From a469fcc40928f430bb1f725efdce22d7b2b2eb29 Mon Sep 17 00:00:00 2001 From: jwc Date: Tue, 21 Jul 2020 19:33:03 +0800 Subject: [PATCH] =?UTF-8?q?=E7=AE=A1=E6=8E=A7=E7=AD=96=E7=95=A5deny?= =?UTF-8?q?=E5=8A=A8=E4=BD=9C=E6=B7=BB=E5=8A=A0=E7=AD=96=E7=95=A5=E9=83=A8?= =?UTF-8?q?=E5=88=86?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../tsg_adc/multi_step/a_p_Deny_Tests.robot | 309 ++++++++++++++++++ 1 file changed, 309 insertions(+) create mode 100644 01-TestCase/tsg_adc/multi_step/a_p_Deny_Tests.robot diff --git a/01-TestCase/tsg_adc/multi_step/a_p_Deny_Tests.robot b/01-TestCase/tsg_adc/multi_step/a_p_Deny_Tests.robot new file mode 100644 index 0000000..37a4a3d --- /dev/null +++ b/01-TestCase/tsg_adc/multi_step/a_p_Deny_Tests.robot @@ -0,0 +1,309 @@ +*** Settings *** +Force Tags tsg_adc_wp adc_api proxy_policy +Library OperatingSystem +Resource ../../../02-Keyword/tsg_adc/SystemCommand.robot +Resource ../../../02-Keyword/tsg_bfapi/PolicyObject.robot +Resource ../../../02-Keyword/tsg_bfapi/LogVariable.robot +Resource ../../../02-Keyword/tsg_adc/FileOperation.robot +Resource ../../../02-Keyword/tsg_bfapi/policy_object/Policy.robot + +*** Variables *** +${url} /v1/policy/profile/responsepages + +*** Test Cases *** +Proxy-Policy-deny-00001 + [Tags] fqdn + Comment 创建fqdn + ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$newsela.com + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + Comment 创建拦截策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-deny policyType=tsg_security policyDesc=autotest action=intercept userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} filterList=${objectId}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=3 + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + Comment 创建deny策略 + ${policyDict} Create Dictionary policyName=Proxy-Policy-deny-00001 policyType=pxy_manipulation policyDesc=autotest action=deny userRegion={"method":"block","message":"重新开始","code":403,"protocol":"HTTP"} filterList=${objectId}|TSG_FIELD_HTTP_HOST isValid=${1} appIdObjects=2 + log ${policyDict} + ${rescode} ${policyId2} AddPolicies 1 ${policyDict} v2 + insert_policyId_to_file1 deny_objectId ${objectId} + insert_policyId_to_file1 intercept_deny_policyId ${policyId1} + insert_policyId_to_file1 deny_policyId ${policyId2} + +Proxy-Policy-deny-00002 + [Tags] cat + Comment 创建fqdn + ${objectDict} Create Dictionary objectType=fqdn_category isValid=${1} addItemList=*mathoverflow.net + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + Comment #创建引用文件 + ${response} CreatePolicyFile2 ${url} ${responsePageFiles} 404english.html resPages + ${profiledId} Get From Dictionary ${response} profileId + Comment Comment 创建拦截策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-deny policyType=tsg_security policyDesc=autotest action=intercept userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} filterList=${objectId}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=3 + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + Comment 创建deny策略 + ${policyDict} Create Dictionary policyName=Proxy-Policy-deny-00002 policyType=pxy_manipulation policyDesc=autotest action=deny userRegion={"method":"block","html_profile":${profiledId},"code":403,"protocol":"HTTP"} filterList=${objectId}|TSG_FIELD_HTTP_HOST isValid=${1} appIdObjects=2 + log ${policyDict} + ${rescode} ${policyId2} AddPolicies 1 ${policyDict} v2 + insert_policyId_to_file1 deny_profileId ${profiledId} + insert_policyId_to_file1 deny_objectId1 ${objectId} + insert_policyId_to_file1 intercept_deny_policyId1 ${policyId1} + insert_policyId_to_file1 deny_policyId1 ${policyId2} + +Proxy-Policy-deny-00003 + [Tags] url + Comment 创建fqdn + ${objectDict} Create Dictionary objectType=fqdn_category isValid=${1} addItemList=*wmtransfer.com,verifone.com,bcg.com,rolandberger.com + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=www.wmtransfer*,$ww.verifone.com/ru/ru/o-verifone,*country=RU,capabilities + ${rescode} ${objectId1} AddObject2 ${1} ${objectDict} + Comment #创建引用文件 + ${response} CreatePolicyFile2 ${url} ${responsePageFiles} 404china.html resPages + ${profiledId} Get From Dictionary ${response} profileId + Comment Comment 创建拦截策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-deny policyType=tsg_security policyDesc=autotest action=intercept userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} filterList=${objectId}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=3 + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + Comment 创建deny策略 + ${policyDict} Create Dictionary policyName=Proxy-Policy-deny-00003 policyType=pxy_manipulation policyDesc=autotest action=deny userRegion={"method":"block","html_profile":${profiledId},"code":404,"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_URL isValid=${1} appIdObjects=2 + log ${policyDict} + ${rescode} ${policyId2} AddPolicies 1 ${policyDict} v2 + insert_policyId_to_file1 deny_profileId1 ${profiledId} + insert_policyId_to_file1 deny_objectId2 ${objectId} + insert_policyId_to_file1 deny_objectId3 ${objectId1} + insert_policyId_to_file1 intercept_deny_policyId2 ${policyId1} + insert_policyId_to_file1 deny_policyId2 ${policyId2} + +Proxy-Policy-deny-00004 + [Tags] 请求头 + Comment 创建fqdn + ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*nielsen.com + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=insights + ${rescode} ${objectId1} AddObject2 ${1} ${objectDict} + Comment 创建请求头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=Mozilla/5.0*|User-Agent + ${rescode} ${objectId2} AddObject2 ${1} ${objectDict} + Comment 创建拦截策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-deny policyType=tsg_security policyDesc=autotest action=intercept userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} filterList=${objectId}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=3 + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + Comment 创建deny策略 + ${policyDict} Create Dictionary policyName=Proxy-Policy-deny-00004 policyType=pxy_manipulation policyDesc=autotest action=deny userRegion={"method":"block","message":"qwertyuiop","code":404,"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_URL,${objectId2}|TSG_FIELD_HTTP_REQ_HDR isValid=${1} appIdObjects=2 + log ${policyDict} + ${rescode} ${policyId2} AddPolicies 1 ${policyDict} v2 + insert_policyId_to_file1 deny_objectId4 ${objectId} + insert_policyId_to_file1 deny_objectId5 ${objectId1} + insert_policyId_to_file1 deny_objectId6 ${objectId2} + insert_policyId_to_file1 intercept_deny_policyId3 ${policyId1} + insert_policyId_to_file1 deny_policyId3 ${policyId2} + +Proxy-Policy-deny-00005 + [Tags] 请求头 + Comment 创建fqdn + ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$www.thecolor.com + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=popularcoloringpages + ${rescode} ${objectId1} AddObject2 ${1} ${objectDict} + Comment 创建请求头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/31.0.1650.63 Safari/537.36|User-Agent + ${rescode} ${objectId2} AddObject2 ${1} ${objectDict} + Comment 创建拦截策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-deny policyType=tsg_security policyDesc=autotest action=intercept userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} filterList=${objectId}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=3 + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + Comment 创建deny策略 + ${policyDict} Create Dictionary policyName=Proxy-Policy-deny-00005 policyType=pxy_manipulation policyDesc=autotest action=deny userRegion={"method":"block","message":" онлайн фильмы","code":451,"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_URL,${objectId2}|TSG_FIELD_HTTP_REQ_HDR isValid=${1} appIdObjects=2 + log ${policyDict} + ${rescode} ${policyId2} AddPolicies 1 ${policyDict} v2 + insert_policyId_to_file1 deny_objectId7 ${objectId} + insert_policyId_to_file1 deny_objectId8 ${objectId1} + insert_policyId_to_file1 deny_objectId9 ${objectId2} + insert_policyId_to_file1 intercept_deny_policyId4 ${policyId1} + insert_policyId_to_file1 deny_policyId4 ${policyId2} + +Proxy-Policy-deny-00006 + [Tags] 请求头 + Comment 创建fqdn + ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$sciencebob.com + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=experiments + ${rescode} ${objectId1} AddObject2 ${1} ${objectDict} + Comment 创建请求头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=AppleWebKit|User-Agent + ${rescode} ${objectId2} AddObject2 ${1} ${objectDict} + Comment 创建拦截策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-deny policyType=tsg_security policyDesc=autotest action=intercept userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} filterList=${objectId}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=3 + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + Comment 创建deny策略 + ${policyDict} Create Dictionary policyName=Proxy-Policy-deny-00006 policyType=pxy_manipulation policyDesc=autotest action=deny userRegion={"method":"block","message":"明天大涨","code":404,"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_URL,${objectId2}|TSG_FIELD_HTTP_REQ_HDR isValid=${1} appIdObjects=2 + log ${policyDict} + ${rescode} ${policyId2} AddPolicies 1 ${policyDict} v2 + insert_policyId_to_file1 deny_objectId10 ${objectId} + insert_policyId_to_file1 deny_objectId11 ${objectId1} + insert_policyId_to_file1 deny_objectId12 ${objectId2} + insert_policyId_to_file1 intercept_deny_policyId5 ${policyId1} + insert_policyId_to_file1 deny_policyId5 ${policyId2} + +Proxy-Policy-deny-00007 + [Tags] 请求头 + Comment 创建fqdn + ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=$www.europages.com.ru + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=ezhegodnik + ${rescode} ${objectId1} AddObject2 ${1} ${objectDict} + Comment 创建请求头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*Safari/537.36|User-Agent + ${rescode} ${objectId2} AddObject2 ${1} ${objectDict} + Comment 创建拦截策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-deny policyType=tsg_security policyDesc=autotest action=intercept userRegion={"protocol":"SSL","keyring":1,"decryption":1,"decrypt_mirror":{"enable":0,"mirror_profile":null}} filterList=${objectId}|TSG_FIELD_SSL_SNI isValid=${1} appIdObjects=3 + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + Comment 创建deny策略 + ${policyDict} Create Dictionary policyName=Proxy-Policy-deny-00007 policyType=pxy_manipulation policyDesc=autotest action=deny userRegion={"method":"block","message":"今天中奖","code":403,"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_URL,${objectId2}|TSG_FIELD_HTTP_REQ_HDR isValid=${1} appIdObjects=2 + log ${policyDict} + ${rescode} ${policyId2} AddPolicies 1 ${policyDict} v2 + insert_policyId_to_file1 deny_objectId13 ${objectId} + insert_policyId_to_file1 deny_objectId14 ${objectId1} + insert_policyId_to_file1 deny_objectId15 ${objectId2} + insert_policyId_to_file1 intercept_deny_policyId6 ${policyId1} + insert_policyId_to_file1 deny_policyId6 ${policyId2} + +Proxy-Policy-deny-00008 + [Tags] 应答头 + Comment 创建fqdn + ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*6renyou.com + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=user_comment + ${rescode} ${objectId1} AddObject2 ${1} ${objectDict} + Comment 创建请求头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=*utf-8|Content-Type + ${rescode} ${objectId2} AddObject2 ${1} ${objectDict} + Comment #创建引用文件 + ${response} CreatePolicyFile2 ${url} ${responsePageFiles} 404china.html resPages + ${profiledId} Get From Dictionary ${response} profileId + Comment Comment 创建拦截策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-deny policyType=tsg_security policyDesc=autotest action=intercept userRegion={"protocol":"HTTP"} filterList=${objectId}|TSG_FIELD_HTTP_HOST isValid=${1} appIdObjects=2 + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + Comment 创建deny策略 + ${policyDict} Create Dictionary policyName=Proxy-Policy-deny-00008 policyType=pxy_manipulation policyDesc=autotest action=deny userRegion={"method":"block","html_profile":${profiledId},"code":451,"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_URL,${objectId2}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appIdObjects=2 + log ${policyDict} + ${rescode} ${policyId2} AddPolicies 1 ${policyDict} v2 + insert_policyId_to_file1 deny_profileId2 ${profiledId} + insert_policyId_to_file1 deny_objectId16 ${objectId} + insert_policyId_to_file1 deny_objectId17 ${objectId1} + insert_policyId_to_file1 deny_objectId18 ${objectId2} + insert_policyId_to_file1 intercept_deny_policyId7 ${policyId1} + insert_policyId_to_file1 deny_policyId7 ${policyId2} + +Proxy-Policy-deny-00009 + [Tags] 应答头 + Comment 创建fqdn + ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*ljale.com + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=webdir.html + ${rescode} ${objectId1} AddObject2 ${1} ${objectDict} + Comment 创建请求头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=$text/html|Content-Type + ${rescode} ${objectId2} AddObject2 ${1} ${objectDict} + Comment #创建引用文件 + ${response} CreatePolicyFile2 ${url} ${responsePageFiles} 404china.html resPages + ${profiledId} Get From Dictionary ${response} profileId + Comment Comment 创建拦截策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-deny policyType=tsg_security policyDesc=autotest action=intercept userRegion={"protocol":"HTTP"} filterList=${objectId}|TSG_FIELD_HTTP_HOST isValid=${1} appIdObjects=2 + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + Comment 创建deny策略 + ${policyDict} Create Dictionary policyName=Proxy-Policy-deny-00009 policyType=pxy_manipulation policyDesc=autotest action=deny userRegion={"method":"block","html_profile":${profiledId},"code":451,"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_URL,${objectId2}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appIdObjects=2 + log ${policyDict} + ${rescode} ${policyId2} AddPolicies 1 ${policyDict} v2 + insert_policyId_to_file1 deny_profileId3 ${profiledId} + insert_policyId_to_file1 deny_objectId19 ${objectId} + insert_policyId_to_file1 deny_objectId20 ${objectId1} + insert_policyId_to_file1 deny_objectId21 ${objectId2} + insert_policyId_to_file1 intercept_deny_policyId8 ${policyId1} + insert_policyId_to_file1 deny_policyId8 ${policyId2} + +Proxy-Policy-deny-00010 + [Tags] 应答头 + Comment 创建fqdn + ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*duckduckmoose.com + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=learn + ${rescode} ${objectId1} AddObject2 ${1} ${objectDict} + Comment 创建请求头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=text/html|Content-Type + ${rescode} ${objectId2} AddObject2 ${1} ${objectDict} + Comment #创建引用文件 + ${response} CreatePolicyFile2 ${url} ${responsePageFiles} 404english.html resPages + ${profiledId} Get From Dictionary ${response} profileId + Comment Comment 创建拦截策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-deny policyType=tsg_security policyDesc=autotest action=intercept userRegion={"protocol":"HTTP"} filterList=${objectId}|TSG_FIELD_HTTP_HOST isValid=${1} appIdObjects=2 + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + Comment 创建deny策略 + ${policyDict} Create Dictionary policyName=Proxy-Policy-deny-00009 policyType=pxy_manipulation policyDesc=autotest action=deny userRegion={"method":"block","html_profile":${profiledId},"code":451,"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_URL,${objectId2}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appIdObjects=2 + log ${policyDict} + ${rescode} ${policyId2} AddPolicies 1 ${policyDict} v2 + insert_policyId_to_file1 deny_profileId5 ${profiledId} + insert_policyId_to_file1 deny_objectId22 ${objectId} + insert_policyId_to_file1 deny_objectId23 ${objectId1} + insert_policyId_to_file1 deny_objectId24 ${objectId2} + insert_policyId_to_file1 intercept_deny_policyId9 ${policyId1} + insert_policyId_to_file1 deny_policyId9 ${policyId2} + +Proxy-Policy-deny-00011 + [Tags] 应答头 + Comment 创建fqdn + ${objectDict} Create Dictionary objectType=fqdn isValid=${1} addItemList=*tutcandy.com + ${rescode} ${objectId} AddObject2 ${1} ${objectDict} + Comment 创建url + ${objectDict} Create Dictionary objectType=url isValid=${1} addItemList=sketch-to + ${rescode} ${objectId1} AddObject2 ${1} ${objectDict} + Comment 创建请求头 + ${objectDict} Create Dictionary objectType=http_signature isValid=${1} addItemList=text*|Content-Type + ${rescode} ${objectId2} AddObject2 ${1} ${objectDict} + Comment #创建引用文件 + ${response} CreatePolicyFile2 ${url} ${responsePageFiles} 404english.html resPages + ${profiledId} Get From Dictionary ${response} profileId + Comment Comment 创建拦截策略 + ${policyDict} Create Dictionary policyName=SecurityPolicy-Intercept-deny policyType=tsg_security policyDesc=autotest action=intercept userRegion={"protocol":"HTTP"} filterList=${objectId}|TSG_FIELD_HTTP_HOST isValid=${1} appIdObjects=2 + log ${policyDict} + ${rescode} ${policyId1} AddPolicies 1 ${policyDict} v2 + Comment 创建deny策略 + ${policyDict} Create Dictionary policyName=Proxy-Policy-deny-00009 policyType=pxy_manipulation policyDesc=autotest action=deny userRegion={"method":"block","html_profile":${profiledId},"code":451,"protocol":"HTTP"} filterList=${objectId1}|TSG_FIELD_HTTP_URL,${objectId2}|TSG_FIELD_HