
+	}
+
+	if port2 < 1 {
+		this.FailField("address", "端口号不能小于1")
+	}
+	if port2 > 65535 {
+		this.FailField("address", "端口号不能大于65535")
+	}
+
+	if port1 > port2 {
+		port1, port2 = port2, port1
+	}
+
+	return types.String(port1) + "-" + types.String(port2), port1, port2
+}
--- a/internal/web/actions/default/servers/certs/acme/accounts/createPopup.go
+++ b/internal/web/actions/default/servers/certs/acme/accounts/createPopup.go
@@ -0,0 +1,100 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package accounts
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/maps"
+)
+
+type CreatePopupAction struct {
+	actionutils.ParentAction
+}
+
+func (this *CreatePopupAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *CreatePopupAction) RunGet(params struct {
+	ProviderCode string
+}) {
+	this.Data["providerCode"] = params.ProviderCode
+
+	// 服务商列表
+	providersResp, err := this.RPC().ACMEProviderRPC().FindAllACMEProviders(this.AdminContext(), &pb.FindAllACMEProvidersRequest{})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	var providerMaps = []maps.Map{}
+	for _, provider := range providersResp.AcmeProviders {
+		providerMaps = append(providerMaps, maps.Map{
+			"name":           provider.Name,
+			"code":           provider.Code,
+			"description":    provider.Description,
+			"requireEAB":     provider.RequireEAB,
+			"eabDescription": provider.EabDescription,
+		})
+	}
+
+	this.Data["providers"] = providerMaps
+
+	this.Show()
+}
+
+func (this *CreatePopupAction) RunPost(params struct {
+	Name         string
+	ProviderCode string
+	EabKid       string
+	EabKey       string
+
+	Must *actions.Must
+	CSRF *actionutils.CSRF
+}) {
+	var accountId int64
+	defer func() {
+		this.CreateLogInfo("创建ACME服务商账号 %d", accountId)
+	}()
+
+	params.Must.
+		Field("name", params.Name).
+		Require("请输入账号名称").
+		Field("providerCode", params.ProviderCode).
+		Require("请选择服务商")
+
+	providerResp, err := this.RPC().ACMEProviderRPC().FindACMEProviderWithCode(this.AdminContext(), &pb.FindACMEProviderWithCodeRequest{AcmeProviderCode: params.ProviderCode})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	var provider = providerResp.AcmeProvider
+	if provider == nil {
+		this.Fail("请选择服务商")
+	}
+
+	if provider.RequireEAB {
+		params.Must.
+			Field("eabKid", params.EabKid).
+			Require("请输入EAB Kid").
+			Field("eabKey", params.EabKey).
+			Require("请输入EAB HMAC Key")
+	}
+
+	createResp, err := this.RPC().ACMEProviderAccountRPC().CreateACMEProviderAccount(this.AdminContext(), &pb.CreateACMEProviderAccountRequest{
+		Name:         params.Name,
+		ProviderCode: params.ProviderCode,
+		EabKid:       params.EabKid,
+		EabKey:       params.EabKey,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	accountId = createResp.AcmeProviderAccountId
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/certs/acme/accounts/delete.go
+++ b/internal/web/actions/default/servers/certs/acme/accounts/delete.go
@@ -0,0 +1,26 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package accounts
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+)
+
+type DeleteAction struct {
+	actionutils.ParentAction
+}
+
+func (this *DeleteAction) RunPost(params struct {
+	AccountId int64
+}) {
+	defer this.CreateLogInfo("删除ACME服务商账号 %d", params.AccountId)
+
+	_, err := this.RPC().ACMEProviderAccountRPC().DeleteACMEProviderAccount(this.AdminContext(), &pb.DeleteACMEProviderAccountRequest{AcmeProviderAccountId: params.AccountId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/certs/acme/accounts/index.go
+++ b/internal/web/actions/default/servers/certs/acme/accounts/index.go
@@ -0,0 +1,61 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package accounts
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/maps"
+)
+
+type IndexAction struct {
+	actionutils.ParentAction
+}
+
+func (this *IndexAction) Init() {
+	this.Nav("", "", "account")
+}
+
+func (this *IndexAction) RunGet(params struct{}) {
+	countResp, err := this.RPC().ACMEProviderAccountRPC().CountAllEnabledACMEProviderAccounts(this.AdminContext(), &pb.CountAllEnabledACMEProviderAccountsRequest{})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	var count = countResp.Count
+	var page = this.NewPage(count)
+	this.Data["page"] = page.AsHTML()
+
+	accountsResp, err := this.RPC().ACMEProviderAccountRPC().ListEnabledACMEProviderAccounts(this.AdminContext(), &pb.ListEnabledACMEProviderAccountsRequest{
+		Offset: page.Offset,
+		Size:   page.Size,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	var accountMaps = []maps.Map{}
+	for _, account := range accountsResp.AcmeProviderAccounts {
+		var providerMap maps.Map
+		if account.AcmeProvider != nil {
+			providerMap = maps.Map{
+				"name":       account.AcmeProvider.Name,
+				"code":       account.AcmeProvider.Code,
+				"requireEAB": account.AcmeProvider.RequireEAB,
+			}
+		}
+
+		accountMaps = append(accountMaps, maps.Map{
+			"id":       account.Id,
+			"isOn":     account.IsOn,
+			"name":     account.Name,
+			"eabKid":   account.EabKid,
+			"eabKey":   account.EabKey,
+			"provider": providerMap,
+		})
+	}
+	this.Data["accounts"] = accountMaps
+
+	this.Show()
+}
--- a/internal/web/actions/default/servers/certs/acme/accounts/updatePopup.go
+++ b/internal/web/actions/default/servers/certs/acme/accounts/updatePopup.go
@@ -0,0 +1,108 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package accounts
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/maps"
+)
+
+type UpdatePopupAction struct {
+	actionutils.ParentAction
+}
+
+func (this *UpdatePopupAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *UpdatePopupAction) RunGet(params struct {
+	AccountId int64
+}) {
+	// 账号信息
+	accountResp, err := this.RPC().ACMEProviderAccountRPC().FindEnabledACMEProviderAccount(this.AdminContext(), &pb.FindEnabledACMEProviderAccountRequest{AcmeProviderAccountId: params.AccountId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	var account = accountResp.AcmeProviderAccount
+	if account == nil {
+		this.NotFound("ACMEProviderAccount", params.AccountId)
+		return
+	}
+
+	var providerMap maps.Map
+	if account.AcmeProvider != nil {
+		providerMap = maps.Map{
+			"name":           account.AcmeProvider.Name,
+			"code":           account.AcmeProvider.Code,
+			"description":    account.AcmeProvider.Description,
+			"eabDescription": account.AcmeProvider.EabDescription,
+			"requireEAB":     account.AcmeProvider.RequireEAB,
+		}
+	}
+
+	this.Data["account"] = maps.Map{
+		"id":           account.Id,
+		"name":         account.Name,
+		"isOn":         account.IsOn,
+		"providerCode": account.ProviderCode,
+		"eabKid":       account.EabKid,
+		"eabKey":       account.EabKey,
+		"provider":     providerMap,
+	}
+
+	this.Show()
+}
+
+func (this *UpdatePopupAction) RunPost(params struct {
+	AccountId    int64
+	Name         string
+	ProviderCode string
+	EabKid       string
+	EabKey       string
+
+	Must *actions.Must
+	CSRF *actionutils.CSRF
+}) {
+	defer this.CreateLogInfo("修改ACME服务商账号 %d", params.AccountId)
+
+	params.Must.
+		Field("name", params.Name).
+		Require("请输入账号名称").
+		Field("providerCode", params.ProviderCode).
+		Require("请选择服务商")
+
+	providerResp, err := this.RPC().ACMEProviderRPC().FindACMEProviderWithCode(this.AdminContext(), &pb.FindACMEProviderWithCodeRequest{AcmeProviderCode: params.ProviderCode})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	var provider = providerResp.AcmeProvider
+	if provider == nil {
+		this.Fail("请选择服务商")
+	}
+
+	if provider.RequireEAB {
+		params.Must.
+			Field("eabKid", params.EabKid).
+			Require("请输入EAB Kid").
+			Field("eabKey", params.EabKey).
+			Require("请输入EAB HMAC Key")
+	}
+
+	_, err = this.RPC().ACMEProviderAccountRPC().UpdateACMEProviderAccount(this.AdminContext(), &pb.UpdateACMEProviderAccountRequest{
+		AcmeProviderAccountId: params.AccountId,
+		Name:                  params.Name,
+		EabKid:                params.EabKid,
+		EabKey:                params.EabKey,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/certs/acme/create.go
+++ b/internal/web/actions/default/servers/certs/acme/create.go
@@ -35,15 +35,31 @@ func (this *CreateAction) RunGet(params struct{}) {
 		}

 		userMaps = append(userMaps, maps.Map{
-			"id":          user.Id,
-			"description": description,
-			"email":       user.Email,
+			"id":           user.Id,
+			"description":  description,
+			"email":        user.Email,
+			"providerCode": user.AcmeProviderCode,
 		})
 	}
 	this.Data["users"] = userMaps

+	// 证书服务商
+	providersResp, err := this.RPC().ACMEProviderRPC().FindAllACMEProviders(this.AdminContext(), &pb.FindAllACMEProvidersRequest{})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	var providerMaps = []maps.Map{}
+	for _, provider := range providersResp.AcmeProviders {
+		providerMaps = append(providerMaps, maps.Map{
+			"name": provider.Name,
+			"code": provider.Code,
+		})
+	}
+	this.Data["providers"] = providerMaps
+
 	// 域名解析服务商
-	providersResp, err := this.RPC().DNSProviderRPC().FindAllEnabledDNSProviders(this.AdminContext(), &pb.FindAllEnabledDNSProvidersRequest{
+	dnsProvidersResp, err := this.RPC().DNSProviderRPC().FindAllEnabledDNSProviders(this.AdminContext(), &pb.FindAllEnabledDNSProvidersRequest{
 		AdminId: this.AdminId(),
 		UserId:  0,
 	})
@@ -51,15 +67,15 @@ func (this *CreateAction) RunGet(params struct{}) {
 		this.ErrorPage(err)
 		return
 	}
-	providerMaps := []maps.Map{}
-	for _, provider := range providersResp.DnsProviders {
-		providerMaps = append(providerMaps, maps.Map{
+	dnsProviderMaps := []maps.Map{}
+	for _, provider := range dnsProvidersResp.DnsProviders {
+		dnsProviderMaps = append(dnsProviderMaps, maps.Map{
 			"id":       provider.Id,
 			"name":     provider.Name,
 			"typeName": provider.TypeName,
 		})
 	}
-	this.Data["providers"] = providerMaps
+	this.Data["dnsProviders"] = dnsProviderMaps

 	this.Show()
 }
--- a/internal/web/actions/default/servers/certs/acme/index.go
+++ b/internal/web/actions/default/servers/certs/acme/index.go
@@ -136,6 +136,26 @@ func (this *IndexAction) RunGet(params struct {
 		if task.AcmeUser == nil {
 			continue
 		}
+
+		// 服务商
+		var providerMap maps.Map
+		if task.AcmeUser.AcmeProvider != nil {
+			providerMap = maps.Map{
+				"name": task.AcmeUser.AcmeProvider.Name,
+				"code": task.AcmeUser.AcmeProvider.Code,
+			}
+		}
+
+		// 账号
+		var accountMap maps.Map
+		if task.AcmeUser.AcmeProviderAccount != nil {
+			accountMap = maps.Map{
+				"id":   task.AcmeUser.AcmeProviderAccount.Id,
+				"name": task.AcmeUser.AcmeProviderAccount.Name,
+			}
+		}
+
+		// DNS服务商
 		dnsProviderMap := maps.Map{}
 		if task.AuthType == "dns" && task.DnsProvider != nil {
 			dnsProviderMap = maps.Map{
@@ -170,8 +190,10 @@ func (this *IndexAction) RunGet(params struct {
 			"id":       task.Id,
 			"authType": task.AuthType,
 			"acmeUser": maps.Map{
-				"id":    task.AcmeUser.Id,
-				"email": task.AcmeUser.Email,
+				"id":       task.AcmeUser.Id,
+				"email":    task.AcmeUser.Email,
+				"provider": providerMap,
+				"account":  accountMap,
 			},
 			"dnsProvider": dnsProviderMap,
 			"dnsDomain":   task.DnsDomain,
--- a/internal/web/actions/default/servers/certs/acme/users/accountsWithCode.go
+++ b/internal/web/actions/default/servers/certs/acme/users/accountsWithCode.go
@@ -0,0 +1,33 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package users
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/maps"
+)
+
+type AccountsWithCodeAction struct {
+	actionutils.ParentAction
+}
+
+func (this *AccountsWithCodeAction) RunPost(params struct {
+	Code string
+}) {
+	accountsResp, err := this.RPC().ACMEProviderAccountRPC().FindAllACMEProviderAccountsWithProviderCode(this.AdminContext(), &pb.FindAllACMEProviderAccountsWithProviderCodeRequest{AcmeProviderCode: params.Code})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	var accountMaps = []maps.Map{}
+	for _, account := range accountsResp.AcmeProviderAccounts {
+		accountMaps = append(accountMaps, maps.Map{
+			"id":   account.Id,
+			"name": account.Name,
+		})
+	}
+	this.Data["accounts"] = accountMaps
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/certs/acme/users/createPopup.go
+++ b/internal/web/actions/default/servers/certs/acme/users/createPopup.go
@@ -16,12 +16,30 @@ func (this *CreatePopupAction) Init() {
 }

 func (this *CreatePopupAction) RunGet(params struct{}) {
+	// 服务商
+	providersResp, err := this.RPC().ACMEProviderRPC().FindAllACMEProviders(this.AdminContext(), &pb.FindAllACMEProvidersRequest{})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	var providerMaps = []maps.Map{}
+	for _, provider := range providersResp.AcmeProviders {
+		providerMaps = append(providerMaps, maps.Map{
+			"code":       provider.Code,
+			"name":       provider.Name,
+			"requireEAB": provider.RequireEAB,
+		})
+	}
+	this.Data["providers"] = providerMaps
+
 	this.Show()
 }

 func (this *CreatePopupAction) RunPost(params struct {
-	Email       string
-	Description string
+	Email        string
+	ProviderCode string
+	AccountId    int64
+	Description  string

 	Must *actions.Must
 	CSRF *actionutils.CSRF
@@ -29,11 +47,44 @@ func (this *CreatePopupAction) RunPost(params struct {
 	params.Must.
 		Field("email", params.Email).
 		Require("请输入邮箱").
-		Email("请输入正确的邮箱格式")
+		Email("请输入正确的邮箱格式").
+		Field("providerCode", params.ProviderCode).
+		Require("请选择所属服务商")
+
+	providerResp, err := this.RPC().ACMEProviderRPC().FindACMEProviderWithCode(this.AdminContext(), &pb.FindACMEProviderWithCodeRequest{
+		AcmeProviderCode: params.ProviderCode,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if providerResp.AcmeProvider == nil {
+		this.Fail("找不到要选择的证书")
+	}
+	if providerResp.AcmeProvider.RequireEAB {
+		if params.AccountId <= 0 {
+			this.Fail("此服务商要求必须选择或创建服务商账号")
+		}
+
+		// 同一个账号只能有一个用户
+		countResp, err := this.RPC().ACMEUserRPC().
+			CountACMEUsers(this.AdminContext(), &pb.CountAcmeUsersRequest{
+				AcmeProviderAccountId: params.AccountId,
+			})
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		if countResp.Count > 0 {
+			this.Fail("此服务商账号已被别的用户使用，请换成别的账号")
+		}
+	}

 	createResp, err := this.RPC().ACMEUserRPC().CreateACMEUser(this.AdminContext(), &pb.CreateACMEUserRequest{
-		Email:       params.Email,
-		Description: params.Description,
+		Email:                 params.Email,
+		Description:           params.Description,
+		AcmeProviderCode:      params.ProviderCode,
+		AcmeProviderAccountId: params.AccountId,
 	})
 	if err != nil {
 		this.ErrorPage(err)
@@ -42,9 +93,10 @@ func (this *CreatePopupAction) RunPost(params struct {

 	// 返回数据
 	this.Data["acmeUser"] = maps.Map{
-		"id":          createResp.AcmeUserId,
-		"description": params.Description,
-		"email":       params.Email,
+		"id":           createResp.AcmeUserId,
+		"description":  params.Description,
+		"email":        params.Email,
+		"providerCode": params.ProviderCode,
 	}

 	// 日志
--- a/internal/web/actions/default/servers/certs/acme/users/index.go
+++ b/internal/web/actions/default/servers/certs/acme/users/index.go
@@ -40,11 +40,31 @@ func (this *IndexAction) RunGet(params struct{}) {
 	}
 	userMaps := []maps.Map{}
 	for _, user := range usersResp.AcmeUsers {
+		// 服务商
+		var providerMap maps.Map
+		if user.AcmeProvider != nil {
+			providerMap = maps.Map{
+				"name": user.AcmeProvider.Name,
+				"code": user.AcmeProvider.Code,
+			}
+		}
+
+		// 账号
+		var accountMap maps.Map
+		if user.AcmeProviderAccount != nil {
+			accountMap = maps.Map{
+				"id":   user.AcmeProviderAccount.Id,
+				"name": user.AcmeProviderAccount.Name,
+			}
+		}
+
 		userMaps = append(userMaps, maps.Map{
 			"id":          user.Id,
 			"email":       user.Email,
 			"description": user.Description,
 			"createdTime": timeutil.FormatTime("Y-m-d H:i:s", user.CreatedAt),
+			"provider":    providerMap,
+			"account":     accountMap,
 		})
 	}
 	this.Data["users"] = userMaps
--- a/internal/web/actions/default/servers/certs/acme/users/updatePopup.go
+++ b/internal/web/actions/default/servers/certs/acme/users/updatePopup.go
@@ -29,10 +29,30 @@ func (this *UpdatePopupAction) RunGet(params struct {
 		return
 	}

+	// 服务商
+	var providerMap maps.Map
+	if user.AcmeProvider != nil {
+		providerMap = maps.Map{
+			"name": user.AcmeProvider.Name,
+			"code": user.AcmeProvider.Code,
+		}
+	}
+
+	// 账号
+	var accountMap maps.Map
+	if user.AcmeProviderAccount != nil {
+		accountMap = maps.Map{
+			"id":   user.AcmeProviderAccount.Id,
+			"name": user.AcmeProviderAccount.Name,
+		}
+	}
+
 	this.Data["user"] = maps.Map{
 		"id":          user.Id,
 		"email":       user.Email,
 		"description": user.Description,
+		"provider":    providerMap,
+		"account":     accountMap,
 	}

 	this.Show()
--- a/internal/web/actions/default/servers/certs/init.go
+++ b/internal/web/actions/default/servers/certs/init.go
@@ -3,6 +3,7 @@ package certs
 import (
 	"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/certs/acme"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/certs/acme/accounts"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/certs/acme/users"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/helpers"
 	"github.com/iwind/TeaGo"
@@ -13,9 +14,7 @@ func init() {
 		server.
 			Helper(helpers.NewUserMustAuth(configloaders.AdminModuleCodeServer)).
 			Helper(NewHelper()).
-
 			Data("teaSubMenu", "cert").
-
 			Prefix("/servers/certs").
 			Data("leftMenuItem", "cert").
 			Get("", new(IndexAction)).
@@ -31,7 +30,7 @@ func init() {
 			Get("/selectPopup", new(SelectPopupAction)).
 			Get("/datajs", new(DatajsAction)).

-			// ACME
+			// ACME任务
 			Prefix("/servers/certs/acme").
 			Data("leftMenuItem", "acme").
 			Get("", new(acme.IndexAction)).
@@ -40,13 +39,23 @@ func init() {
 			GetPost("/updateTaskPopup", new(acme.UpdateTaskPopupAction)).
 			Post("/deleteTask", new(acme.DeleteTaskAction)).

+			// ACME用户
 			Prefix("/servers/certs/acme/users").
 			Get("", new(users.IndexAction)).
 			GetPost("/createPopup", new(users.CreatePopupAction)).
 			GetPost("/updatePopup", new(users.UpdatePopupAction)).
 			Post("/delete", new(users.DeleteAction)).
 			GetPost("/selectPopup", new(users.SelectPopupAction)).
+			Post("/accountsWithCode", new(users.AccountsWithCodeAction)).

+			// ACME账号
+			Prefix("/servers/certs/acme/accounts").
+			Get("", new(accounts.IndexAction)).
+			GetPost("/createPopup", new(accounts.CreatePopupAction)).
+			GetPost("/updatePopup", new(accounts.UpdatePopupAction)).
+			Post("/delete", new(accounts.DeleteAction)).
+
+			//
 			EndAll()
 	})
 }
--- a/internal/web/actions/default/servers/certs/updatePopup.go
+++ b/internal/web/actions/default/servers/certs/updatePopup.go
@@ -7,6 +7,7 @@ import (
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/sslconfigs"
 	"github.com/iwind/TeaGo/actions"
+	timeutil "github.com/iwind/TeaGo/utils/time"
 )

 type UpdatePopupAction struct {
@@ -45,6 +46,8 @@ func (this *UpdatePopupAction) RunGet(params struct {
 func (this *UpdatePopupAction) RunPost(params struct {
 	CertId int64

+	TextMode bool
+
 	Name        string
 	IsCA        bool
 	Description string
@@ -53,6 +56,9 @@ func (this *UpdatePopupAction) RunPost(params struct {
 	CertFile *actions.File
 	KeyFile  *actions.File

+	CertText string
+	KeyText  string
+
 	Must *actions.Must
 }) {
 	// 创建日志
@@ -82,18 +88,31 @@ func (this *UpdatePopupAction) RunPost(params struct {
 		Field("name", params.Name).
 		Require("请输入证书说明")

-	if params.CertFile != nil {
-		certConfig.CertData, err = params.CertFile.Read()
-		if err != nil {
-			this.Fail("读取证书文件内容错误，请重新上传")
+	if params.TextMode {
+		if len(params.CertText) > 0 {
+			certConfig.CertData = []byte(params.CertText)
 		}
-	}

-	if !params.IsCA {
-		if params.KeyFile != nil {
-			certConfig.KeyData, err = params.KeyFile.Read()
+		if !params.IsCA {
+			if len(params.KeyText) > 0 {
+				certConfig.KeyData = []byte(params.KeyText)
+			}
+		}
+	} else {
+
+		if params.CertFile != nil {
+			certConfig.CertData, err = params.CertFile.Read()
 			if err != nil {
-				this.Fail("读取密钥文件内容错误，请重新上传")
+				this.FailField("certFile", "读取证书文件内容错误，请重新上传")
+			}
+		}
+
+		if !params.IsCA {
+			if params.KeyFile != nil {
+				certConfig.KeyData, err = params.KeyFile.Read()
+				if err != nil {
+					this.FailField("keyFile", "读取私钥文件内容错误，请重新上传")
+				}
 			}
 		}
 	}
@@ -109,6 +128,10 @@ func (this *UpdatePopupAction) RunPost(params struct {
 		}
 	}

+	if len(timeutil.Format("Y", certConfig.TimeEnd())) != 4 {
+		this.Fail("证书格式错误：无法读取到证书有效期")
+	}
+
 	// 保存
 	_, err = this.RPC().SSLCertRPC().UpdateSSLCert(this.AdminContext(), &pb.UpdateSSLCertRequest{
 		SslCertId:   params.CertId,
--- a/internal/web/actions/default/servers/certs/uploadPopup.go
+++ b/internal/web/actions/default/servers/certs/uploadPopup.go
@@ -7,6 +7,7 @@ import (
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/sslconfigs"
 	"github.com/iwind/TeaGo/actions"
+	timeutil "github.com/iwind/TeaGo/utils/time"
 )

 type UploadPopupAction struct {
@@ -22,6 +23,7 @@ func (this *UploadPopupAction) RunGet(params struct{}) {
 }

 func (this *UploadPopupAction) RunPost(params struct {
+	TextMode    bool
 	Name        string
 	IsCA        bool
 	Description string
@@ -30,6 +32,9 @@ func (this *UploadPopupAction) RunPost(params struct {
 	CertFile *actions.File
 	KeyFile  *actions.File

+	CertText string
+	KeyText  string
+
 	Must *actions.Must
 }) {
 	params.Must.
@@ -39,22 +44,37 @@ func (this *UploadPopupAction) RunPost(params struct {
 	certData := []byte{}
 	keyData := []byte{}

-	if params.CertFile == nil {
-		this.Fail("请选择要上传的证书文件")
-	}
-	var err error
-	certData, err = params.CertFile.Read()
-	if err != nil {
-		this.Fail("读取证书文件内容错误，请重新上传")
-	}
+	if params.TextMode {
+		if len(params.CertText) == 0 {
+			this.FailField("certText", "请输入证书内容")
+		}

-	if !params.IsCA {
-		if params.KeyFile == nil {
-			this.Fail("请选择要上传的私钥文件")
-		} else {
-			keyData, err = params.KeyFile.Read()
-			if err != nil {
-				this.Fail("读取密钥文件内容错误，请重新上传")
+		if !params.IsCA {
+			if len(params.KeyText) == 0 {
+				this.FailField("keyText", "请输入私钥内容")
+			}
+		}
+
+		certData = []byte(params.CertText)
+		keyData = []byte(params.KeyText)
+	} else {
+		if params.CertFile == nil {
+			this.FailField("certFile", "请选择要上传的证书文件")
+		}
+		var err error
+		certData, err = params.CertFile.Read()
+		if err != nil {
+			this.FailField("certFile", "读取证书文件内容错误，请重新上传")
+		}
+
+		if !params.IsCA {
+			if params.KeyFile == nil {
+				this.FailField("keyFile", "请选择要上传的私钥文件")
+			} else {
+				keyData, err = params.KeyFile.Read()
+				if err != nil {
+					this.FailField("keyFile", "读取密钥文件内容错误，请重新上传")
+				}
 			}
 		}
 	}
@@ -65,7 +85,7 @@ func (this *UploadPopupAction) RunPost(params struct {
 		CertData: certData,
 		KeyData:  keyData,
 	}
-	err = sslConfig.Init()
+	err := sslConfig.Init()
 	if err != nil {
 		if params.IsCA {
 			this.Fail("证书校验错误：" + err.Error())
@@ -73,6 +93,9 @@ func (this *UploadPopupAction) RunPost(params struct {
 			this.Fail("证书或密钥校验错误：" + err.Error())
 		}
 	}
+	if len(timeutil.Format("Y", sslConfig.TimeEnd())) != 4 {
+		this.Fail("证书格式错误：无法读取到证书有效期")
+	}

 	// 保存
 	createResp, err := this.RPC().SSLCertRPC().CreateSSLCert(this.AdminContext(), &pb.CreateSSLCertRequest{
--- a/internal/web/actions/default/servers/components/waf/group.go
+++ b/internal/web/actions/default/servers/components/waf/group.go
@@ -73,6 +73,14 @@ func (this *GroupAction) RunGet(params struct {
 			"name": set.Name,
 			"rules": lists.Map(set.Rules, func(k int, v interface{}) interface{} {
 				rule := v.(*firewallconfigs.HTTPFirewallRule)
+
+				// 校验
+				var errString = ""
+				var err = rule.Init()
+				if err != nil {
+					errString = err.Error()
+				}
+
 				return maps.Map{
 					"param":             rule.Param,
 					"paramFilters":      rule.ParamFilters,
@@ -81,6 +89,7 @@ func (this *GroupAction) RunGet(params struct {
 					"isCaseInsensitive": rule.IsCaseInsensitive,
 					"isComposed":        firewallconfigs.CheckCheckpointIsComposed(rule.Prefix()),
 					"checkpointOptions": rule.CheckpointOptions,
+					"err":               errString,
 				}
 			}),
 			"isOn":      set.IsOn,
--- a/internal/web/actions/default/servers/components/waf/index.go
+++ b/internal/web/actions/default/servers/components/waf/index.go
@@ -70,10 +70,17 @@ func (this *IndexAction) RunGet(params struct {
 		}
 		countClusters := countClustersResp.Count

+		// mode
+		if len(policy.Mode) == 0 {
+			policy.Mode = firewallconfigs.FirewallModeDefend
+		}
+
 		policyMaps = append(policyMaps, maps.Map{
 			"id":            policy.Id,
 			"isOn":          policy.IsOn,
 			"name":          policy.Name,
+			"mode":          policy.Mode,
+			"modeInfo":      firewallconfigs.FindFirewallMode(policy.Mode),
 			"countInbound":  countInbound,
 			"countOutbound": countOutbound,
 			"countClusters": countClusters,
--- a/internal/web/actions/default/servers/components/waf/policy.go
+++ b/internal/web/actions/default/servers/components/waf/policy.go
@@ -4,6 +4,7 @@ import (
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
 	"github.com/iwind/TeaGo/maps"
 )

@@ -46,11 +47,17 @@ func (this *PolicyAction) RunGet(params struct {
 		}
 	}

+	// 模式
+	if len(firewallPolicy.Mode) == 0 {
+		firewallPolicy.Mode = firewallconfigs.FirewallModeDefend
+	}
 	this.Data["firewallPolicy"] = maps.Map{
 		"id":           firewallPolicy.Id,
 		"name":         firewallPolicy.Name,
 		"isOn":         firewallPolicy.IsOn,
 		"description":  firewallPolicy.Description,
+		"mode":         firewallPolicy.Mode,
+		"modeInfo":     firewallconfigs.FindFirewallMode(firewallPolicy.Mode),
 		"groups":       internalGroups,
 		"blockOptions": firewallPolicy.BlockOptions,
 	}
--- a/internal/web/actions/default/servers/components/waf/update.go
+++ b/internal/web/actions/default/servers/components/waf/update.go
@@ -1,6 +1,7 @@
 package waf

 import (
+	"encoding/json"
 	"github.com/TeaOSLab/EdgeAdmin/internal/oplogs"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
@@ -37,14 +38,22 @@ func (this *UpdateAction) RunGet(params struct {
 			StatusCode: http.StatusForbidden,
 			Body:       "Blocked By WAF",
 			URL:        "",
+			Timeout:    60,
 		}
 	}

+	// mode
+	if len(firewallPolicy.Mode) == 0 {
+		firewallPolicy.Mode = firewallconfigs.FirewallModeDefend
+	}
+	this.Data["modes"] = firewallconfigs.FindAllFirewallModes()
+
 	this.Data["firewallPolicy"] = maps.Map{
 		"id":           firewallPolicy.Id,
 		"name":         firewallPolicy.Name,
 		"description":  firewallPolicy.Description,
 		"isOn":         firewallPolicy.IsOn,
+		"mode":         firewallPolicy.Mode,
 		"blockOptions": firewallPolicy.BlockOptions,
 	}

@@ -77,6 +86,7 @@ func (this *UpdateAction) RunPost(params struct {
 	BlockOptionsJSON []byte
 	Description      string
 	IsOn             bool
+	Mode             string

 	Must *actions.Must
 }) {
@@ -87,13 +97,21 @@ func (this *UpdateAction) RunPost(params struct {
 		Field("name", params.Name).
 		Require("请输入策略名称")

-	_, err := this.RPC().HTTPFirewallPolicyRPC().UpdateHTTPFirewallPolicy(this.AdminContext(), &pb.UpdateHTTPFirewallPolicyRequest{
+	// 校验JSON
+	var blockOptions = &firewallconfigs.HTTPFirewallBlockAction{}
+	err := json.Unmarshal(params.BlockOptionsJSON, blockOptions)
+	if err != nil {
+		this.Fail("拦截动作参数校验失败：" + err.Error())
+	}
+
+	_, err = this.RPC().HTTPFirewallPolicyRPC().UpdateHTTPFirewallPolicy(this.AdminContext(), &pb.UpdateHTTPFirewallPolicyRequest{
 		HttpFirewallPolicyId: params.FirewallPolicyId,
 		IsOn:                 params.IsOn,
 		Name:                 params.Name,
 		Description:          params.Description,
 		FirewallGroupCodes:   params.GroupCodes,
 		BlockOptionsJSON:     params.BlockOptionsJSON,
+		Mode:                 params.Mode,
 	})
 	if err != nil {
 		this.ErrorPage(err)
--- a/internal/web/actions/default/servers/groups/group/servergrouputils/utils.go
+++ b/internal/web/actions/default/servers/groups/group/servergrouputils/utils.go
@@ -4,6 +4,7 @@ package servergrouputils

 import (
 	"errors"
+	teaconst "github.com/TeaOSLab/EdgeAdmin/internal/const"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/iwind/TeaGo/maps"
@@ -35,75 +36,115 @@ func InitGroup(parent *actionutils.ParentAction, groupId int64, menuItem string)
 		}

 		var urlPrefix = "/servers/groups/group/settings"
-		parent.Data["leftMenuItems"] = []maps.Map{
-			/**{
-				"name":     "Web设置",
-				"url":      urlPrefix + "/web?groupId=" + types.String(groupId),
-				"isActive": menuItem == "web",
-			},**/
+		var leftMenuItems = []maps.Map{
 			{
-				"name":     "HTTP反向代理",
+				"name":     "HTTP代理",
 				"url":      urlPrefix + "/httpReverseProxy?groupId=" + types.String(groupId),
 				"isActive": menuItem == "httpReverseProxy",
 				"isOn":     configInfoResp.HasHTTPReverseProxy,
 			},
 			{
-				"name":     "TCP反向代理",
+				"name":     "TCP代理",
 				"url":      urlPrefix + "/tcpReverseProxy?groupId=" + types.String(groupId),
 				"isActive": menuItem == "tcpReverseProxy",
 				"isOn":     configInfoResp.HasTCPReverseProxy,
 			},
 			{
-				"name":     "UDP反向代理",
+				"name":     "UDP代理",
 				"url":      urlPrefix + "/udpReverseProxy?groupId=" + types.String(groupId),
 				"isActive": menuItem == "udpReverseProxy",
 				"isOn":     configInfoResp.HasUDPReverseProxy,
 			},
-			/**{
-				"name": "-",
-				"url":  "",
-			},
-			{
-				"name":     "WAF",
-				"url":      urlPrefix + "/waf?groupId=" + types.String(groupId),
-				"isActive": menuItem == "waf",
-			},
-			{
-				"name":     "缓存",
-				"url":      urlPrefix + "/cache?groupId=" + types.String(groupId),
-				"isActive": menuItem == "cache",
-			},
-			{
-				"name":     "访问日志",
-				"url":      urlPrefix + "/accessLog?groupId=" + types.String(groupId),
-				"isActive": menuItem == "accessLog",
-			},
-			{
-				"name":     "统计",
-				"url":      urlPrefix + "/stat?groupId=" + types.String(groupId),
-				"isActive": menuItem == "stat",
-			},
-			{
-				"name":     "Gzip压缩",
-				"url":      urlPrefix + "/gzip?groupId=" + types.String(groupId),
-				"isActive": menuItem == "gzip",
-			},
-			{
-				"name":     "特殊页面",
-				"url":      urlPrefix + "/pages?groupId=" + types.String(groupId),
-				"isActive": menuItem == "page",
-			},
-			{
-				"name":     "HTTP Header",
-				"url":      urlPrefix + "/headers?groupId=" + types.String(groupId),
-				"isActive": menuItem == "header",
-			},
-			{
-				"name":     "Websocket",
-				"url":      urlPrefix + "/websocket?groupId=" + types.String(groupId),
-				"isActive": menuItem == "websocket",
-			},**/
 		}
+
+		if teaconst.IsPlus {
+			leftMenuItems = append([]maps.Map{
+				{
+					"name":     "Web设置",
+					"url":      urlPrefix + "/web?groupId=" + types.String(groupId),
+					"isActive": menuItem == "web",
+					"isOn":     configInfoResp.HasRootConfig,
+				},
+			}, leftMenuItems...)
+			leftMenuItems = append(leftMenuItems, []maps.Map{
+				{
+					"name": "-",
+					"url":  "",
+				},
+				{
+					"name":     "WAF",
+					"url":      urlPrefix + "/waf?groupId=" + types.String(groupId),
+					"isActive": menuItem == "waf",
+					"isOn":     configInfoResp.HasWAFConfig,
+				},
+				{
+					"name":     "缓存",
+					"url":      urlPrefix + "//cache?groupId=" + types.String(groupId),
+					"isActive": menuItem == "cache",
+					"isOn":     configInfoResp.HasCacheConfig,
+				},
+				{
+					"name":     "字符编码",
+					"url":      urlPrefix + "/charset?groupId=" + types.String(groupId),
+					"isActive": menuItem == "charset",
+					"isOn":     configInfoResp.HasCharsetConfig,
+				},
+				{
+					"name":     "访问日志",
+					"url":      urlPrefix + "/accessLog?groupId=" + types.String(groupId),
+					"isActive": menuItem == "accessLog",
+					"isOn":     configInfoResp.HasAccessLogConfig,
+				},
+				{
+					"name":     "统计",
+					"url":      urlPrefix + "/stat?groupId=" + types.String(groupId),
+					"isActive": menuItem == "stat",
+					"isOn":     configInfoResp.HasStatConfig,
+				},
+				{
+					"name":     "内容压缩",
+					"url":      urlPrefix + "/compression?groupId=" + types.String(groupId),
+					"isActive": menuItem == "compression",
+					"isOn":     configInfoResp.HasCompressionConfig,
+				},
+				{
+					"name":     "特殊页面",
+					"url":      urlPrefix + "/pages?groupId=" + types.String(groupId),
+					"isActive": menuItem == "pages",
+					"isOn":     configInfoResp.HasPagesConfig,
+				},
+				{
+					"name":     "HTTP Header",
+					"url":      urlPrefix + "/headers?groupId=" + types.String(groupId),
+					"isActive": menuItem == "headers",
+					"isOn":     configInfoResp.HasRequestHeadersConfig || configInfoResp.HasResponseHeadersConfig,
+				},
+				{
+					"name":     "Websocket",
+					"url":      urlPrefix + "/websocket?groupId=" + types.String(groupId),
+					"isActive": menuItem == "websocket",
+					"isOn":     configInfoResp.HasWebsocketConfig,
+				},
+				{
+					"name":     "WebP",
+					"url":      urlPrefix + "/webp?groupId=" + types.String(groupId),
+					"isActive": menuItem == "webp",
+					"isOn":     configInfoResp.HasWebPConfig,
+				},
+			}...)
+		}
+
+		leftMenuItems = append(leftMenuItems, maps.Map{
+			"name": "-",
+			"url":  "",
+		})
+		leftMenuItems = append(leftMenuItems, maps.Map{
+			"name":     "访客IP地址",
+			"url":      urlPrefix + "/remoteAddr?groupId=" + types.String(groupId),
+			"isActive": menuItem == "remoteAddr",
+			"isOn":     configInfoResp.HasRemoteAddrConfig,
+		})
+		parent.Data["leftMenuItems"] = leftMenuItems
 	}

 	return group, nil
--- a/internal/web/actions/default/servers/groups/group/settings/accessLog/index.go
+++ b/internal/web/actions/default/servers/groups/group/settings/accessLog/index.go
@@ -0,0 +1,68 @@
+package accessLog
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/oplogs"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/groups/group/servergrouputils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
+	"github.com/iwind/TeaGo/actions"
+)
+
+type IndexAction struct {
+	actionutils.ParentAction
+}
+
+func (this *IndexAction) Init() {
+	this.Nav("", "setting", "index")
+	this.SecondMenu("accessLog")
+}
+
+func (this *IndexAction) RunGet(params struct {
+	GroupId int64
+}) {
+	_, err := servergrouputils.InitGroup(this.Parent(), params.GroupId, "accessLog")
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	// 获取配置
+	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerGroupId(this.AdminContext(), params.GroupId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Data["webId"] = webConfig.Id
+	this.Data["accessLogConfig"] = webConfig.AccessLogRef
+
+	// 通用变量
+	this.Data["fields"] = serverconfigs.HTTPAccessLogFields
+	this.Data["defaultFieldCodes"] = serverconfigs.HTTPAccessLogDefaultFieldsCodes
+
+	this.Show()
+}
+
+func (this *IndexAction) RunPost(params struct {
+	WebId         int64
+	AccessLogJSON []byte
+
+	Must *actions.Must
+}) {
+	// 日志
+	defer this.CreateLog(oplogs.LevelInfo, "修改Web %d 的访问日志设置", params.WebId)
+
+	// TODO 检查参数
+
+	_, err := this.RPC().HTTPWebRPC().UpdateHTTPWebAccessLog(this.AdminContext(), &pb.UpdateHTTPWebAccessLogRequest{
+		WebId:         params.WebId,
+		AccessLogJSON: params.AccessLogJSON,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/groups/group/settings/accessLog/init.go
+++ b/internal/web/actions/default/servers/groups/group/settings/accessLog/init.go
@@ -0,0 +1,19 @@
+package accessLog
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/helpers"
+	"github.com/iwind/TeaGo"
+)
+
+func init() {
+	TeaGo.BeforeStart(func(server *TeaGo.Server) {
+		server.
+			Helper(helpers.NewUserMustAuth(configloaders.AdminModuleCodeServer)).
+			Data("teaMenu", "servers").
+			Data("teaSubMenu", "group").
+			Prefix("/servers/groups/group/settings/accessLog").
+			GetPost("", new(IndexAction)).
+			EndAll()
+	})
+}
--- a/internal/web/actions/default/servers/groups/group/settings/cache/index.go
+++ b/internal/web/actions/default/servers/groups/group/settings/cache/index.go
@@ -0,0 +1,88 @@
+package cache
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/oplogs"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/groups/group/servergrouputils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
+	"github.com/iwind/TeaGo/actions"
+)
+
+type IndexAction struct {
+	actionutils.ParentAction
+}
+
+func (this *IndexAction) Init() {
+	this.Nav("", "setting", "index")
+	this.SecondMenu("cache")
+}
+
+func (this *IndexAction) RunGet(params struct {
+	GroupId int64
+}) {
+	_, err := servergrouputils.InitGroup(this.Parent(), params.GroupId, "cache")
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerGroupId(this.AdminContext(), params.GroupId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Data["webId"] = webConfig.Id
+	this.Data["cacheConfig"] = webConfig.Cache
+
+	this.Data["cachePolicy"] = nil
+
+	this.Show()
+}
+
+func (this *IndexAction) RunPost(params struct {
+	WebId     int64
+	CacheJSON []byte
+
+	Must *actions.Must
+}) {
+	// 日志
+	defer this.CreateLog(oplogs.LevelInfo, "修改Web %d 的缓存设置", params.WebId)
+
+	// 校验配置
+	cacheConfig := &serverconfigs.HTTPCacheConfig{}
+	err := json.Unmarshal(params.CacheJSON, cacheConfig)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	err = cacheConfig.Init()
+	if err != nil {
+		this.Fail("检查配置失败：" + err.Error())
+	}
+
+	// 去除不必要的部分
+	for _, cacheRef := range cacheConfig.CacheRefs {
+		cacheRef.CachePolicy = nil
+	}
+
+	cacheJSON, err := json.Marshal(cacheConfig)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	_, err = this.RPC().HTTPWebRPC().UpdateHTTPWebCache(this.AdminContext(), &pb.UpdateHTTPWebCacheRequest{
+		WebId:     params.WebId,
+		CacheJSON: cacheJSON,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/groups/group/settings/cache/init.go
+++ b/internal/web/actions/default/servers/groups/group/settings/cache/init.go
@@ -0,0 +1,21 @@
+package cache
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/helpers"
+	"github.com/iwind/TeaGo"
+)
+
+func init() {
+	TeaGo.BeforeStart(func(server *TeaGo.Server) {
+		server.
+			Helper(helpers.NewUserMustAuth(configloaders.AdminModuleCodeServer)).
+			Data("teaMenu", "servers").
+			Data("teaSubMenu", "group").
+			Prefix("/servers/groups/group/settings/cache").
+			GetPost("", new(IndexAction)).
+			GetPost("/purge", new(PurgeAction)).
+			GetPost("/preheat", new(PreheatAction)).
+			EndAll()
+	})
+}
--- a/internal/web/actions/default/servers/groups/group/settings/cache/preheat.go
+++ b/internal/web/actions/default/servers/groups/group/settings/cache/preheat.go
@@ -0,0 +1,143 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package cache
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/oplogs"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/nodes/nodeutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/messageconfigs"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/lists"
+	"strings"
+)
+
+type PreheatAction struct {
+	actionutils.ParentAction
+}
+
+func (this *PreheatAction) Init() {
+	this.Nav("", "setting", "preheat")
+	this.SecondMenu("cache")
+}
+
+func (this *PreheatAction) RunGet(params struct {
+	ServerId int64
+}) {
+	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerId(this.AdminContext(), params.ServerId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Data["webId"] = webConfig.Id
+	this.Data["webConfig"] = webConfig
+
+	this.Show()
+}
+
+func (this *PreheatAction) RunPost(params struct {
+	ServerId int64
+	WebId    int64
+	Keys     string
+
+	Must *actions.Must
+}) {
+
+	// 创建日志
+	defer this.CreateLog(oplogs.LevelInfo, "预热服务 %d 缓存", params.ServerId)
+
+	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithId(this.AdminContext(), params.WebId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if webConfig == nil {
+		this.NotFound("httpWeb", params.WebId)
+		return
+	}
+	var cache = webConfig.Cache
+	if cache == nil || !cache.IsOn {
+		this.Fail("当前没有开启缓存")
+	}
+
+	serverResp, err := this.RPC().ServerRPC().FindEnabledUserServerBasic(this.AdminContext(), &pb.FindEnabledUserServerBasicRequest{ServerId: params.ServerId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	var server = serverResp.Server
+	if server == nil || server.NodeCluster == nil {
+		this.NotFound("server", params.ServerId)
+		return
+	}
+
+	var clusterId = server.NodeCluster.Id
+
+	clusterResp, err := this.RPC().NodeClusterRPC().FindEnabledNodeCluster(this.AdminContext(), &pb.FindEnabledNodeClusterRequest{NodeClusterId: clusterId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	var cluster = clusterResp.NodeCluster
+	if cluster == nil {
+		this.NotFound("nodeCluster", clusterId)
+		return
+	}
+	var cachePolicyId = cluster.HttpCachePolicyId
+	if cachePolicyId == 0 {
+		this.Fail("当前集群没有设置缓存策略")
+	}
+
+	cachePolicyResp, err := this.RPC().HTTPCachePolicyRPC().FindEnabledHTTPCachePolicyConfig(this.AdminContext(), &pb.FindEnabledHTTPCachePolicyConfigRequest{HttpCachePolicyId: cachePolicyId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	cachePolicyJSON := cachePolicyResp.HttpCachePolicyJSON
+	if len(cachePolicyJSON) == 0 {
+		this.Fail("找不到要操作的缓存策略")
+	}
+
+	if len(params.Keys) == 0 {
+		this.Fail("请输入要预热的Key列表")
+	}
+
+	realKeys := []string{}
+	for _, key := range strings.Split(params.Keys, "\n") {
+		key = strings.TrimSpace(key)
+		if len(key) == 0 {
+			continue
+		}
+		if lists.ContainsString(realKeys, key) {
+			continue
+		}
+		realKeys = append(realKeys, key)
+	}
+
+	// 发送命令
+	msg := &messageconfigs.PreheatCacheMessage{
+		CachePolicyJSON: cachePolicyJSON,
+		Keys:            realKeys,
+	}
+	results, err := nodeutils.SendMessageToCluster(this.AdminContext(), clusterId, messageconfigs.MessageCodePreheatCache, msg, 300)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	isAllOk := true
+	for _, result := range results {
+		if !result.IsOK {
+			isAllOk = false
+			break
+		}
+	}
+
+	this.Data["isAllOk"] = isAllOk
+	this.Data["results"] = results
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/groups/group/settings/cache/purge.go
+++ b/internal/web/actions/default/servers/groups/group/settings/cache/purge.go
@@ -0,0 +1,149 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package cache
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/oplogs"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/nodes/nodeutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/messageconfigs"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/lists"
+	"strings"
+)
+
+type PurgeAction struct {
+	actionutils.ParentAction
+}
+
+func (this *PurgeAction) Init() {
+	this.Nav("", "setting", "purge")
+	this.SecondMenu("cache")
+}
+
+func (this *PurgeAction) RunGet(params struct {
+	ServerId int64
+}) {
+	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerId(this.AdminContext(), params.ServerId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Data["webId"] = webConfig.Id
+	this.Data["webConfig"] = webConfig
+
+	this.Show()
+}
+
+func (this *PurgeAction) RunPost(params struct {
+	ServerId int64
+	WebId    int64
+	Type     string
+	Keys     string
+
+	Must *actions.Must
+}) {
+
+	// 创建日志
+	defer this.CreateLog(oplogs.LevelInfo, "删除服务 %d 缓存", params.ServerId)
+
+	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithId(this.AdminContext(), params.WebId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if webConfig == nil {
+		this.NotFound("httpWeb", params.WebId)
+		return
+	}
+	var cache = webConfig.Cache
+	if cache == nil || !cache.IsOn {
+		this.Fail("当前没有开启缓存")
+	}
+
+	serverResp, err := this.RPC().ServerRPC().FindEnabledUserServerBasic(this.AdminContext(), &pb.FindEnabledUserServerBasicRequest{ServerId: params.ServerId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	var server = serverResp.Server
+	if server == nil || server.NodeCluster == nil {
+		this.NotFound("server", params.ServerId)
+		return
+	}
+
+	var clusterId = server.NodeCluster.Id
+
+	clusterResp, err := this.RPC().NodeClusterRPC().FindEnabledNodeCluster(this.AdminContext(), &pb.FindEnabledNodeClusterRequest{NodeClusterId: clusterId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	var cluster = clusterResp.NodeCluster
+	if cluster == nil {
+		this.NotFound("nodeCluster", clusterId)
+		return
+	}
+	var cachePolicyId = cluster.HttpCachePolicyId
+	if cachePolicyId == 0 {
+		this.Fail("当前集群没有设置缓存策略")
+	}
+
+	cachePolicyResp, err := this.RPC().HTTPCachePolicyRPC().FindEnabledHTTPCachePolicyConfig(this.AdminContext(), &pb.FindEnabledHTTPCachePolicyConfigRequest{HttpCachePolicyId: cachePolicyId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	cachePolicyJSON := cachePolicyResp.HttpCachePolicyJSON
+	if len(cachePolicyJSON) == 0 {
+		this.Fail("找不到要操作的缓存策略")
+	}
+
+	if len(params.Keys) == 0 {
+		this.Fail("请输入要删除的Key列表")
+	}
+
+	realKeys := []string{}
+	for _, key := range strings.Split(params.Keys, "\n") {
+		key = strings.TrimSpace(key)
+		if len(key) == 0 {
+			continue
+		}
+		if lists.ContainsString(realKeys, key) {
+			continue
+		}
+		realKeys = append(realKeys, key)
+	}
+
+	// 发送命令
+	msg := &messageconfigs.PurgeCacheMessage{
+		CachePolicyJSON: cachePolicyJSON,
+		Keys:            realKeys,
+	}
+	if params.Type == "prefix" {
+		msg.Type = messageconfigs.PurgeCacheMessageTypeDir
+	} else {
+		msg.Type = messageconfigs.PurgeCacheMessageTypeFile
+	}
+	results, err := nodeutils.SendMessageToCluster(this.AdminContext(), clusterId, messageconfigs.MessageCodePurgeCache, msg, 10)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	isAllOk := true
+	for _, result := range results {
+		if !result.IsOK {
+			isAllOk = false
+			break
+		}
+	}
+
+	this.Data["isAllOk"] = isAllOk
+	this.Data["results"] = results
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/groups/group/settings/charset/index.go
+++ b/internal/web/actions/default/servers/groups/group/settings/charset/index.go
@@ -0,0 +1,64 @@
+package charset
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/oplogs"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/groups/group/servergrouputils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/configutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/actions"
+)
+
+type IndexAction struct {
+	actionutils.ParentAction
+}
+
+func (this *IndexAction) Init() {
+	this.Nav("", "setting", "index")
+	this.SecondMenu("charset")
+}
+
+func (this *IndexAction) RunGet(params struct {
+	GroupId int64
+}) {
+	_, err := servergrouputils.InitGroup(this.Parent(), params.GroupId, "charset")
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerGroupId(this.AdminContext(), params.GroupId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Data["webId"] = webConfig.Id
+	this.Data["charsetConfig"] = webConfig.Charset
+
+	this.Data["usualCharsets"] = configutils.UsualCharsets
+	this.Data["allCharsets"] = configutils.AllCharsets
+
+	this.Show()
+}
+
+func (this *IndexAction) RunPost(params struct {
+	WebId       int64
+	CharsetJSON []byte
+
+	Must *actions.Must
+}) {
+	defer this.CreateLog(oplogs.LevelInfo, "修改Web %d 的字符集设置", params.WebId)
+
+	_, err := this.RPC().HTTPWebRPC().UpdateHTTPWebCharset(this.AdminContext(), &pb.UpdateHTTPWebCharsetRequest{
+		WebId:       params.WebId,
+		CharsetJSON: params.CharsetJSON,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/groups/group/settings/charset/init.go
+++ b/internal/web/actions/default/servers/groups/group/settings/charset/init.go
@@ -0,0 +1,19 @@
+package charset
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/helpers"
+	"github.com/iwind/TeaGo"
+)
+
+func init() {
+	TeaGo.BeforeStart(func(server *TeaGo.Server) {
+		server.
+			Helper(helpers.NewUserMustAuth(configloaders.AdminModuleCodeServer)).
+			Data("teaMenu", "servers").
+			Data("teaSubMenu", "group").
+			Prefix("/servers/groups/group/settings/charset").
+			GetPost("", new(IndexAction)).
+			EndAll()
+	})
+}
--- a/internal/web/actions/default/servers/groups/group/settings/compression/index.go
+++ b/internal/web/actions/default/servers/groups/group/settings/compression/index.go
@@ -0,0 +1,78 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package compression
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/groups/group/servergrouputils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
+	"github.com/iwind/TeaGo/actions"
+)
+
+type IndexAction struct {
+	actionutils.ParentAction
+}
+
+func (this *IndexAction) Init() {
+	this.Nav("", "setting", "index")
+	this.SecondMenu("compression")
+}
+
+func (this *IndexAction) RunGet(params struct {
+	GroupId int64
+}) {
+	_, err := servergrouputils.InitGroup(this.Parent(), params.GroupId, "compression")
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	// WebId
+	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerGroupId(this.AdminContext(), params.GroupId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Data["webId"] = webConfig.Id
+
+	this.Data["compressionConfig"] = webConfig.Compression
+
+	this.Show()
+}
+
+func (this *IndexAction) RunPost(params struct {
+	WebId           int64
+	CompressionJSON []byte
+
+	Must *actions.Must
+	CSRF *actionutils.CSRF
+}) {
+	defer this.CreateLogInfo("修改Web %d 的压缩设置", params.WebId)
+
+	// 校验配置
+	var compressionConfig = &serverconfigs.HTTPCompressionConfig{}
+	err := json.Unmarshal(params.CompressionJSON, compressionConfig)
+	if err != nil {
+		this.Fail("配置校验失败：" + err.Error())
+	}
+
+	err = compressionConfig.Init()
+	if err != nil {
+		this.Fail("配置校验失败：" + err.Error())
+	}
+
+	_, err = this.RPC().HTTPWebRPC().UpdateHTTPWebCompression(this.AdminContext(), &pb.UpdateHTTPWebCompressionRequest{
+		WebId:           params.WebId,
+		CompressionJSON: params.CompressionJSON,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/groups/group/settings/compression/init.go
+++ b/internal/web/actions/default/servers/groups/group/settings/compression/init.go
@@ -0,0 +1,19 @@
+package compression
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/helpers"
+	"github.com/iwind/TeaGo"
+)
+
+func init() {
+	TeaGo.BeforeStart(func(server *TeaGo.Server) {
+		server.
+			Helper(helpers.NewUserMustAuth(configloaders.AdminModuleCodeServer)).
+			Data("teaMenu", "servers").
+			Data("teaSubMenu", "group").
+			Prefix("/servers/groups/group/settings/compression").
+			GetPost("", new(IndexAction)).
+			EndAll()
+	})
+}
--- a/internal/web/actions/default/servers/groups/group/settings/headers/index.go
+++ b/internal/web/actions/default/servers/groups/group/settings/headers/index.go
@@ -0,0 +1,158 @@
+package headers
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/groups/group/servergrouputils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/shared"
+	"github.com/iwind/TeaGo/actions"
+)
+
+type IndexAction struct {
+	actionutils.ParentAction
+}
+
+func (this *IndexAction) Init() {
+	this.Nav("", "setting", "index")
+	this.SecondMenu("header")
+}
+
+func (this *IndexAction) RunGet(params struct {
+	GroupId int64
+}) {
+	_, err := servergrouputils.InitGroup(this.Parent(), params.GroupId, "headers")
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerGroupId(this.AdminContext(), params.GroupId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	webId := webConfig.Id
+	this.Data["webId"] = webId
+
+	isChanged := false
+	if webConfig.RequestHeaderPolicy == nil {
+		createHeaderPolicyResp, err := this.RPC().HTTPHeaderPolicyRPC().CreateHTTPHeaderPolicy(this.AdminContext(), &pb.CreateHTTPHeaderPolicyRequest{})
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		headerPolicyId := createHeaderPolicyResp.HeaderPolicyId
+		ref := &shared.HTTPHeaderPolicyRef{
+			IsPrior:        false,
+			IsOn:           true,
+			HeaderPolicyId: headerPolicyId,
+		}
+		refJSON, err := json.Marshal(ref)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		_, err = this.RPC().HTTPWebRPC().UpdateHTTPWebRequestHeader(this.AdminContext(), &pb.UpdateHTTPWebRequestHeaderRequest{
+			WebId:      webId,
+			HeaderJSON: refJSON,
+		})
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		isChanged = true
+	}
+	if webConfig.ResponseHeaderPolicy == nil {
+		createHeaderPolicyResp, err := this.RPC().HTTPHeaderPolicyRPC().CreateHTTPHeaderPolicy(this.AdminContext(), &pb.CreateHTTPHeaderPolicyRequest{})
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		headerPolicyId := createHeaderPolicyResp.HeaderPolicyId
+		ref := &shared.HTTPHeaderPolicyRef{
+			IsPrior:        false,
+			IsOn:           true,
+			HeaderPolicyId: headerPolicyId,
+		}
+		refJSON, err := json.Marshal(ref)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		_, err = this.RPC().HTTPWebRPC().UpdateHTTPWebResponseHeader(this.AdminContext(), &pb.UpdateHTTPWebResponseHeaderRequest{
+			WebId:      webId,
+			HeaderJSON: refJSON,
+		})
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		isChanged = true
+	}
+
+	// 重新获取配置
+	if isChanged {
+		webConfig, err = dao.SharedHTTPWebDAO.FindWebConfigWithServerGroupId(this.AdminContext(), params.GroupId)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+	}
+
+	this.Data["requestHeaderRef"] = webConfig.RequestHeaderPolicyRef
+	this.Data["requestHeaderPolicy"] = webConfig.RequestHeaderPolicy
+	this.Data["responseHeaderRef"] = webConfig.ResponseHeaderPolicyRef
+	this.Data["responseHeaderPolicy"] = webConfig.ResponseHeaderPolicy
+
+	this.Show()
+}
+
+func (this *IndexAction) RunPost(params struct {
+	WebId              int64
+	Type               string
+	RequestHeaderJSON  []byte
+	ResponseHeaderJSON []byte
+
+	Must *actions.Must
+}) {
+	defer this.CreateLogInfo("修改Web %d 的Header设置", params.WebId)
+
+	switch params.Type {
+	case "request":
+		// 检查配置
+		var requestHeaderRef = &shared.HTTPHeaderPolicyRef{}
+		err := json.Unmarshal(params.RequestHeaderJSON, requestHeaderRef)
+		if err != nil {
+			this.Fail("请求Header配置校验失败：" + err.Error() + ", JSON: " + string(params.RequestHeaderJSON))
+		}
+
+		_, err = this.RPC().HTTPWebRPC().UpdateHTTPWebRequestHeader(this.AdminContext(), &pb.UpdateHTTPWebRequestHeaderRequest{
+			WebId:      params.WebId,
+			HeaderJSON: params.RequestHeaderJSON,
+		})
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+	case "response":
+		// 校验配置
+		var responseHeaderRef = &shared.HTTPHeaderPolicyRef{}
+		err := json.Unmarshal(params.ResponseHeaderJSON, responseHeaderRef)
+		if err != nil {
+			this.Fail("响应Header配置校验失败：" + err.Error() + ", JSON: " + string(params.ResponseHeaderJSON))
+		}
+
+		_, err = this.RPC().HTTPWebRPC().UpdateHTTPWebResponseHeader(this.AdminContext(), &pb.UpdateHTTPWebResponseHeaderRequest{
+			WebId:      params.WebId,
+			HeaderJSON: params.ResponseHeaderJSON,
+		})
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/groups/group/settings/headers/init.go
+++ b/internal/web/actions/default/servers/groups/group/settings/headers/init.go
@@ -0,0 +1,19 @@
+package headers
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/helpers"
+	"github.com/iwind/TeaGo"
+)
+
+func init() {
+	TeaGo.BeforeStart(func(server *TeaGo.Server) {
+		server.
+			Helper(helpers.NewUserMustAuth(configloaders.AdminModuleCodeServer)).
+			Data("teaMenu", "servers").
+			Data("teaSubMenu", "group").
+			Prefix("/servers/groups/group/settings/headers").
+			GetPost("", new(IndexAction)).
+			EndAll()
+	})
+}
--- a/internal/web/actions/default/servers/groups/group/settings/index/index.go
+++ b/internal/web/actions/default/servers/groups/group/settings/index/index.go
@@ -3,6 +3,7 @@
 package reverseProxy

 import (
+	teaconst "github.com/TeaOSLab/EdgeAdmin/internal/const"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
 	"github.com/iwind/TeaGo/types"
 )
@@ -18,6 +19,10 @@ func (this *IndexAction) Init() {
 func (this *IndexAction) RunGet(params struct {
 	GroupId int64
 }) {
-	this.RedirectURL("/servers/groups/group/settings/httpReverseProxy?groupId=" + types.String(params.GroupId))
+	if teaconst.IsPlus {
+		this.RedirectURL("/servers/groups/group/settings/web?groupId=" + types.String(params.GroupId))
+	} else {
+		this.RedirectURL("/servers/groups/group/settings/httpReverseProxy?groupId=" + types.String(params.GroupId))
+	}
 	return
 }
--- a/internal/web/actions/default/servers/groups/group/settings/pages/index.go
+++ b/internal/web/actions/default/servers/groups/group/settings/pages/index.go
@@ -0,0 +1,73 @@
+package pages
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/oplogs"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/groups/group/servergrouputils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/actions"
+)
+
+type IndexAction struct {
+	actionutils.ParentAction
+}
+
+func (this *IndexAction) Init() {
+	this.Nav("", "setting", "index")
+	this.SecondMenu("pages")
+}
+
+func (this *IndexAction) RunGet(params struct {
+	GroupId int64
+}) {
+	_, err := servergrouputils.InitGroup(this.Parent(), params.GroupId, "pages")
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerGroupId(this.AdminContext(), params.GroupId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Data["webId"] = webConfig.Id
+	this.Data["pages"] = webConfig.Pages
+	this.Data["shutdownConfig"] = webConfig.Shutdown
+
+	this.Show()
+}
+
+func (this *IndexAction) RunPost(params struct {
+	WebId        int64
+	PagesJSON    string
+	ShutdownJSON string
+	Must         *actions.Must
+}) {
+	// 日志
+	defer this.CreateLog(oplogs.LevelInfo, "修改Web %d 的设置", params.WebId)
+
+	// TODO 检查配置
+
+	_, err := this.RPC().HTTPWebRPC().UpdateHTTPWebPages(this.AdminContext(), &pb.UpdateHTTPWebPagesRequest{
+		WebId:     params.WebId,
+		PagesJSON: []byte(params.PagesJSON),
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	_, err = this.RPC().HTTPWebRPC().UpdateHTTPWebShutdown(this.AdminContext(), &pb.UpdateHTTPWebShutdownRequest{
+		WebId:        params.WebId,
+		ShutdownJSON: []byte(params.ShutdownJSON),
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/groups/group/settings/pages/init.go
+++ b/internal/web/actions/default/servers/groups/group/settings/pages/init.go
@@ -0,0 +1,19 @@
+package pages
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/helpers"
+	"github.com/iwind/TeaGo"
+)
+
+func init() {
+	TeaGo.BeforeStart(func(server *TeaGo.Server) {
+		server.
+			Helper(helpers.NewUserMustAuth(configloaders.AdminModuleCodeServer)).
+			Data("teaMenu", "servers").
+			Data("teaSubMenu", "group").
+			Prefix("/servers/groups/group/settings/pages").
+			GetPost("", new(IndexAction)).
+			EndAll()
+	})
+}
--- a/internal/web/actions/default/servers/groups/group/settings/remoteAddr/index.go
+++ b/internal/web/actions/default/servers/groups/group/settings/remoteAddr/index.go
@@ -0,0 +1,68 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package remoteAddr
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/groups/group/servergrouputils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
+	"github.com/iwind/TeaGo/actions"
+)
+
+type IndexAction struct {
+	actionutils.ParentAction
+}
+
+func (this *IndexAction) Init() {
+	this.Nav("", "setting", "index")
+	this.SecondMenu("remoteAddr")
+}
+
+func (this *IndexAction) RunGet(params struct {
+	GroupId int64
+}) {
+	_, err := servergrouputils.InitGroup(this.Parent(), params.GroupId, "remoteAddr")
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerGroupId(this.AdminContext(), params.GroupId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Data["webId"] = webConfig.Id
+	this.Data["remoteAddrConfig"] = webConfig.RemoteAddr
+
+	this.Show()
+}
+
+func (this *IndexAction) RunPost(params struct {
+	WebId          int64
+	RemoteAddrJSON []byte
+
+	Must *actions.Must
+	CSRF *actionutils.CSRF
+}) {
+	var remoteAddrConfig = &serverconfigs.HTTPRemoteAddrConfig{}
+	err := json.Unmarshal(params.RemoteAddrJSON, remoteAddrConfig)
+	if err != nil {
+		this.Fail("参数校验失败：" + err.Error())
+	}
+
+	_, err = this.RPC().HTTPWebRPC().UpdateHTTPWebRemoteAddr(this.AdminContext(), &pb.UpdateHTTPWebRemoteAddrRequest{
+		WebId:          params.WebId,
+		RemoteAddrJSON: params.RemoteAddrJSON,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/groups/group/settings/remoteAddr/init.go
+++ b/internal/web/actions/default/servers/groups/group/settings/remoteAddr/init.go
@@ -0,0 +1,19 @@
+package remoteAddr
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/helpers"
+	"github.com/iwind/TeaGo"
+)
+
+func init() {
+	TeaGo.BeforeStart(func(server *TeaGo.Server) {
+		server.
+			Helper(helpers.NewUserMustAuth(configloaders.AdminModuleCodeServer)).
+			Data("teaMenu", "servers").
+			Data("teaSubMenu", "group").
+			Prefix("/servers/groups/group/settings/remoteAddr").
+			GetPost("", new(IndexAction)).
+			EndAll()
+	})
+}
--- a/internal/web/actions/default/servers/groups/group/settings/stat/index.go
+++ b/internal/web/actions/default/servers/groups/group/settings/stat/index.go
@@ -0,0 +1,60 @@
+package stat
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/groups/group/servergrouputils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/actions"
+)
+
+type IndexAction struct {
+	actionutils.ParentAction
+}
+
+func (this *IndexAction) Init() {
+	this.Nav("", "setting", "index")
+	this.SecondMenu("stat")
+}
+
+func (this *IndexAction) RunGet(params struct {
+	GroupId int64
+}) {
+	_, err := servergrouputils.InitGroup(this.Parent(), params.GroupId, "stat")
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerGroupId(this.AdminContext(), params.GroupId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Data["webId"] = webConfig.Id
+	this.Data["statConfig"] = webConfig.StatRef
+
+	this.Show()
+}
+
+func (this *IndexAction) RunPost(params struct {
+	WebId    int64
+	StatJSON []byte
+
+	Must *actions.Must
+}) {
+	defer this.CreateLogInfo("修改Web %d 的统计设置", params.WebId)
+
+	// TODO 校验配置
+
+	_, err := this.RPC().HTTPWebRPC().UpdateHTTPWebStat(this.AdminContext(), &pb.UpdateHTTPWebStatRequest{
+		WebId:    params.WebId,
+		StatJSON: params.StatJSON,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Success()
+}
--- a/internal/web/actions/default/servers/groups/group/settings/stat/init.go
+++ b/internal/web/actions/default/servers/groups/group/settings/stat/init.go
@@ -0,0 +1,19 @@
+package stat
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/helpers"
+	"github.com/iwind/TeaGo"
+)
+
+func init() {
+	TeaGo.BeforeStart(func(server *TeaGo.Server) {
+		server.
+			Helper(helpers.NewUserMustAuth(configloaders.AdminModuleCodeServer)).
+			Data("teaMenu", "servers").
+			Data("teaSubMenu", "group").
+			Prefix("/servers/groups/group/settings/stat").
+			GetPost("", new(IndexAction)).
+			EndAll()
+	})
+}
--- a/internal/web/actions/default/servers/groups/group/settings/waf/group.go
+++ b/internal/web/actions/default/servers/groups/group/settings/waf/group.go
@@ -0,0 +1,100 @@
+package waf
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	"github.com/iwind/TeaGo/lists"
+	"github.com/iwind/TeaGo/maps"
+	"strings"
+)
+
+type GroupAction struct {
+	actionutils.ParentAction
+}
+
+func (this *GroupAction) Init() {
+	this.Nav("", "setting", this.ParamString("type"))
+	this.SecondMenu("waf")
+}
+
+func (this *GroupAction) RunGet(params struct {
+	FirewallPolicyId int64
+	GroupId          int64
+	Type             string
+}) {
+	this.Data["type"] = params.Type
+	this.Data["firewallPolicyId"] = params.FirewallPolicyId
+
+	// policy
+	firewallPolicy, err := dao.SharedHTTPFirewallPolicyDAO.FindEnabledHTTPFirewallPolicyConfig(this.AdminContext(), params.FirewallPolicyId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if firewallPolicy == nil {
+		this.NotFound("firewallPolicy", params.FirewallPolicyId)
+		return
+	}
+
+	// group config
+	groupConfig, err := dao.SharedHTTPFirewallRuleGroupDAO.FindRuleGroupConfig(this.AdminContext(), params.GroupId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if groupConfig == nil {
+		this.NotFound("firewallRuleGroup", params.GroupId)
+		return
+	}
+
+	this.Data["group"] = groupConfig
+
+	// rule sets
+	this.Data["sets"] = lists.Map(groupConfig.Sets, func(k int, v interface{}) interface{} {
+		set := v.(*firewallconfigs.HTTPFirewallRuleSet)
+
+		var actionMaps = []maps.Map{}
+		for _, action := range set.Actions {
+			def := firewallconfigs.FindActionDefinition(action.Code)
+			if def == nil {
+				continue
+			}
+
+			actionMaps = append(actionMaps, maps.Map{
+				"code":     strings.ToUpper(action.Code),
+				"name":     def.Name,
+				"category": def.Category,
+				"options":  action.Options,
+			})
+		}
+
+		return maps.Map{
+			"id":   set.Id,
+			"name": set.Name,
+			"rules": lists.Map(set.Rules, func(k int, v interface{}) interface{} {
+				rule := v.(*firewallconfigs.HTTPFirewallRule)
+				var errString = ""
+				var err = rule.Init()
+				if err != nil {
+					errString = err.Error()
+				}
+				return maps.Map{
+					"param":             rule.Param,
+					"paramFilters":      rule.ParamFilters,
+					"operator":          rule.Operator,
+					"value":             rule.Value,
+					"isCaseInsensitive": rule.IsCaseInsensitive,
+					"isComposed":        firewallconfigs.CheckCheckpointIsComposed(rule.Prefix()),
+					"checkpointOptions": rule.CheckpointOptions,
+					"err":               errString,
+				}
+			}),
+			"isOn":      set.IsOn,
+			"actions":   actionMaps,
+			"connector": strings.ToUpper(set.Connector),
+		}
+	})
+
+	this.Show()
+}
--- a/internal/web/actions/default/servers/groups/group/settings/waf/groups.go
+++ b/internal/web/actions/default/servers/groups/group/settings/waf/groups.go
@@ -0,0 +1,83 @@
+package waf
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/iwind/TeaGo/maps"
+)
+
+type GroupsAction struct {
+	actionutils.ParentAction
+}
+
+func (this *GroupsAction) Init() {
+	this.Nav("", "setting", this.ParamString("type"))
+	this.SecondMenu("waf")
+}
+
+func (this *GroupsAction) RunGet(params struct {
+	ServerId         int64
+	FirewallPolicyId int64
+	Type             string
+}) {
+	this.Data["firewallPolicyId"] = params.FirewallPolicyId
+	this.Data["type"] = params.Type
+
+	firewallPolicy, err := dao.SharedHTTPFirewallPolicyDAO.FindEnabledHTTPFirewallPolicyConfig(this.AdminContext(), params.FirewallPolicyId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if firewallPolicy == nil {
+		this.NotFound("firewallPolicy", params.FirewallPolicyId)
+		return
+	}
+
+	groupMaps := []maps.Map{}
+
+	// inbound
+	if params.Type == "inbound" {
+		if firewallPolicy.Inbound != nil {
+			for _, g := range firewallPolicy.Inbound.Groups {
+				groupMaps = append(groupMaps, maps.Map{
+					"id":          g.Id,
+					"name":        g.Name,
+					"code":        g.Code,
+					"isOn":        g.IsOn,
+					"description": g.Description,
+					"countSets":   len(g.Sets),
+					"canDelete":   len(g.Code) == 0,
+				})
+			}
+		}
+	}
+
+	// outbound
+	if params.Type == "outbound" {
+		if firewallPolicy.Outbound != nil {
+			for _, g := range firewallPolicy.Outbound.Groups {
+				groupMaps = append(groupMaps, maps.Map{
+					"id":          g.Id,
+					"name":        g.Name,
+					"code":        g.Code,
+					"isOn":        g.IsOn,
+					"description": g.Description,
+					"countSets":   len(g.Sets),
+					"canDelete":   len(g.Code) == 0,
+				})
+			}
+		}
+	}
+
+	this.Data["groups"] = groupMaps
+
+	// WAF是否启用
+	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerId(this.AdminContext(), params.ServerId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Data["wafIsOn"] = webConfig.FirewallRef != nil && webConfig.FirewallRef.IsOn
+
+	this.Show()
+}
--- a/internal/web/actions/default/servers/groups/group/settings/waf/index.go
+++ b/internal/web/actions/default/servers/groups/group/settings/waf/index.go
@@ -0,0 +1,76 @@
+package waf
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/groups/group/servergrouputils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/actions"
+)
+
+type IndexAction struct {
+	actionutils.ParentAction
+}
+
+func (this *IndexAction) Init() {
+	this.Nav("", "setting", "index")
+	this.SecondMenu("waf")
+}
+
+func (this *IndexAction) RunGet(params struct {
+	GroupId int64
+}) {
+	_, err := servergrouputils.InitGroup(this.Parent(), params.GroupId, "waf")
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerGroupId(this.AdminContext(), params.GroupId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Data["webId"] = webConfig.Id
+	this.Data["firewallConfig"] = webConfig.FirewallRef
+
+	// 获取当前服务所在集群的WAF设置
+	this.Data["firewallPolicy"] = nil
+
+	// 当前的Server独立设置
+	if webConfig.FirewallRef == nil || webConfig.FirewallRef.FirewallPolicyId == 0 {
+		firewallPolicyId, err := dao.SharedHTTPWebDAO.InitEmptyHTTPFirewallPolicy(this.AdminContext(), params.GroupId, 0, webConfig.Id, webConfig.FirewallRef != nil && webConfig.FirewallRef.IsOn)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		this.Data["firewallPolicyId"] = firewallPolicyId
+	} else {
+		this.Data["firewallPolicyId"] = webConfig.FirewallRef.FirewallPolicyId
+	}
+
+	this.Show()
+}
+
+func (this *IndexAction) RunPost(params struct {
+	WebId        int64
+	FirewallJSON []byte
+
+	Must *actions.Must
+}) {
+	defer this.CreateLogInfo("修改Web %d 的WAF设置", params.WebId)
+
+	// TODO 检查配置
+
+	_, err := this.RPC().HTTPWebRPC().UpdateHTTPWebFirewall(this.AdminContext(), &pb.UpdateHTTPWebFirewallRequest{
+		WebId:        params.WebId,
+		FirewallJSON: params.FirewallJSON,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/groups/group/settings/waf/init.go
+++ b/internal/web/actions/default/servers/groups/group/settings/waf/init.go
@@ -0,0 +1,33 @@
+package waf
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/server/settings/waf/ipadmin"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/serverutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/helpers"
+	"github.com/iwind/TeaGo"
+)
+
+func init() {
+	TeaGo.BeforeStart(func(server *TeaGo.Server) {
+		server.
+			Helper(helpers.NewUserMustAuth(configloaders.AdminModuleCodeServer)).
+			Helper(serverutils.NewServerHelper()).
+			Data("teaMenu", "servers").
+			Data("teaSubMenu", "group").
+			Prefix("/servers/groups/group/settings/waf").
+			GetPost("", new(IndexAction)).
+			Get("/ipadmin/allowList", new(ipadmin.AllowListAction)).
+			Get("/ipadmin/denyList", new(ipadmin.DenyListAction)).
+			GetPost("/ipadmin/countries", new(ipadmin.CountriesAction)).
+			GetPost("/ipadmin/provinces", new(ipadmin.ProvincesAction)).
+			GetPost("/ipadmin/updateIPPopup", new(ipadmin.UpdateIPPopupAction)).
+			Post("/ipadmin/deleteIP", new(ipadmin.DeleteIPAction)).
+			GetPost("/ipadmin/test", new(ipadmin.TestAction)).
+
+			// 规则相关
+			Get("/groups", new(GroupsAction)).
+			Get("/group", new(GroupAction)).
+			EndAll()
+	})
+}
--- a/internal/web/actions/default/servers/groups/group/settings/waf/ipadmin/allowList.go
+++ b/internal/web/actions/default/servers/groups/group/settings/waf/ipadmin/allowList.go
@@ -0,0 +1,95 @@
+package ipadmin
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	"github.com/iwind/TeaGo/maps"
+	timeutil "github.com/iwind/TeaGo/utils/time"
+	"time"
+)
+
+type AllowListAction struct {
+	actionutils.ParentAction
+}
+
+func (this *AllowListAction) Init() {
+	this.Nav("", "setting", "allowList")
+	this.SecondMenu("waf")
+}
+
+func (this *AllowListAction) RunGet(params struct {
+	ServerId         int64
+	FirewallPolicyId int64
+}) {
+	this.Data["featureIsOn"] = true
+	this.Data["firewallPolicyId"] = params.FirewallPolicyId
+
+	listId, err := dao.SharedIPListDAO.FindAllowIPListIdWithServerId(this.AdminContext(), params.ServerId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	// 创建
+	if listId == 0 {
+		listId, err = dao.SharedIPListDAO.CreateIPListForServerId(this.AdminContext(), params.ServerId, "white")
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+	}
+
+	this.Data["listId"] = listId
+
+	// 数量
+	countResp, err := this.RPC().IPItemRPC().CountIPItemsWithListId(this.AdminContext(), &pb.CountIPItemsWithListIdRequest{IpListId: listId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	count := countResp.Count
+	page := this.NewPage(count)
+	this.Data["page"] = page.AsHTML()
+
+	// 列表
+	itemsResp, err := this.RPC().IPItemRPC().ListIPItemsWithListId(this.AdminContext(), &pb.ListIPItemsWithListIdRequest{
+		IpListId: listId,
+		Offset:   page.Offset,
+		Size:     page.Size,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	itemMaps := []maps.Map{}
+	for _, item := range itemsResp.IpItems {
+		expiredTime := ""
+		if item.ExpiredAt > 0 {
+			expiredTime = timeutil.FormatTime("Y-m-d H:i:s", item.ExpiredAt)
+		}
+
+		itemMaps = append(itemMaps, maps.Map{
+			"id":             item.Id,
+			"ipFrom":         item.IpFrom,
+			"ipTo":           item.IpTo,
+			"expiredTime":    expiredTime,
+			"reason":         item.Reason,
+			"type":           item.Type,
+			"isExpired":      item.ExpiredAt > 0 && item.ExpiredAt < time.Now().Unix(),
+			"eventLevelName": firewallconfigs.FindFirewallEventLevelName(item.EventLevel),
+		})
+	}
+	this.Data["items"] = itemMaps
+
+	// WAF是否启用
+	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerId(this.AdminContext(), params.ServerId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Data["wafIsOn"] = webConfig.FirewallRef != nil && webConfig.FirewallRef.IsOn
+
+	this.Show()
+}
--- a/internal/web/actions/default/servers/groups/group/settings/waf/ipadmin/countries.go
+++ b/internal/web/actions/default/servers/groups/group/settings/waf/ipadmin/countries.go
@@ -0,0 +1,121 @@
+package ipadmin
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/oplogs"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/lists"
+	"github.com/iwind/TeaGo/maps"
+	"strings"
+)
+
+type CountriesAction struct {
+	actionutils.ParentAction
+}
+
+func (this *CountriesAction) Init() {
+	this.Nav("", "setting", "country")
+	this.SecondMenu("waf")
+}
+
+func (this *CountriesAction) RunGet(params struct {
+	FirewallPolicyId int64
+	ServerId         int64
+}) {
+	this.Data["featureIsOn"] = true
+	this.Data["firewallPolicyId"] = params.FirewallPolicyId
+
+	this.Data["subMenuItem"] = "region"
+
+	// 当前选中的地区
+	policyConfig, err := dao.SharedHTTPFirewallPolicyDAO.FindEnabledHTTPFirewallPolicyConfig(this.AdminContext(), params.FirewallPolicyId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if policyConfig == nil {
+		this.NotFound("firewallPolicy", params.FirewallPolicyId)
+		return
+	}
+	selectedCountryIds := []int64{}
+	if policyConfig.Inbound != nil && policyConfig.Inbound.Region != nil {
+		selectedCountryIds = policyConfig.Inbound.Region.DenyCountryIds
+	}
+
+	countriesResp, err := this.RPC().RegionCountryRPC().FindAllEnabledRegionCountries(this.AdminContext(), &pb.FindAllEnabledRegionCountriesRequest{})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	countryMaps := []maps.Map{}
+	for _, country := range countriesResp.Countries {
+		countryMaps = append(countryMaps, maps.Map{
+			"id":        country.Id,
+			"name":      country.Name,
+			"letter":    strings.ToUpper(string(country.Pinyin[0][0])),
+			"isChecked": lists.ContainsInt64(selectedCountryIds, country.Id),
+		})
+	}
+	this.Data["countries"] = countryMaps
+
+	// WAF是否启用
+	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerId(this.AdminContext(), params.ServerId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Data["wafIsOn"] = webConfig.FirewallRef != nil && webConfig.FirewallRef.IsOn
+
+	this.Show()
+}
+
+func (this *CountriesAction) RunPost(params struct {
+	FirewallPolicyId int64
+	CountryIds       []int64
+
+	Must *actions.Must
+}) {
+	// 日志
+	defer this.CreateLog(oplogs.LevelInfo, "WAF策略 %d 设置禁止访问的国家和地区", params.FirewallPolicyId)
+
+	policyConfig, err := dao.SharedHTTPFirewallPolicyDAO.FindEnabledHTTPFirewallPolicyConfig(this.AdminContext(), params.FirewallPolicyId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if policyConfig == nil {
+		this.NotFound("firewallPolicy", params.FirewallPolicyId)
+		return
+	}
+
+	if policyConfig.Inbound == nil {
+		policyConfig.Inbound = &firewallconfigs.HTTPFirewallInboundConfig{IsOn: true}
+	}
+	if policyConfig.Inbound.Region == nil {
+		policyConfig.Inbound.Region = &firewallconfigs.HTTPFirewallRegionConfig{
+			IsOn: true,
+		}
+	}
+	policyConfig.Inbound.Region.DenyCountryIds = params.CountryIds
+
+	inboundJSON, err := json.Marshal(policyConfig.Inbound)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	_, err = this.RPC().HTTPFirewallPolicyRPC().UpdateHTTPFirewallInboundConfig(this.AdminContext(), &pb.UpdateHTTPFirewallInboundConfigRequest{
+		HttpFirewallPolicyId: params.FirewallPolicyId,
+		InboundJSON:          inboundJSON,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/groups/group/settings/waf/ipadmin/deleteIP.go
+++ b/internal/web/actions/default/servers/groups/group/settings/waf/ipadmin/deleteIP.go
@@ -0,0 +1,29 @@
+package ipadmin
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/oplogs"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+)
+
+type DeleteIPAction struct {
+	actionutils.ParentAction
+}
+
+func (this *DeleteIPAction) RunPost(params struct {
+	FirewallPolicyId int64
+	ItemId           int64
+}) {
+	// 日志
+	defer this.CreateLog(oplogs.LevelInfo, "从WAF策略 %d 名单中删除IP %d", params.FirewallPolicyId, params.ItemId)
+
+	// TODO 判断权限
+
+	_, err := this.RPC().IPItemRPC().DeleteIPItem(this.AdminContext(), &pb.DeleteIPItemRequest{IpItemId: params.ItemId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/groups/group/settings/waf/ipadmin/denyList.go
+++ b/internal/web/actions/default/servers/groups/group/settings/waf/ipadmin/denyList.go
@@ -0,0 +1,95 @@
+package ipadmin
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	"github.com/iwind/TeaGo/maps"
+	timeutil "github.com/iwind/TeaGo/utils/time"
+	"time"
+)
+
+type DenyListAction struct {
+	actionutils.ParentAction
+}
+
+func (this *DenyListAction) Init() {
+	this.Nav("", "setting", "denyList")
+	this.SecondMenu("waf")
+}
+
+func (this *DenyListAction) RunGet(params struct {
+	FirewallPolicyId int64
+	ServerId         int64
+}) {
+	this.Data["featureIsOn"] = true
+	this.Data["firewallPolicyId"] = params.FirewallPolicyId
+
+	listId, err := dao.SharedIPListDAO.FindDenyIPListIdWithServerId(this.AdminContext(), params.ServerId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	// 创建
+	if listId == 0 {
+		listId, err = dao.SharedIPListDAO.CreateIPListForServerId(this.AdminContext(), params.ServerId, "black")
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+	}
+
+	this.Data["listId"] = listId
+
+	// 数量
+	countResp, err := this.RPC().IPItemRPC().CountIPItemsWithListId(this.AdminContext(), &pb.CountIPItemsWithListIdRequest{IpListId: listId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	count := countResp.Count
+	page := this.NewPage(count)
+	this.Data["page"] = page.AsHTML()
+
+	// 列表
+	itemsResp, err := this.RPC().IPItemRPC().ListIPItemsWithListId(this.AdminContext(), &pb.ListIPItemsWithListIdRequest{
+		IpListId: listId,
+		Offset:   page.Offset,
+		Size:     page.Size,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	itemMaps := []maps.Map{}
+	for _, item := range itemsResp.IpItems {
+		expiredTime := ""
+		if item.ExpiredAt > 0 {
+			expiredTime = timeutil.FormatTime("Y-m-d H:i:s", item.ExpiredAt)
+		}
+
+		itemMaps = append(itemMaps, maps.Map{
+			"id":             item.Id,
+			"ipFrom":         item.IpFrom,
+			"ipTo":           item.IpTo,
+			"expiredTime":    expiredTime,
+			"reason":         item.Reason,
+			"type":           item.Type,
+			"isExpired":      item.ExpiredAt > 0 && item.ExpiredAt < time.Now().Unix(),
+			"eventLevelName": firewallconfigs.FindFirewallEventLevelName(item.EventLevel),
+		})
+	}
+	this.Data["items"] = itemMaps
+
+	// WAF是否启用
+	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerId(this.AdminContext(), params.ServerId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Data["wafIsOn"] = webConfig.FirewallRef != nil && webConfig.FirewallRef.IsOn
+
+	this.Show()
+}
--- a/internal/web/actions/default/servers/groups/group/settings/waf/ipadmin/provinces.go
+++ b/internal/web/actions/default/servers/groups/group/settings/waf/ipadmin/provinces.go
@@ -0,0 +1,122 @@
+package ipadmin
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/oplogs"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/lists"
+	"github.com/iwind/TeaGo/maps"
+)
+
+const ChinaCountryId = 1
+
+type ProvincesAction struct {
+	actionutils.ParentAction
+}
+
+func (this *ProvincesAction) Init() {
+	this.Nav("", "setting", "province")
+	this.SecondMenu("waf")
+}
+
+func (this *ProvincesAction) RunGet(params struct {
+	FirewallPolicyId int64
+	ServerId         int64
+}) {
+	this.Data["featureIsOn"] = true
+	this.Data["firewallPolicyId"] = params.FirewallPolicyId
+	this.Data["subMenuItem"] = "province"
+
+	// 当前选中的省份
+	policyConfig, err := dao.SharedHTTPFirewallPolicyDAO.FindEnabledHTTPFirewallPolicyConfig(this.AdminContext(), params.FirewallPolicyId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if policyConfig == nil {
+		this.NotFound("firewallPolicy", params.FirewallPolicyId)
+		return
+	}
+	selectedProvinceIds := []int64{}
+	if policyConfig.Inbound != nil && policyConfig.Inbound.Region != nil {
+		selectedProvinceIds = policyConfig.Inbound.Region.DenyProvinceIds
+	}
+
+	provincesResp, err := this.RPC().RegionProvinceRPC().FindAllEnabledRegionProvincesWithCountryId(this.AdminContext(), &pb.FindAllEnabledRegionProvincesWithCountryIdRequest{
+		CountryId: int64(ChinaCountryId),
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	provinceMaps := []maps.Map{}
+	for _, province := range provincesResp.Provinces {
+		provinceMaps = append(provinceMaps, maps.Map{
+			"id":        province.Id,
+			"name":      province.Name,
+			"isChecked": lists.ContainsInt64(selectedProvinceIds, province.Id),
+		})
+	}
+	this.Data["provinces"] = provinceMaps
+
+	// WAF是否启用
+	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerId(this.AdminContext(), params.ServerId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Data["wafIsOn"] = webConfig.FirewallRef != nil && webConfig.FirewallRef.IsOn
+
+	this.Show()
+}
+
+func (this *ProvincesAction) RunPost(params struct {
+	FirewallPolicyId int64
+	ProvinceIds      []int64
+
+	Must *actions.Must
+}) {
+	// 日志
+	defer this.CreateLog(oplogs.LevelInfo, "WAF策略 %d 设置禁止访问的省份", params.FirewallPolicyId)
+
+	policyConfig, err := dao.SharedHTTPFirewallPolicyDAO.FindEnabledHTTPFirewallPolicyConfig(this.AdminContext(), params.FirewallPolicyId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if policyConfig == nil {
+		this.NotFound("firewallPolicy", params.FirewallPolicyId)
+		return
+	}
+
+	if policyConfig.Inbound == nil {
+		policyConfig.Inbound = &firewallconfigs.HTTPFirewallInboundConfig{IsOn: true}
+	}
+	if policyConfig.Inbound.Region == nil {
+		policyConfig.Inbound.Region = &firewallconfigs.HTTPFirewallRegionConfig{
+			IsOn: true,
+		}
+	}
+	policyConfig.Inbound.Region.DenyProvinceIds = params.ProvinceIds
+
+	inboundJSON, err := json.Marshal(policyConfig.Inbound)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	_, err = this.RPC().HTTPFirewallPolicyRPC().UpdateHTTPFirewallInboundConfig(this.AdminContext(), &pb.UpdateHTTPFirewallInboundConfigRequest{
+		HttpFirewallPolicyId: params.FirewallPolicyId,
+		InboundJSON:          inboundJSON,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/groups/group/settings/waf/ipadmin/test.go
+++ b/internal/web/actions/default/servers/groups/group/settings/waf/ipadmin/test.go
@@ -0,0 +1,100 @@
+package ipadmin
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/maps"
+	timeutil "github.com/iwind/TeaGo/utils/time"
+)
+
+type TestAction struct {
+	actionutils.ParentAction
+}
+
+func (this *TestAction) Init() {
+	this.Nav("", "setting", "test")
+	this.SecondMenu("waf")
+}
+
+func (this *TestAction) RunGet(params struct {
+	ServerId         int64
+	FirewallPolicyId int64
+}) {
+	this.Data["featureIsOn"] = true
+	this.Data["firewallPolicyId"] = params.FirewallPolicyId
+	this.Data["subMenuItem"] = "province"
+
+	// WAF是否启用
+	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerId(this.AdminContext(), params.ServerId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Data["wafIsOn"] = webConfig.FirewallRef != nil && webConfig.FirewallRef.IsOn
+
+	this.Show()
+}
+
+func (this *TestAction) RunPost(params struct {
+	FirewallPolicyId int64
+	Ip               string
+
+	Must *actions.Must
+}) {
+	resp, err := this.RPC().HTTPFirewallPolicyRPC().CheckHTTPFirewallPolicyIPStatus(this.AdminContext(), &pb.CheckHTTPFirewallPolicyIPStatusRequest{
+		HttpFirewallPolicyId: params.FirewallPolicyId,
+		Ip:                   params.Ip,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	resultMap := maps.Map{
+		"isDone":    true,
+		"isFound":   resp.IsFound,
+		"isOk":      resp.IsOk,
+		"error":     resp.Error,
+		"isAllowed": resp.IsAllowed,
+	}
+
+	if resp.IpList != nil {
+		resultMap["list"] = maps.Map{
+			"id":   resp.IpList.Id,
+			"name": resp.IpList.Name,
+		}
+	}
+	if resp.IpItem != nil {
+		resultMap["item"] = maps.Map{
+			"id":             resp.IpItem.Id,
+			"ipFrom":         resp.IpItem.IpFrom,
+			"ipTo":           resp.IpItem.IpTo,
+			"reason":         resp.IpItem.Reason,
+			"expiredAt":      resp.IpItem.ExpiredAt,
+			"expiredTime":    timeutil.FormatTime("Y-m-d H:i:s", resp.IpItem.ExpiredAt),
+			"type":           resp.IpItem.Type,
+			"eventLevelName": firewallconfigs.FindFirewallEventLevelName(resp.IpItem.EventLevel),
+		}
+	}
+
+	if resp.RegionCountry != nil {
+		resultMap["country"] = maps.Map{
+			"id":   resp.RegionCountry.Id,
+			"name": resp.RegionCountry.Name,
+		}
+	}
+
+	if resp.RegionProvince != nil {
+		resultMap["province"] = maps.Map{
+			"id":   resp.RegionProvince.Id,
+			"name": resp.RegionProvince.Name,
+		}
+	}
+
+	this.Data["result"] = resultMap
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/groups/group/settings/waf/ipadmin/updateIPPopup.go
+++ b/internal/web/actions/default/servers/groups/group/settings/waf/ipadmin/updateIPPopup.go
@@ -0,0 +1,117 @@
+package ipadmin
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/oplogs"
+	"github.com/TeaOSLab/EdgeAdmin/internal/utils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/maps"
+)
+
+type UpdateIPPopupAction struct {
+	actionutils.ParentAction
+}
+
+func (this *UpdateIPPopupAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *UpdateIPPopupAction) RunGet(params struct {
+	ItemId int64
+}) {
+	itemResp, err := this.RPC().IPItemRPC().FindEnabledIPItem(this.AdminContext(), &pb.FindEnabledIPItemRequest{IpItemId: params.ItemId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	item := itemResp.IpItem
+	if item == nil {
+		this.NotFound("ipItem", params.ItemId)
+		return
+	}
+
+	this.Data["item"] = maps.Map{
+		"id":         item.Id,
+		"ipFrom":     item.IpFrom,
+		"ipTo":       item.IpTo,
+		"expiredAt":  item.ExpiredAt,
+		"reason":     item.Reason,
+		"type":       item.Type,
+		"eventLevel": item.EventLevel,
+	}
+
+	this.Data["type"] = item.Type
+
+	this.Show()
+}
+
+func (this *UpdateIPPopupAction) RunPost(params struct {
+	ItemId int64
+
+	IpFrom     string
+	IpTo       string
+	ExpiredAt  int64
+	Reason     string
+	Type       string
+	EventLevel string
+
+	Must *actions.Must
+	CSRF *actionutils.CSRF
+}) {
+	// 日志
+	defer this.CreateLog(oplogs.LevelInfo, "修改WAF策略名单中的IP %d", params.ItemId)
+
+	// TODO 校验ItemId所属用户
+
+	switch params.Type {
+	case "ipv4":
+		params.Must.
+			Field("ipFrom", params.IpFrom).
+			Require("请输入开始IP")
+
+		// 校验IP格式（ipFrom/ipTo）
+		var ipFromLong uint64
+		if !utils.IsIPv4(params.IpFrom) {
+			this.Fail("请输入正确的开始IP")
+		}
+		ipFromLong = utils.IP2Long(params.IpFrom)
+
+		var ipToLong uint64
+		if len(params.IpTo) > 0 && !utils.IsIPv4(params.IpTo) {
+			ipToLong = utils.IP2Long(params.IpTo)
+			this.Fail("请输入正确的结束IP")
+		}
+
+		if ipFromLong > 0 && ipToLong > 0 && ipFromLong > ipToLong {
+			params.IpTo, params.IpFrom = params.IpFrom, params.IpTo
+		}
+	case "ipv6":
+		params.Must.
+			Field("ipFrom", params.IpFrom).
+			Require("请输入IP")
+
+		// 校验IP格式（ipFrom）
+		if !utils.IsIPv6(params.IpFrom) {
+			this.Fail("请输入正确的IPv6地址")
+		}
+	case "all":
+		params.IpFrom = "0.0.0.0"
+	}
+
+	_, err := this.RPC().IPItemRPC().UpdateIPItem(this.AdminContext(), &pb.UpdateIPItemRequest{
+		IpItemId:   params.ItemId,
+		IpFrom:     params.IpFrom,
+		IpTo:       params.IpTo,
+		ExpiredAt:  params.ExpiredAt,
+		Reason:     params.Reason,
+		Type:       params.Type,
+		EventLevel: params.EventLevel,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/groups/group/settings/web/index.go
+++ b/internal/web/actions/default/servers/groups/group/settings/web/index.go
@@ -0,0 +1,59 @@
+package web
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/groups/group/servergrouputils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/actions"
+)
+
+type IndexAction struct {
+	actionutils.ParentAction
+}
+
+func (this *IndexAction) Init() {
+	this.Nav("", "setting", "index")
+	this.SecondMenu("web")
+}
+
+func (this *IndexAction) RunGet(params struct {
+	GroupId int64
+}) {
+	_, err := servergrouputils.InitGroup(this.Parent(), params.GroupId, "web")
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerGroupId(this.AdminContext(), params.GroupId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Data["webId"] = webConfig.Id
+	this.Data["rootConfig"] = webConfig.Root
+
+	this.Show()
+}
+
+func (this *IndexAction) RunPost(params struct {
+	WebId    int64
+	RootJSON []byte
+
+	Must *actions.Must
+}) {
+	defer this.CreateLogInfo("修改Web %d 的首页文件名", params.WebId)
+
+	_, err := this.RPC().HTTPWebRPC().UpdateHTTPWeb(this.AdminContext(), &pb.UpdateHTTPWebRequest{
+		WebId:    params.WebId,
+		RootJSON: params.RootJSON,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/groups/group/settings/web/init.go
+++ b/internal/web/actions/default/servers/groups/group/settings/web/init.go
@@ -0,0 +1,19 @@
+package web
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/helpers"
+	"github.com/iwind/TeaGo"
+)
+
+func init() {
+	TeaGo.BeforeStart(func(server *TeaGo.Server) {
+		server.
+			Helper(helpers.NewUserMustAuth(configloaders.AdminModuleCodeServer)).
+			Data("teaMenu", "servers").
+			Data("teaSubMenu", "group").
+			Prefix("/servers/groups/group/settings/web").
+			GetPost("", new(IndexAction)).
+			EndAll()
+	})
+}
--- a/internal/web/actions/default/servers/groups/group/settings/webp/index.go
+++ b/internal/web/actions/default/servers/groups/group/settings/webp/index.go
@@ -0,0 +1,68 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package webp
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/groups/group/servergrouputils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
+	"github.com/iwind/TeaGo/actions"
+)
+
+type IndexAction struct {
+	actionutils.ParentAction
+}
+
+func (this *IndexAction) Init() {
+	this.Nav("", "setting", "index")
+	this.SecondMenu("webp")
+}
+
+func (this *IndexAction) RunGet(params struct {
+	GroupId int64
+}) {
+	_, err := servergrouputils.InitGroup(this.Parent(), params.GroupId, "webp")
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerGroupId(this.AdminContext(), params.GroupId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Data["webId"] = webConfig.Id
+	this.Data["webpConfig"] = webConfig.WebP
+
+	this.Show()
+}
+
+func (this *IndexAction) RunPost(params struct {
+	WebId    int64
+	WebpJSON []byte
+
+	Must *actions.Must
+	CSRF *actionutils.CSRF
+}) {
+	var webpConfig = &serverconfigs.WebPImageConfig{}
+	err := json.Unmarshal(params.WebpJSON, webpConfig)
+	if err != nil {
+		this.Fail("参数校验失败：" + err.Error())
+	}
+
+	_, err = this.RPC().HTTPWebRPC().UpdateHTTPWebWebP(this.AdminContext(), &pb.UpdateHTTPWebWebPRequest{
+		WebId:    params.WebId,
+		WebpJSON: params.WebpJSON,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/groups/group/settings/webp/init.go
+++ b/internal/web/actions/default/servers/groups/group/settings/webp/init.go
@@ -0,0 +1,19 @@
+package webp
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/helpers"
+	"github.com/iwind/TeaGo"
+)
+
+func init() {
+	TeaGo.BeforeStart(func(server *TeaGo.Server) {
+		server.
+			Helper(helpers.NewUserMustAuth(configloaders.AdminModuleCodeServer)).
+			Data("teaMenu", "servers").
+			Data("teaSubMenu", "group").
+			Prefix("/servers/groups/group/settings/webp").
+			GetPost("", new(IndexAction)).
+			EndAll()
+	})
+}
--- a/internal/web/actions/default/servers/groups/group/settings/websocket/index.go
+++ b/internal/web/actions/default/servers/groups/group/settings/websocket/index.go
@@ -0,0 +1,122 @@
+package websocket
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/groups/group/servergrouputils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
+	"github.com/iwind/TeaGo/actions"
+)
+
+type IndexAction struct {
+	actionutils.ParentAction
+}
+
+func (this *IndexAction) Init() {
+	this.Nav("", "setting", "index")
+	this.SecondMenu("websocket")
+}
+
+func (this *IndexAction) RunGet(params struct {
+	GroupId int64
+}) {
+	_, err := servergrouputils.InitGroup(this.Parent(), params.GroupId, "websocket")
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerGroupId(this.AdminContext(), params.GroupId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Data["webId"] = webConfig.Id
+	this.Data["websocketRef"] = webConfig.WebsocketRef
+	this.Data["websocketConfig"] = webConfig.Websocket
+
+	this.Show()
+}
+
+func (this *IndexAction) RunPost(params struct {
+	WebId            int64
+	WebsocketRefJSON []byte
+	WebsocketJSON    []byte
+
+	Must *actions.Must
+}) {
+	defer this.CreateLogInfo("修改Web %d 的Websocket设置", params.WebId)
+
+	// TODO 检查配置
+
+	websocketRef := &serverconfigs.HTTPWebsocketRef{}
+	err := json.Unmarshal(params.WebsocketRefJSON, websocketRef)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	websocketConfig := &serverconfigs.HTTPWebsocketConfig{}
+	err = json.Unmarshal(params.WebsocketJSON, websocketConfig)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	err = websocketConfig.Init()
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	// 创建
+	handshakeTimeoutJSON, err := json.Marshal(websocketConfig.HandshakeTimeout)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	// 创建或修改
+	if websocketConfig.Id <= 0 {
+		createResp, err := this.RPC().HTTPWebsocketRPC().CreateHTTPWebsocket(this.AdminContext(), &pb.CreateHTTPWebsocketRequest{
+			HandshakeTimeoutJSON: handshakeTimeoutJSON,
+			AllowAllOrigins:      websocketConfig.AllowAllOrigins,
+			AllowedOrigins:       websocketConfig.AllowedOrigins,
+			RequestSameOrigin:    websocketConfig.RequestSameOrigin,
+			RequestOrigin:        websocketConfig.RequestOrigin,
+		})
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+		websocketConfig.Id = createResp.WebsocketId
+	} else {
+		_, err = this.RPC().HTTPWebsocketRPC().UpdateHTTPWebsocket(this.AdminContext(), &pb.UpdateHTTPWebsocketRequest{
+			WebsocketId:          websocketConfig.Id,
+			HandshakeTimeoutJSON: handshakeTimeoutJSON,
+			AllowAllOrigins:      websocketConfig.AllowAllOrigins,
+			AllowedOrigins:       websocketConfig.AllowedOrigins,
+			RequestSameOrigin:    websocketConfig.RequestSameOrigin,
+			RequestOrigin:        websocketConfig.RequestOrigin,
+		})
+	}
+
+	websocketRef.WebsocketId = websocketConfig.Id
+	websocketRefJSON, err := json.Marshal(websocketRef)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	_, err = this.RPC().HTTPWebRPC().UpdateHTTPWebWebsocket(this.AdminContext(), &pb.UpdateHTTPWebWebsocketRequest{
+		WebId:         params.WebId,
+		WebsocketJSON: websocketRefJSON,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/groups/group/settings/websocket/init.go
+++ b/internal/web/actions/default/servers/groups/group/settings/websocket/init.go
@@ -0,0 +1,19 @@
+package websocket
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/helpers"
+	"github.com/iwind/TeaGo"
+)
+
+func init() {
+	TeaGo.BeforeStart(func(server *TeaGo.Server) {
+		server.
+			Helper(helpers.NewUserMustAuth(configloaders.AdminModuleCodeServer)).
+			Data("teaMenu", "servers").
+			Data("teaSubMenu", "group").
+			Prefix("/servers/groups/group/settings/websocket").
+			GetPost("", new(IndexAction)).
+			EndAll()
+	})
+}
--- a/internal/web/actions/default/servers/init.go
+++ b/internal/web/actions/default/servers/init.go
@@ -16,7 +16,9 @@ func init() {
 			GetPost("/create", new(CreateAction)).
 			GetPost("/update", new(UpdateAction)).
 			Post("/fixLog", new(FixLogAction)).
+			Post("/nearby", new(NearbyAction)).

+			//
 			GetPost("/addPortPopup", new(AddPortPopupAction)).
 			GetPost("/addServerNamePopup", new(AddServerNamePopupAction)).
 			GetPost("/addOriginPopup", new(AddOriginPopupAction)).
--- a/internal/web/actions/default/servers/nearby.go
+++ b/internal/web/actions/default/servers/nearby.go
@@ -0,0 +1,56 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package servers
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/iwind/TeaGo/maps"
+	"github.com/iwind/TeaGo/types"
+	"strings"
+)
+
+// NearbyAction 查找附近的Server
+type NearbyAction struct {
+	actionutils.ParentAction
+}
+
+func (this *NearbyAction) RunPost(params struct {
+	ServerId int64
+	Url      string
+}) {
+	var groupMaps = []maps.Map{}
+
+	resp, err := this.RPC().ServerRPC().FindNearbyServers(this.AdminContext(), &pb.FindNearbyServersRequest{ServerId: params.ServerId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	for _, group := range resp.Groups {
+		switch resp.Scope {
+		case "cluster":
+			group.Name = "[集群]" + group.Name
+		case "group":
+			group.Name = "[分组]" + group.Name
+		}
+
+		var itemMaps = []maps.Map{}
+		for _, server := range group.Servers {
+			itemMaps = append(itemMaps, maps.Map{
+				"name":     server.Name,
+				"url":      strings.ReplaceAll(params.Url, "${serverId}", types.String(server.Id)),
+				"isActive": params.ServerId == server.Id,
+			})
+		}
+
+		groupMaps = append(groupMaps, maps.Map{
+			"name":  group.Name,
+			"items": itemMaps,
+		})
+	}
+
+	this.Data["scope"] = resp.Scope
+	this.Data["groups"] = groupMaps
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/server/settings/accessLog/index.go
+++ b/internal/web/actions/default/servers/server/settings/accessLog/index.go
@@ -7,6 +7,7 @@ import (
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
 	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/types"
 )

 type IndexAction struct {
@@ -21,6 +22,17 @@ func (this *IndexAction) Init() {
 func (this *IndexAction) RunGet(params struct {
 	ServerId int64
 }) {
+	// 服务分组设置
+	groupResp, err := this.RPC().ServerGroupRPC().FindEnabledServerGroupConfigInfo(this.AdminContext(), &pb.FindEnabledServerGroupConfigInfoRequest{
+		ServerId: params.ServerId,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Data["hasGroupConfig"] = groupResp.HasAccessLogConfig
+	this.Data["groupSettingURL"] = "/servers/groups/group/settings/accessLog?groupId=" + types.String(groupResp.ServerGroupId)
+
 	// 获取配置
 	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerId(this.AdminContext(), params.ServerId)
 	if err != nil {
--- a/internal/web/actions/default/servers/server/settings/cache/index.go
+++ b/internal/web/actions/default/servers/server/settings/cache/index.go
@@ -9,6 +9,7 @@ import (
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
 	"github.com/iwind/TeaGo/actions"
 	"github.com/iwind/TeaGo/maps"
+	"github.com/iwind/TeaGo/types"
 )

 type IndexAction struct {
@@ -23,6 +24,17 @@ func (this *IndexAction) Init() {
 func (this *IndexAction) RunGet(params struct {
 	ServerId int64
 }) {
+	// 服务分组设置
+	groupResp, err := this.RPC().ServerGroupRPC().FindEnabledServerGroupConfigInfo(this.AdminContext(), &pb.FindEnabledServerGroupConfigInfoRequest{
+		ServerId: params.ServerId,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Data["hasGroupConfig"] = groupResp.HasCacheConfig
+	this.Data["groupSettingURL"] = "/servers/groups/group/settings/cache?groupId=" + types.String(groupResp.ServerGroupId)
+
 	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerId(this.AdminContext(), params.ServerId)
 	if err != nil {
 		this.ErrorPage(err)
--- a/internal/web/actions/default/servers/server/settings/charset/index.go
+++ b/internal/web/actions/default/servers/server/settings/charset/index.go
@@ -7,6 +7,7 @@ import (
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/types"
 )

 type IndexAction struct {
@@ -21,6 +22,17 @@ func (this *IndexAction) Init() {
 func (this *IndexAction) RunGet(params struct {
 	ServerId int64
 }) {
+	// 服务分组设置
+	groupResp, err := this.RPC().ServerGroupRPC().FindEnabledServerGroupConfigInfo(this.AdminContext(), &pb.FindEnabledServerGroupConfigInfoRequest{
+		ServerId: params.ServerId,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Data["hasGroupConfig"] = groupResp.HasCharsetConfig
+	this.Data["groupSettingURL"] = "/servers/groups/group/settings/charset?groupId=" + types.String(groupResp.ServerGroupId)
+
 	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerId(this.AdminContext(), params.ServerId)
 	if err != nil {
 		this.ErrorPage(err)
--- a/internal/web/actions/default/servers/server/settings/compression/index.go
+++ b/internal/web/actions/default/servers/server/settings/compression/index.go
@@ -0,0 +1,83 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package compression
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/types"
+)
+
+type IndexAction struct {
+	actionutils.ParentAction
+}
+
+func (this *IndexAction) Init() {
+	this.Nav("", "setting", "index")
+	this.SecondMenu("compression")
+}
+
+func (this *IndexAction) RunGet(params struct {
+	ServerId int64
+}) {
+	// 服务分组设置
+	groupResp, err := this.RPC().ServerGroupRPC().FindEnabledServerGroupConfigInfo(this.AdminContext(), &pb.FindEnabledServerGroupConfigInfoRequest{
+		ServerId: params.ServerId,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Data["hasGroupConfig"] = groupResp.HasCompressionConfig
+	this.Data["groupSettingURL"] = "/servers/groups/group/settings/compression?groupId=" + types.String(groupResp.ServerGroupId)
+
+	// WebId
+	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerId(this.AdminContext(), params.ServerId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Data["webId"] = webConfig.Id
+
+	this.Data["compressionConfig"] = webConfig.Compression
+
+	this.Show()
+}
+
+func (this *IndexAction) RunPost(params struct {
+	WebId           int64
+	CompressionJSON []byte
+
+	Must *actions.Must
+	CSRF *actionutils.CSRF
+}) {
+	defer this.CreateLogInfo("修改Web %d 的压缩设置", params.WebId)
+
+	// 校验配置
+	var compressionConfig = &serverconfigs.HTTPCompressionConfig{}
+	err := json.Unmarshal(params.CompressionJSON, compressionConfig)
+	if err != nil {
+		this.Fail("配置校验失败：" + err.Error())
+	}
+
+	err = compressionConfig.Init()
+	if err != nil {
+		this.Fail("配置校验失败：" + err.Error())
+	}
+
+	_, err = this.RPC().HTTPWebRPC().UpdateHTTPWebCompression(this.AdminContext(), &pb.UpdateHTTPWebCompressionRequest{
+		WebId:           params.WebId,
+		CompressionJSON: params.CompressionJSON,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/server/settings/compression/init.go
+++ b/internal/web/actions/default/servers/server/settings/compression/init.go
@@ -0,0 +1,19 @@
+package compression
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/serverutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/helpers"
+	"github.com/iwind/TeaGo"
+)
+
+func init() {
+	TeaGo.BeforeStart(func(server *TeaGo.Server) {
+		server.
+			Helper(helpers.NewUserMustAuth(configloaders.AdminModuleCodeServer)).
+			Helper(serverutils.NewServerHelper()).
+			Prefix("/servers/server/settings/compression").
+			GetPost("", new(IndexAction)).
+			EndAll()
+	})
+}
--- a/internal/web/actions/default/servers/server/settings/gzip/index.go
+++ b/internal/web/actions/default/servers/server/settings/gzip/index.go
@@ -1,153 +0,0 @@
-package gzip
-
-import (
-	"encoding/json"
-	"github.com/TeaOSLab/EdgeAdmin/internal/oplogs"
-	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
-	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
-	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
-	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
-	"github.com/iwind/TeaGo/actions"
-	"github.com/iwind/TeaGo/types"
-)
-
-type IndexAction struct {
-	actionutils.ParentAction
-}
-
-func (this *IndexAction) Init() {
-	this.Nav("", "setting", "index")
-	this.SecondMenu("gzip")
-}
-
-func (this *IndexAction) RunGet(params struct {
-	ServerId int64
-}) {
-	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerId(this.AdminContext(), params.ServerId)
-	if err != nil {
-		this.ErrorPage(err)
-		return
-	}
-
-	this.Data["webId"] = webConfig.Id
-
-	gzipId := int64(0)
-	if webConfig.GzipRef != nil {
-		gzipId = webConfig.GzipRef.GzipId
-	}
-	gzipConfig := &serverconfigs.HTTPGzipConfig{
-		Id:   0,
-		IsOn: true,
-	}
-	if gzipId > 0 {
-		resp, err := this.RPC().HTTPGzipRPC().FindEnabledHTTPGzipConfig(this.AdminContext(), &pb.FindEnabledGzipConfigRequest{HttpGzipId: gzipId})
-		if err != nil {
-			this.ErrorPage(err)
-			return
-		}
-		err = json.Unmarshal(resp.HttpGzipJSON, gzipConfig)
-		if err != nil {
-			this.ErrorPage(err)
-			return
-		}
-	}
-
-	this.Data["gzipConfig"] = gzipConfig
-
-	if webConfig.GzipRef == nil {
-		webConfig.GzipRef = &serverconfigs.HTTPGzipRef{
-			IsPrior: false,
-			IsOn:    false,
-			GzipId:  0,
-		}
-	}
-	this.Data["gzipRef"] = webConfig.GzipRef
-
-	this.Show()
-}
-
-func (this *IndexAction) RunPost(params struct {
-	WebId       int64
-	GzipId      int64
-	Level       int
-	MinLength   string
-	MaxLength   string
-	CondsJSON   []byte
-	GzipRefJSON []byte
-
-	Must *actions.Must
-}) {
-	// 日志
-	defer this.CreateLog(oplogs.LevelInfo, "修改Web %d 的GZip配置", params.WebId)
-
-	if params.Level < 0 || params.Level > 9 {
-		this.Fail("请选择正确的压缩级别")
-	}
-
-	minLength := &pb.SizeCapacity{Count: -1}
-	if len(params.MinLength) > 0 {
-		err := json.Unmarshal([]byte(params.MinLength), minLength)
-		if err != nil {
-			this.ErrorPage(err)
-			return
-		}
-	}
-
-	maxLength := &pb.SizeCapacity{Count: -1}
-	if len(params.MaxLength) > 0 {
-		err := json.Unmarshal([]byte(params.MaxLength), maxLength)
-		if err != nil {
-			this.ErrorPage(err)
-			return
-		}
-	}
-
-	gzipRef := &serverconfigs.HTTPGzipRef{}
-	err := json.Unmarshal(params.GzipRefJSON, gzipRef)
-	if err != nil {
-		this.ErrorPage(err)
-		return
-	}
-
-	if params.GzipId > 0 {
-		_, err := this.RPC().HTTPGzipRPC().UpdateHTTPGzip(this.AdminContext(), &pb.UpdateHTTPGzipRequest{
-			HttpGzipId: params.GzipId,
-			Level:      types.Int32(params.Level),
-			MinLength:  minLength,
-			MaxLength:  maxLength,
-			CondsJSON:  params.CondsJSON,
-		})
-		if err != nil {
-			this.ErrorPage(err)
-			return
-		}
-	} else {
-		resp, err := this.RPC().HTTPGzipRPC().CreateHTTPGzip(this.AdminContext(), &pb.CreateHTTPGzipRequest{
-			Level:     types.Int32(params.Level),
-			MinLength: minLength,
-			MaxLength: maxLength,
-			CondsJSON: params.CondsJSON,
-		})
-		if err != nil {
-			this.ErrorPage(err)
-			return
-		}
-		gzipRef.GzipId = resp.HttpGzipId
-	}
-
-	gzipRefJSON, err := json.Marshal(gzipRef)
-	if err != nil {
-		this.ErrorPage(err)
-		return
-	}
-
-	_, err = this.RPC().HTTPWebRPC().UpdateHTTPWebGzip(this.AdminContext(), &pb.UpdateHTTPWebGzipRequest{
-		WebId:    params.WebId,
-		GzipJSON: gzipRefJSON,
-	})
-	if err != nil {
-		this.ErrorPage(err)
-	}
-
-	this.Success()
-}
--- a/internal/web/actions/default/servers/server/settings/headers/createSetPopup.go
+++ b/internal/web/actions/default/servers/server/settings/headers/createSetPopup.go
@@ -18,7 +18,6 @@ func (this *CreateSetPopupAction) Init() {
 }

 func (this *CreateSetPopupAction) RunGet(params struct {
-	ServerId       int64
 	HeaderPolicyId int64
 }) {
 	this.Data["headerPolicyId"] = params.HeaderPolicyId
--- a/internal/web/actions/default/servers/server/settings/headers/index.go
+++ b/internal/web/actions/default/servers/server/settings/headers/index.go
@@ -6,6 +6,7 @@ import (
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/shared"
+	"github.com/iwind/TeaGo/types"
 )

 type IndexAction struct {
@@ -20,6 +21,18 @@ func (this *IndexAction) Init() {
 func (this *IndexAction) RunGet(params struct {
 	ServerId int64
 }) {
+	// 服务分组设置
+	groupResp, err := this.RPC().ServerGroupRPC().FindEnabledServerGroupConfigInfo(this.AdminContext(), &pb.FindEnabledServerGroupConfigInfoRequest{
+		ServerId: params.ServerId,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Data["hasGroupRequestConfig"] = groupResp.HasRequestHeadersConfig
+	this.Data["hasGroupResponseConfig"] = groupResp.HasResponseHeadersConfig
+	this.Data["groupSettingURL"] = "/servers/groups/group/settings/headers?groupId=" + types.String(groupResp.ServerGroupId)
+
 	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerId(this.AdminContext(), params.ServerId)
 	if err != nil {
 		this.ErrorPage(err)
--- a/internal/web/actions/default/servers/server/settings/locations/compression/index.go
+++ b/internal/web/actions/default/servers/server/settings/locations/compression/index.go
@@ -0,0 +1,69 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package compression
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
+	"github.com/iwind/TeaGo/actions"
+)
+
+type IndexAction struct {
+	actionutils.ParentAction
+}
+
+func (this *IndexAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *IndexAction) RunGet(params struct {
+	ServerId   int64
+	LocationId int64
+}) {
+	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithLocationId(this.AdminContext(), params.LocationId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Data["webId"] = webConfig.Id
+	this.Data["compressionConfig"] = webConfig.Compression
+
+	this.Show()
+}
+
+func (this *IndexAction) RunPost(params struct {
+	WebId           int64
+	CompressionJSON []byte
+
+	Must *actions.Must
+	CSRF *actionutils.CSRF
+}) {
+	defer this.CreateLogInfo("修改Web %d 的压缩设置", params.WebId)
+
+	// 校验配置
+	var compressionConfig = &serverconfigs.HTTPCompressionConfig{}
+	err := json.Unmarshal(params.CompressionJSON, compressionConfig)
+	if err != nil {
+		this.Fail("配置校验失败：" + err.Error())
+	}
+
+	err = compressionConfig.Init()
+	if err != nil {
+		this.Fail("配置校验失败：" + err.Error())
+	}
+
+	_, err = this.RPC().HTTPWebRPC().UpdateHTTPWebCompression(this.AdminContext(), &pb.UpdateHTTPWebCompressionRequest{
+		WebId:           params.WebId,
+		CompressionJSON: params.CompressionJSON,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/server/settings/locations/compression/init.go
+++ b/internal/web/actions/default/servers/server/settings/locations/compression/init.go
@@ -0,0 +1,22 @@
+package compression
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/server/settings/locations/locationutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/serverutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/helpers"
+	"github.com/iwind/TeaGo"
+)
+
+func init() {
+	TeaGo.BeforeStart(func(server *TeaGo.Server) {
+		server.
+			Helper(helpers.NewUserMustAuth(configloaders.AdminModuleCodeServer)).
+			Helper(locationutils.NewLocationHelper()).
+			Helper(serverutils.NewServerHelper()).
+			Data("tinyMenuItem", "compression").
+			Prefix("/servers/server/settings/locations/compression").
+			GetPost("", new(IndexAction)).
+			EndAll()
+	})
+}
--- a/internal/web/actions/default/servers/server/settings/locations/gzip/index.go
+++ b/internal/web/actions/default/servers/server/settings/locations/gzip/index.go
@@ -1,150 +0,0 @@
-package gzip
-
-import (
-	"encoding/json"
-	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
-	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
-	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
-	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
-	"github.com/iwind/TeaGo/actions"
-	"github.com/iwind/TeaGo/types"
-)
-
-type IndexAction struct {
-	actionutils.ParentAction
-}
-
-func (this *IndexAction) Init() {
-	this.Nav("", "setting", "index")
-	this.SecondMenu("gzip")
-}
-
-func (this *IndexAction) RunGet(params struct {
-	LocationId int64
-}) {
-	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithLocationId(this.AdminContext(), params.LocationId)
-	if err != nil {
-		this.ErrorPage(err)
-		return
-	}
-
-	this.Data["webId"] = webConfig.Id
-
-	gzipId := int64(0)
-	if webConfig.GzipRef != nil {
-		gzipId = webConfig.GzipRef.GzipId
-	}
-	gzipConfig := &serverconfigs.HTTPGzipConfig{
-		Id:   0,
-		IsOn: true,
-	}
-	if gzipId > 0 {
-		resp, err := this.RPC().HTTPGzipRPC().FindEnabledHTTPGzipConfig(this.AdminContext(), &pb.FindEnabledGzipConfigRequest{HttpGzipId: gzipId})
-		if err != nil {
-			this.ErrorPage(err)
-			return
-		}
-		err = json.Unmarshal(resp.HttpGzipJSON, gzipConfig)
-		if err != nil {
-			this.ErrorPage(err)
-			return
-		}
-	}
-
-	this.Data["gzipConfig"] = gzipConfig
-
-	if webConfig.GzipRef == nil {
-		webConfig.GzipRef = &serverconfigs.HTTPGzipRef{
-			IsPrior: false,
-			IsOn:    false,
-			GzipId:  0,
-		}
-	}
-	this.Data["gzipRef"] = webConfig.GzipRef
-
-	this.Show()
-}
-
-func (this *IndexAction) RunPost(params struct {
-	WebId       int64
-	GzipRefJSON []byte
-	GzipId      int64
-	Level       int
-	MinLength   string
-	MaxLength   string
-
-	Must *actions.Must
-}) {
-	defer this.CreateLogInfo("修改Web %d 的Gzip设置", params.WebId)
-
-	if params.Level < 0 || params.Level > 9 {
-		this.Fail("请选择正确的压缩级别")
-	}
-
-	minLength := &pb.SizeCapacity{Count: -1}
-	if len(params.MinLength) > 0 {
-		err := json.Unmarshal([]byte(params.MinLength), minLength)
-		if err != nil {
-			this.ErrorPage(err)
-			return
-		}
-	}
-
-	maxLength := &pb.SizeCapacity{Count: -1}
-	if len(params.MaxLength) > 0 {
-		err := json.Unmarshal([]byte(params.MaxLength), maxLength)
-		if err != nil {
-			this.ErrorPage(err)
-			return
-		}
-	}
-
-	gzipRef := &serverconfigs.HTTPGzipRef{}
-	err := json.Unmarshal(params.GzipRefJSON, gzipRef)
-	if err != nil {
-		this.ErrorPage(err)
-		return
-	}
-	gzipRef.GzipId = params.GzipId
-
-	if params.GzipId > 0 {
-		_, err := this.RPC().HTTPGzipRPC().UpdateHTTPGzip(this.AdminContext(), &pb.UpdateHTTPGzipRequest{
-			HttpGzipId: params.GzipId,
-			Level:      types.Int32(params.Level),
-			MinLength:  minLength,
-			MaxLength:  maxLength,
-		})
-		if err != nil {
-			this.ErrorPage(err)
-			return
-		}
-	} else {
-		resp, err := this.RPC().HTTPGzipRPC().CreateHTTPGzip(this.AdminContext(), &pb.CreateHTTPGzipRequest{
-			Level:     types.Int32(params.Level),
-			MinLength: minLength,
-			MaxLength: maxLength,
-		})
-		if err != nil {
-			this.ErrorPage(err)
-			return
-		}
-		gzipId := resp.HttpGzipId
-		gzipRef.GzipId = gzipId
-	}
-
-	gzipRefJSON, err := json.Marshal(gzipRef)
-	if err != nil {
-		this.ErrorPage(err)
-		return
-	}
-
-	_, err = this.RPC().HTTPWebRPC().UpdateHTTPWebGzip(this.AdminContext(), &pb.UpdateHTTPWebGzipRequest{
-		WebId:    params.WebId,
-		GzipJSON: gzipRefJSON,
-	})
-	if err != nil {
-		this.ErrorPage(err)
-	}
-
-	this.Success()
-}
--- a/internal/web/actions/default/servers/server/settings/locations/locationutils/location_helper.go
+++ b/internal/web/actions/default/servers/server/settings/locations/locationutils/location_helper.go
@@ -52,9 +52,7 @@ func (this *LocationHelper) BeforeAction(actionPtr actions.ActionWrapper) {
 }

 func (this *LocationHelper) createMenus(serverIdString string, locationIdString string, secondMenuItem string, locationConfig *serverconfigs.HTTPLocationConfig) []maps.Map {
-	menuItems := []maps.Map{
-
-	}
+	menuItems := []maps.Map{}
 	menuItems = append(menuItems, maps.Map{
 		"name":     "基本信息",
 		"url":      "/servers/server/settings/locations/location?serverId=" + serverIdString + "&locationId=" + locationIdString,
@@ -127,10 +125,10 @@ func (this *LocationHelper) createMenus(serverIdString string, locationIdString
 		"isOn":     locationConfig != nil && locationConfig.Web != nil && locationConfig.Web.StatRef != nil && locationConfig.Web.StatRef.IsPrior,
 	})
 	menuItems = append(menuItems, maps.Map{
-		"name":     "Gzip压缩",
-		"url":      "/servers/server/settings/locations/gzip?serverId=" + serverIdString + "&locationId=" + locationIdString,
-		"isActive": secondMenuItem == "gzip",
-		"isOn":     locationConfig != nil && locationConfig.Web != nil && locationConfig.Web.GzipRef != nil && locationConfig.Web.GzipRef.IsPrior,
+		"name":     "内容压缩",
+		"url":      "/servers/server/settings/locations/compression?serverId=" + serverIdString + "&locationId=" + locationIdString,
+		"isActive": secondMenuItem == "compression",
+		"isOn":     locationConfig != nil && locationConfig.Web != nil && locationConfig.Web.Compression != nil && locationConfig.Web.Compression.IsPrior,
 	})
 	menuItems = append(menuItems, maps.Map{
 		"name":     "特殊页面",
@@ -150,6 +148,12 @@ func (this *LocationHelper) createMenus(serverIdString string, locationIdString
 		"isActive": secondMenuItem == "websocket",
 		"isOn":     locationConfig != nil && locationConfig.Web != nil && locationConfig.Web.WebsocketRef != nil && locationConfig.Web.WebsocketRef.IsPrior,
 	})
+	menuItems = append(menuItems, maps.Map{
+		"name":     "WebP",
+		"url":      "/servers/server/settings/locations/webp?serverId=" + serverIdString + "&locationId=" + locationIdString,
+		"isActive": secondMenuItem == "webp",
+		"isOn":     locationConfig != nil && locationConfig.Web != nil && locationConfig.Web.WebP != nil && locationConfig.Web.WebP.IsPrior,
+	})
 	menuItems = append(menuItems, maps.Map{
 		"name":     "Fastcgi",
 		"url":      "/servers/server/settings/locations/fastcgi?serverId=" + serverIdString + "&locationId=" + locationIdString,
@@ -157,6 +161,19 @@ func (this *LocationHelper) createMenus(serverIdString string, locationIdString
 		"isOn":     locationConfig != nil && locationConfig.Web != nil && locationConfig.Web.FastcgiRef != nil && locationConfig.Web.FastcgiRef.IsPrior,
 	})

+	menuItems = append(menuItems, maps.Map{
+		"name":     "-",
+		"url":      "",
+		"isActive": false,
+	})
+
+	menuItems = append(menuItems, maps.Map{
+		"name":     "访客IP地址",
+		"url":      "/servers/server/settings/locations/remoteAddr?serverId=" + serverIdString + "&locationId=" + locationIdString,
+		"isActive": secondMenuItem == "remoteAddr",
+		"isOn":     locationConfig != nil && locationConfig.Web != nil && locationConfig.Web.RemoteAddr != nil && locationConfig.Web.RemoteAddr.IsOn,
+	})
+
 	return menuItems
 }

--- a/internal/web/actions/default/servers/server/settings/locations/remoteAddr/index.go
+++ b/internal/web/actions/default/servers/server/settings/locations/remoteAddr/index.go
@@ -0,0 +1,60 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package remoteAddr
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
+	"github.com/iwind/TeaGo/actions"
+)
+
+type IndexAction struct {
+	actionutils.ParentAction
+}
+
+func (this *IndexAction) Init() {
+
+}
+
+func (this *IndexAction) RunGet(params struct {
+	LocationId int64
+}) {
+	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithLocationId(this.AdminContext(), params.LocationId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Data["webId"] = webConfig.Id
+	this.Data["remoteAddrConfig"] = webConfig.RemoteAddr
+
+	this.Show()
+}
+
+func (this *IndexAction) RunPost(params struct {
+	WebId          int64
+	RemoteAddrJSON []byte
+
+	Must *actions.Must
+	CSRF *actionutils.CSRF
+}) {
+	var remoteAddrConfig = &serverconfigs.HTTPRemoteAddrConfig{}
+	err := json.Unmarshal(params.RemoteAddrJSON, remoteAddrConfig)
+	if err != nil {
+		this.Fail("参数校验失败：" + err.Error())
+	}
+
+	_, err = this.RPC().HTTPWebRPC().UpdateHTTPWebRemoteAddr(this.AdminContext(), &pb.UpdateHTTPWebRemoteAddrRequest{
+		WebId:          params.WebId,
+		RemoteAddrJSON: params.RemoteAddrJSON,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/server/settings/locations/remoteAddr/init.go
+++ b/internal/web/actions/default/servers/server/settings/locations/remoteAddr/init.go
@@ -0,0 +1,22 @@
+package remoteAddr
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/server/settings/locations/locationutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/serverutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/helpers"
+	"github.com/iwind/TeaGo"
+)
+
+func init() {
+	TeaGo.BeforeStart(func(server *TeaGo.Server) {
+		server.
+			Helper(helpers.NewUserMustAuth(configloaders.AdminModuleCodeServer)).
+			Helper(locationutils.NewLocationHelper()).
+			Helper(serverutils.NewServerHelper()).
+			Data("tinyMenuItem", "remoteAddr").
+			Prefix("/servers/server/settings/locations/remoteAddr").
+			GetPost("", new(IndexAction)).
+			EndAll()
+	})
+}
--- a/internal/web/actions/default/servers/server/settings/locations/waf/index.go
+++ b/internal/web/actions/default/servers/server/settings/locations/waf/index.go
@@ -4,6 +4,7 @@ import (
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
 	"github.com/iwind/TeaGo/actions"
 	"github.com/iwind/TeaGo/maps"
 )
@@ -36,9 +37,11 @@ func (this *IndexAction) RunGet(params struct {
 	}
 	if firewallPolicy != nil {
 		this.Data["firewallPolicy"] = maps.Map{
-			"id":   firewallPolicy.Id,
-			"name": firewallPolicy.Name,
-			"isOn": firewallPolicy.IsOn,
+			"id":       firewallPolicy.Id,
+			"name":     firewallPolicy.Name,
+			"isOn":     firewallPolicy.IsOn,
+			"mode":     firewallPolicy.Mode,
+			"modeInfo": firewallconfigs.FindFirewallMode(firewallPolicy.Mode),
 		}
 	} else {
 		this.Data["firewallPolicy"] = nil
--- a/internal/web/actions/default/servers/server/settings/locations/webp/index.go
+++ b/internal/web/actions/default/servers/server/settings/locations/webp/index.go
@@ -0,0 +1,60 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package webp
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
+	"github.com/iwind/TeaGo/actions"
+)
+
+type IndexAction struct {
+	actionutils.ParentAction
+}
+
+func (this *IndexAction) Init() {
+
+}
+
+func (this *IndexAction) RunGet(params struct {
+	LocationId int64
+}) {
+	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithLocationId(this.AdminContext(), params.LocationId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Data["webId"] = webConfig.Id
+	this.Data["webpConfig"] = webConfig.WebP
+
+	this.Show()
+}
+
+func (this *IndexAction) RunPost(params struct {
+	WebId    int64
+	WebpJSON []byte
+
+	Must *actions.Must
+	CSRF *actionutils.CSRF
+}) {
+	var webpConfig = &serverconfigs.WebPImageConfig{}
+	err := json.Unmarshal(params.WebpJSON, webpConfig)
+	if err != nil {
+		this.Fail("参数校验失败：" + err.Error())
+	}
+
+	_, err = this.RPC().HTTPWebRPC().UpdateHTTPWebWebP(this.AdminContext(), &pb.UpdateHTTPWebWebPRequest{
+		WebId:    params.WebId,
+		WebpJSON: params.WebpJSON,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/server/settings/locations/webp/init.go
+++ b/internal/web/actions/default/servers/server/settings/locations/webp/init.go
@@ -1,4 +1,4 @@
-package gzip
+package webp

 import (
 	"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
@@ -14,8 +14,8 @@ func init() {
 			Helper(helpers.NewUserMustAuth(configloaders.AdminModuleCodeServer)).
 			Helper(locationutils.NewLocationHelper()).
 			Helper(serverutils.NewServerHelper()).
-			Data("tinyMenuItem", "gzip").
-			Prefix("/servers/server/settings/locations/gzip").
+			Data("tinyMenuItem", "webp").
+			Prefix("/servers/server/settings/locations/webp").
 			GetPost("", new(IndexAction)).
 			EndAll()
 	})
--- a/internal/web/actions/default/servers/server/settings/origins/addPopup.go
+++ b/internal/web/actions/default/servers/server/settings/origins/addPopup.go
@@ -136,6 +136,11 @@ func (this *AddPopupAction) RunPost(params struct {
 			this.ErrorPage(err)
 			return
 		}
+
+		// 去除可能误加的斜杠
+		for index, domain := range domains {
+			domains[index] = strings.TrimSuffix(domain, "/")
+		}
 	}

 	createResp, err := this.RPC().OriginRPC().CreateOrigin(this.AdminContext(), &pb.CreateOriginRequest{
--- a/internal/web/actions/default/servers/server/settings/origins/updatePopup.go
+++ b/internal/web/actions/default/servers/server/settings/origins/updatePopup.go
@@ -195,6 +195,11 @@ func (this *UpdatePopupAction) RunPost(params struct {
 			this.ErrorPage(err)
 			return
 		}
+
+		// 去除可能误加的斜杠
+		for index, domain := range domains {
+			domains[index] = strings.TrimSuffix(domain, "/")
+		}
 	}

 	_, err = this.RPC().OriginRPC().UpdateOrigin(this.AdminContext(), &pb.UpdateOriginRequest{
--- a/internal/web/actions/default/servers/server/settings/pages/createPopup.go
+++ b/internal/web/actions/default/servers/server/settings/pages/createPopup.go
@@ -6,6 +6,7 @@ import (
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/shared"
 	"github.com/iwind/TeaGo/actions"
 	"github.com/iwind/TeaGo/types"
 )
@@ -19,12 +20,18 @@ func (this *CreatePopupAction) Init() {
 }

 func (this *CreatePopupAction) RunGet(params struct{}) {
+	this.Data["bodyTypes"] = shared.FindAllBodyTypes()
+
 	this.Show()
 }

 func (this *CreatePopupAction) RunPost(params struct {
-	Status    string
-	URL       string `alias:"url"`
+	Status   string
+	BodyType string
+
+	URL  string `alias:"url"`
+	Body string
+
 	NewStatus int
 	Must      *actions.Must
 }) {
@@ -32,13 +39,24 @@ func (this *CreatePopupAction) RunPost(params struct {

 	params.Must.
 		Field("status", params.Status).
-		Require("请输入响应状态码").
-		Field("url", params.URL).
-		Require("请输入要显示的URL")
+		Require("请输入响应状态码")
+
+	switch params.BodyType {
+	case shared.BodyTypeURL:
+		params.Must.
+			Field("url", params.URL).
+			Require("请输入要显示的URL")
+	case shared.BodyTypeHTML:
+		params.Must.
+			Field("body", params.Body).
+			Require("请输入要显示的HTML内容")
+	}

 	createResp, err := this.RPC().HTTPPageRPC().CreateHTTPPage(this.AdminContext(), &pb.CreateHTTPPageRequest{
 		StatusList: []string{params.Status},
+		BodyType:   params.BodyType,
 		Url:        params.URL,
+		Body:       params.Body,
 		NewStatus:  types.Int32(params.NewStatus),
 	})
 	if err != nil {
--- a/internal/web/actions/default/servers/server/settings/pages/index.go
+++ b/internal/web/actions/default/servers/server/settings/pages/index.go
@@ -6,6 +6,7 @@ import (
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/types"
 )

 type IndexAction struct {
@@ -20,6 +21,17 @@ func (this *IndexAction) Init() {
 func (this *IndexAction) RunGet(params struct {
 	ServerId int64
 }) {
+	// 分组设置
+	groupResp, err := this.RPC().ServerGroupRPC().FindEnabledServerGroupConfigInfo(this.AdminContext(), &pb.FindEnabledServerGroupConfigInfoRequest{
+		ServerId: params.ServerId,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Data["hasGroupConfig"] = groupResp.HasPagesConfig
+	this.Data["groupSettingURL"] = "/servers/groups/group/settings/pages?groupId=" + types.String(groupResp.ServerGroupId)
+
 	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerId(this.AdminContext(), params.ServerId)
 	if err != nil {
 		this.ErrorPage(err)
--- a/internal/web/actions/default/servers/server/settings/pages/updatePopup.go
+++ b/internal/web/actions/default/servers/server/settings/pages/updatePopup.go
@@ -6,6 +6,7 @@ import (
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/shared"
 	"github.com/iwind/TeaGo/actions"
 	"github.com/iwind/TeaGo/types"
 )
@@ -21,6 +22,8 @@ func (this *UpdatePopupAction) Init() {
 func (this *UpdatePopupAction) RunGet(params struct {
 	PageId int64
 }) {
+	this.Data["bodyTypes"] = shared.FindAllBodyTypes()
+
 	configResp, err := this.RPC().HTTPPageRPC().FindEnabledHTTPPageConfig(this.AdminContext(), &pb.FindEnabledHTTPPageConfigRequest{PageId: params.PageId})
 	if err != nil {
 		this.ErrorPage(err)
@@ -41,8 +44,12 @@ func (this *UpdatePopupAction) RunGet(params struct {
 func (this *UpdatePopupAction) RunPost(params struct {
 	PageId int64

-	Status    string
-	URL       string `alias:"url"`
+	Status string
+
+	BodyType string
+	URL      string `alias:"url"`
+	Body     string
+
 	NewStatus int

 	Must *actions.Must
@@ -52,14 +59,25 @@ func (this *UpdatePopupAction) RunPost(params struct {

 	params.Must.
 		Field("status", params.Status).
-		Require("请输入响应状态码").
-		Field("url", params.URL).
-		Require("请输入要显示的URL")
+		Require("请输入响应状态码")
+
+	switch params.BodyType {
+	case shared.BodyTypeURL:
+		params.Must.
+			Field("url", params.URL).
+			Require("请输入要显示的URL")
+	case shared.BodyTypeHTML:
+		params.Must.
+			Field("body", params.Body).
+			Require("请输入要显示的HTML内容")
+	}

 	_, err := this.RPC().HTTPPageRPC().UpdateHTTPPage(this.AdminContext(), &pb.UpdateHTTPPageRequest{
 		PageId:     params.PageId,
 		StatusList: []string{params.Status},
+		BodyType:   params.BodyType,
 		Url:        params.URL,
+		Body:       params.Body,
 		NewStatus:  types.Int32(params.NewStatus),
 	})
 	if err != nil {
--- a/internal/web/actions/default/servers/server/settings/remoteAddr/index.go
+++ b/internal/web/actions/default/servers/server/settings/remoteAddr/index.go
@@ -0,0 +1,73 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package remoteAddr
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/types"
+)
+
+type IndexAction struct {
+	actionutils.ParentAction
+}
+
+func (this *IndexAction) Init() {
+	this.Nav("", "setting", "index")
+	this.SecondMenu("remoteAddr")
+}
+
+func (this *IndexAction) RunGet(params struct {
+	ServerId int64
+}) {
+	// 服务分组设置
+	groupResp, err := this.RPC().ServerGroupRPC().FindEnabledServerGroupConfigInfo(this.AdminContext(), &pb.FindEnabledServerGroupConfigInfoRequest{
+		ServerId: params.ServerId,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Data["hasGroupConfig"] = groupResp.HasRemoteAddrConfig
+	this.Data["groupSettingURL"] = "/servers/groups/group/settings/remoteAddr?groupId=" + types.String(groupResp.ServerGroupId)
+
+	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerId(this.AdminContext(), params.ServerId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Data["webId"] = webConfig.Id
+	this.Data["remoteAddrConfig"] = webConfig.RemoteAddr
+
+	this.Show()
+}
+
+func (this *IndexAction) RunPost(params struct {
+	WebId          int64
+	RemoteAddrJSON []byte
+
+	Must *actions.Must
+	CSRF *actionutils.CSRF
+}) {
+	var remoteAddrConfig = &serverconfigs.HTTPRemoteAddrConfig{}
+	err := json.Unmarshal(params.RemoteAddrJSON, remoteAddrConfig)
+	if err != nil {
+		this.Fail("参数校验失败：" + err.Error())
+	}
+
+	_, err = this.RPC().HTTPWebRPC().UpdateHTTPWebRemoteAddr(this.AdminContext(), &pb.UpdateHTTPWebRemoteAddrRequest{
+		WebId:          params.WebId,
+		RemoteAddrJSON: params.RemoteAddrJSON,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/server/settings/remoteAddr/init.go
+++ b/internal/web/actions/default/servers/server/settings/remoteAddr/init.go
@@ -0,0 +1,19 @@
+package remoteAddr
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/serverutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/helpers"
+	"github.com/iwind/TeaGo"
+)
+
+func init() {
+	TeaGo.BeforeStart(func(server *TeaGo.Server) {
+		server.
+			Helper(helpers.NewUserMustAuth(configloaders.AdminModuleCodeServer)).
+			Helper(serverutils.NewServerHelper()).
+			Prefix("/servers/server/settings/remoteAddr").
+			GetPost("", new(IndexAction)).
+			EndAll()
+	})
+}
--- a/internal/web/actions/default/servers/server/settings/stat/index.go
+++ b/internal/web/actions/default/servers/server/settings/stat/index.go
@@ -5,6 +5,7 @@ import (
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/types"
 )

 type IndexAction struct {
@@ -19,6 +20,17 @@ func (this *IndexAction) Init() {
 func (this *IndexAction) RunGet(params struct {
 	ServerId int64
 }) {
+	// 服务分组设置
+	groupResp, err := this.RPC().ServerGroupRPC().FindEnabledServerGroupConfigInfo(this.AdminContext(), &pb.FindEnabledServerGroupConfigInfoRequest{
+		ServerId: params.ServerId,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Data["hasGroupConfig"] = groupResp.HasStatConfig
+	this.Data["groupSettingURL"] = "/servers/groups/group/settings/stat?groupId=" + types.String(groupResp.ServerGroupId)
+
 	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerId(this.AdminContext(), params.ServerId)
 	if err != nil {
 		this.ErrorPage(err)
--- a/internal/web/actions/default/servers/server/settings/waf/group.go
+++ b/internal/web/actions/default/servers/server/settings/waf/group.go
@@ -74,6 +74,11 @@ func (this *GroupAction) RunGet(params struct {
 			"name": set.Name,
 			"rules": lists.Map(set.Rules, func(k int, v interface{}) interface{} {
 				rule := v.(*firewallconfigs.HTTPFirewallRule)
+				var errString = ""
+				var err = rule.Init()
+				if err != nil {
+					errString = err.Error()
+				}
 				return maps.Map{
 					"param":             rule.Param,
 					"paramFilters":      rule.ParamFilters,
@@ -82,6 +87,7 @@ func (this *GroupAction) RunGet(params struct {
 					"isCaseInsensitive": rule.IsCaseInsensitive,
 					"isComposed":        firewallconfigs.CheckCheckpointIsComposed(rule.Prefix()),
 					"checkpointOptions": rule.CheckpointOptions,
+					"err":               errString,
 				}
 			}),
 			"isOn":      set.IsOn,
--- a/internal/web/actions/default/servers/server/settings/waf/index.go
+++ b/internal/web/actions/default/servers/server/settings/waf/index.go
@@ -4,8 +4,10 @@ import (
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
 	"github.com/iwind/TeaGo/actions"
 	"github.com/iwind/TeaGo/maps"
+	"github.com/iwind/TeaGo/types"
 )

 type IndexAction struct {
@@ -20,6 +22,17 @@ func (this *IndexAction) Init() {
 func (this *IndexAction) RunGet(params struct {
 	ServerId int64
 }) {
+	// 服务分组设置
+	groupResp, err := this.RPC().ServerGroupRPC().FindEnabledServerGroupConfigInfo(this.AdminContext(), &pb.FindEnabledServerGroupConfigInfoRequest{
+		ServerId: params.ServerId,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Data["hasGroupConfig"] = groupResp.HasWAFConfig
+	this.Data["groupSettingURL"] = "/servers/groups/group/settings/waf?groupId=" + types.String(groupResp.ServerGroupId)
+
 	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerId(this.AdminContext(), params.ServerId)
 	if err != nil {
 		this.ErrorPage(err)
@@ -37,9 +50,11 @@ func (this *IndexAction) RunGet(params struct {
 	}
 	if firewallPolicy != nil {
 		this.Data["firewallPolicy"] = maps.Map{
-			"id":   firewallPolicy.Id,
-			"name": firewallPolicy.Name,
-			"isOn": firewallPolicy.IsOn,
+			"id":       firewallPolicy.Id,
+			"name":     firewallPolicy.Name,
+			"isOn":     firewallPolicy.IsOn,
+			"mode":     firewallPolicy.Mode,
+			"modeInfo": firewallconfigs.FindFirewallMode(firewallPolicy.Mode),
 		}
 	} else {
 		this.Data["firewallPolicy"] = nil
@@ -47,7 +62,7 @@ func (this *IndexAction) RunGet(params struct {

 	// 当前的Server独立设置
 	if webConfig.FirewallRef == nil || webConfig.FirewallRef.FirewallPolicyId == 0 {
-		firewallPolicyId, err := dao.SharedHTTPWebDAO.InitEmptyHTTPFirewallPolicy(this.AdminContext(), params.ServerId, webConfig.Id, webConfig.FirewallRef != nil && webConfig.FirewallRef.IsOn)
+		firewallPolicyId, err := dao.SharedHTTPWebDAO.InitEmptyHTTPFirewallPolicy(this.AdminContext(), 0, params.ServerId, webConfig.Id, webConfig.FirewallRef != nil && webConfig.FirewallRef.IsOn)
 		if err != nil {
 			this.ErrorPage(err)
 			return
--- a/internal/web/actions/default/servers/server/settings/web/index.go
+++ b/internal/web/actions/default/servers/server/settings/web/index.go
@@ -5,6 +5,7 @@ import (
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/types"
 )

 type IndexAction struct {
@@ -19,6 +20,17 @@ func (this *IndexAction) Init() {
 func (this *IndexAction) RunGet(params struct {
 	ServerId int64
 }) {
+	// 分组设置
+	groupResp, err := this.RPC().ServerGroupRPC().FindEnabledServerGroupConfigInfo(this.AdminContext(), &pb.FindEnabledServerGroupConfigInfoRequest{
+		ServerId: params.ServerId,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Data["hasGroupConfig"] = groupResp.HasRootConfig
+	this.Data["groupSettingURL"] = "/servers/groups/group/settings/web?groupId=" + types.String(groupResp.ServerGroupId)
+
 	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerId(this.AdminContext(), params.ServerId)
 	if err != nil {
 		this.ErrorPage(err)
--- a/internal/web/actions/default/servers/server/settings/webp/index.go
+++ b/internal/web/actions/default/servers/server/settings/webp/index.go
@@ -0,0 +1,73 @@
+// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package webp
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/types"
+)
+
+type IndexAction struct {
+	actionutils.ParentAction
+}
+
+func (this *IndexAction) Init() {
+	this.Nav("", "setting", "index")
+	this.SecondMenu("webp")
+}
+
+func (this *IndexAction) RunGet(params struct {
+	ServerId int64
+}) {
+	// 服务分组设置
+	groupResp, err := this.RPC().ServerGroupRPC().FindEnabledServerGroupConfigInfo(this.AdminContext(), &pb.FindEnabledServerGroupConfigInfoRequest{
+		ServerId: params.ServerId,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Data["hasGroupConfig"] = groupResp.HasWebPConfig
+	this.Data["groupSettingURL"] = "/servers/groups/group/settings/webp?groupId=" + types.String(groupResp.ServerGroupId)
+
+	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerId(this.AdminContext(), params.ServerId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Data["webId"] = webConfig.Id
+	this.Data["webpConfig"] = webConfig.WebP
+
+	this.Show()
+}
+
+func (this *IndexAction) RunPost(params struct {
+	WebId    int64
+	WebpJSON []byte
+
+	Must *actions.Must
+	CSRF *actionutils.CSRF
+}) {
+	var webpConfig = &serverconfigs.WebPImageConfig{}
+	err := json.Unmarshal(params.WebpJSON, webpConfig)
+	if err != nil {
+		this.Fail("参数校验失败：" + err.Error())
+	}
+
+	_, err = this.RPC().HTTPWebRPC().UpdateHTTPWebWebP(this.AdminContext(), &pb.UpdateHTTPWebWebPRequest{
+		WebId:    params.WebId,
+		WebpJSON: params.WebpJSON,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/servers/server/settings/webp/init.go
+++ b/internal/web/actions/default/servers/server/settings/webp/init.go
@@ -1,4 +1,4 @@
-package gzip
+package webp

 import (
 	"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
@@ -12,7 +12,7 @@ func init() {
 		server.
 			Helper(helpers.NewUserMustAuth(configloaders.AdminModuleCodeServer)).
 			Helper(serverutils.NewServerHelper()).
-			Prefix("/servers/server/settings/gzip").
+			Prefix("/servers/server/settings/webp").
 			GetPost("", new(IndexAction)).
 			EndAll()
 	})
--- a/internal/web/actions/default/servers/server/settings/websocket/index.go
+++ b/internal/web/actions/default/servers/server/settings/websocket/index.go
@@ -7,6 +7,7 @@ import (
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs"
 	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/types"
 )

 type IndexAction struct {
@@ -21,6 +22,17 @@ func (this *IndexAction) Init() {
 func (this *IndexAction) RunGet(params struct {
 	ServerId int64
 }) {
+	// 服务分组设置
+	groupResp, err := this.RPC().ServerGroupRPC().FindEnabledServerGroupConfigInfo(this.AdminContext(), &pb.FindEnabledServerGroupConfigInfoRequest{
+		ServerId: params.ServerId,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Data["hasGroupConfig"] = groupResp.HasWebsocketConfig
+	this.Data["groupSettingURL"] = "/servers/groups/group/settings/websocket?groupId=" + types.String(groupResp.ServerGroupId)
+
 	webConfig, err := dao.SharedHTTPWebDAO.FindWebConfigWithServerId(this.AdminContext(), params.ServerId)
 	if err != nil {
 		this.ErrorPage(err)
--- a/internal/web/actions/default/servers/serverutils/server_helper.go
+++ b/internal/web/actions/default/servers/serverutils/server_helper.go
@@ -299,10 +299,10 @@ func (this *ServerHelper) createSettingsMenu(secondMenuItem string, serverIdStri
 			"isOn":     serverConfig.Web != nil && serverConfig.Web.StatRef != nil && serverConfig.Web.StatRef.IsOn,
 		})
 		menuItems = append(menuItems, maps.Map{
-			"name":     "Gzip压缩",
-			"url":      "/servers/server/settings/gzip?serverId=" + serverIdString,
-			"isActive": secondMenuItem == "gzip",
-			"isOn":     serverConfig.Web != nil && serverConfig.Web.GzipRef != nil && serverConfig.Web.GzipRef.IsOn,
+			"name":     "内容压缩",
+			"url":      "/servers/server/settings/compression?serverId=" + serverIdString,
+			"isActive": secondMenuItem == "compression",
+			"isOn":     serverConfig.Web != nil && serverConfig.Web.Compression != nil && serverConfig.Web.Compression.IsOn,
 		})
 		menuItems = append(menuItems, maps.Map{
 			"name":     "特殊页面",
@@ -322,12 +322,32 @@ func (this *ServerHelper) createSettingsMenu(secondMenuItem string, serverIdStri
 			"isActive": secondMenuItem == "websocket",
 			"isOn":     serverConfig.Web != nil && serverConfig.Web.WebsocketRef != nil && serverConfig.Web.WebsocketRef.IsOn,
 		})
+		menuItems = append(menuItems, maps.Map{
+			"name":     "WebP",
+			"url":      "/servers/server/settings/webp?serverId=" + serverIdString,
+			"isActive": secondMenuItem == "webp",
+			"isOn":     serverConfig.Web != nil && serverConfig.Web.WebP != nil && serverConfig.Web.WebP.IsOn,
+		})
+
 		menuItems = append(menuItems, maps.Map{
 			"name":     "Fastcgi",
 			"url":      "/servers/server/settings/fastcgi?serverId=" + serverIdString,
 			"isActive": secondMenuItem == "fastcgi",
 			"isOn":     serverConfig.Web != nil && serverConfig.Web.FastcgiRef != nil && serverConfig.Web.FastcgiRef.IsOn,
 		})
+
+		menuItems = append(menuItems, maps.Map{
+			"name":     "-",
+			"url":      "",
+			"isActive": false,
+		})
+
+		menuItems = append(menuItems, maps.Map{
+			"name":     "访客IP地址",
+			"url":      "/servers/server/settings/remoteAddr?serverId=" + serverIdString,
+			"isActive": secondMenuItem == "remoteAddr",
+			"isOn":     serverConfig.Web != nil && serverConfig.Web.RemoteAddr != nil && serverConfig.Web.RemoteAddr.IsOn,
+		})
 	} else if serverConfig.IsTCPFamily() {
 		menuItems = append(menuItems, maps.Map{
 			"name":     "TCP",
--- a/internal/web/actions/default/settings/settingutils/advanced_helper.go
+++ b/internal/web/actions/default/settings/settingutils/advanced_helper.go
@@ -33,7 +33,9 @@ func (this *AdvancedHelper) BeforeAction(actionPtr actions.ActionWrapper) (goNex
 	if configloaders.AllowModule(adminId, configloaders.AdminModuleCodeSetting) {
 		tabbar.Add("数据库", "", "/settings/database", "", this.tab == "database")
 		tabbar.Add("API节点", "", "/api", "", this.tab == "apiNodes")
-		tabbar.Add("用户节点", "", "/settings/userNodes", "", this.tab == "userNodes")
+		if teaconst.IsPlus {
+			tabbar.Add("用户节点", "", "/settings/userNodes", "", this.tab == "userNodes")
+		}
 		tabbar.Add("日志数据库", "", "/db", "", this.tab == "dbNodes")
 		if teaconst.IsPlus {
 			tabbar.Add("监控节点", "", "/settings/monitorNodes", "", this.tab == "monitorNodes")
--- a/internal/web/actions/default/settings/user-nodes/index.go
+++ b/internal/web/actions/default/settings/user-nodes/index.go
@@ -3,6 +3,7 @@ package usernodes
 import (
 	"encoding/json"
 	"fmt"
+	teaconst "github.com/TeaOSLab/EdgeAdmin/internal/const"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/nodeconfigs"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
@@ -20,6 +21,11 @@ func (this *IndexAction) Init() {
 }

 func (this *IndexAction) RunGet(params struct{}) {
+	if !teaconst.IsPlus {
+		this.RedirectURL("/")
+		return
+	}
+
 	countResp, err := this.RPC().UserNodeRPC().CountAllEnabledUserNodes(this.AdminContext(), &pb.CountAllEnabledUserNodesRequest{})
 	if err != nil {
 		this.ErrorPage(err)
--- a/internal/web/actions/default/ui/theme.go
+++ b/internal/web/actions/default/ui/theme.go
@@ -15,7 +15,7 @@ type ThemeAction struct {
 func (this *ThemeAction) RunPost(params struct{}) {
 	theme := configloaders.FindAdminTheme(this.AdminId())

-	var themes = []string{"theme1", "theme2", "theme3"}
+	var themes = []string{"theme1", "theme2", "theme3", "theme4", "theme5"}
 	var nextTheme = "theme1"
 	if len(theme) == 0 {
 		nextTheme = "theme2"
--- a/internal/web/helpers/user_must_auth.go
+++ b/internal/web/helpers/user_must_auth.go
@@ -286,7 +286,7 @@ func (this *userMustAuth) modules(adminId int64) []maps.Map {
 		{
 			"code":   "ns",
 			"module": configloaders.AdminModuleCodeNS,
-			"name":   "自建DNS",
+			"name":   "智能DNS",
 			"icon":   "cubes",
 			"isOn":   teaconst.IsPlus,
 			"subItems": []maps.Map{
--- a/internal/web/import.go
+++ b/internal/web/import.go
@@ -59,10 +59,10 @@ import (
 	_ "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/server/settings/accessLog"
 	_ "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/server/settings/cache"
 	_ "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/server/settings/charset"
+	_ "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/server/settings/compression"
 	_ "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/server/settings/conds"
 	_ "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/server/settings/dns"
 	_ "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/server/settings/fastcgi"
-	_ "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/server/settings/gzip"
 	_ "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/server/settings/headers"
 	_ "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/server/settings/http"
 	_ "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/server/settings/https"
@@ -71,21 +71,24 @@ import (
 	_ "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/server/settings/locations/accessLog"
 	_ "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/server/settings/locations/cache"
 	_ "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/server/settings/locations/charset"
+	_ "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/server/settings/locations/compression"
 	_ "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/server/settings/locations/fastcgi"
-	_ "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/server/settings/locations/gzip"
 	_ "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/server/settings/locations/headers"
 	_ "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/server/settings/locations/http"
 	_ "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/server/settings/locations/location"
 	_ "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/server/settings/locations/pages"
+	_ "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/server/settings/locations/remoteAddr"
 	_ "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/server/settings/locations/reverseProxy"
 	_ "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/server/settings/locations/rewrite"
 	_ "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/server/settings/locations/stat"
 	_ "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/server/settings/locations/waf"
 	_ "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/server/settings/locations/web"
+	_ "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/server/settings/locations/webp"
 	_ "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/server/settings/locations/websocket"
 	_ "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/server/settings/origins"
 	_ "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/server/settings/pages"
 	_ "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/server/settings/redirects"
+	_ "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/server/settings/remoteAddr"
 	_ "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/server/settings/reverseProxy"
 	_ "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/server/settings/rewrite"
 	_ "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/server/settings/serverNames"
@@ -96,6 +99,7 @@ import (
 	_ "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/server/settings/unix"
 	_ "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/server/settings/waf"
 	_ "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/server/settings/web"
+	_ "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/server/settings/webp"
 	_ "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/server/settings/websocket"
 	_ "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/servers/server/stat"

--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
刘祥超	558b5e14f1	优化细节	2021-10-10 20:17:40 +08:00
刘祥超	a5ee2dd03b	页面底部增加GoEdge官网和文档链接	2021-10-10 16:38:45 +08:00
刘祥超	9e9fe78b8d	优化升级提示文字	2021-10-10 16:33:27 +08:00
刘祥超	265e126faf	TCP、TLS、UDP支持端口范围	2021-10-10 16:30:21 +08:00
刘祥超	af440e5c5b	服务分组增加特殊页面设置	2021-10-10 10:52:58 +08:00
刘祥超	32b8c91113	特殊页面可以直接使用HTML	2021-10-10 10:35:14 +08:00
刘祥超	dbc60ccca4	证书上传时可以选择输入文本内容	2021-10-09 17:30:05 +08:00
刘祥超	d5b5af5d3a	数据看板-WAF看板增加节点拦截排行和域名拦截排行	2021-10-09 16:01:17 +08:00
刘祥超	8c1bd3bc4e	增加新的界面风格theme4, theme5	2021-10-09 11:50:02 +08:00
刘祥超	8f638186a3	在服务看板中可以切换到附近的服务	2021-10-08 14:36:57 +08:00
刘祥超	0b5a27e674	支持更多的分组全局设置功能	2021-10-07 16:47:14 +08:00
刘祥超	870f1aaaec	WAF模式从pass改为bypass	2021-10-07 13:55:00 +08:00
刘祥超	23cb4dcbe5	服务支持自定义访客IP地址获取方式	2021-10-06 11:40:24 +08:00
刘祥超	4f125b4244	添加源站时自动去除专属域名中的末尾斜杠	2021-10-06 09:29:44 +08:00
刘祥超	2b9de7938f	在服务设置里也显示WAF策略的模式	2021-10-06 09:08:09 +08:00
刘祥超	75bb07184f	ACME使用EAB申请的账号只能绑定一个用户	2021-10-03 14:43:29 +08:00
刘祥超	1fb491d2e1	ACME证书增加ZeroSSL支持	2021-10-03 13:09:49 +08:00
刘祥超	0bc8bdd841	支持自动转换图像文件为WebP	2021-10-01 16:24:42 +08:00
刘祥超	71d4e2626e	自建DNS改成智能DNS	2021-09-30 13:20:50 +08:00
刘祥超	0b26cbdd01	WAF策略增加观察模式和通过模式	2021-09-30 11:30:36 +08:00
刘祥超	ca72b3c18b	内容压缩支持brotli和deflate	2021-09-29 20:12:27 +08:00
刘祥超	8676f2711b	在WAF规则产生错误时给予提示	2021-09-27 10:11:37 +08:00
刘祥超	788a86bdcf	看板增加离线节点数字	2021-09-27 09:23:48 +08:00
刘祥超	0df6b4b220	优化安装界面--设置管理员账号的交互	2021-09-26 15:08:53 +08:00
刘祥超	f14dcd5c28	缓存条件增加最小内容尺寸配置	2021-09-26 15:01:52 +08:00
刘祥超	f86548e046	版本改为0.3.2	2021-09-26 10:09:51 +08:00
刘祥超	9dea11ab11	节点设置中不显示阈值设置	2021-09-25 19:57:22 +08:00
刘祥超	00749f806c	优化编译脚本	2021-09-25 19:57:10 +08:00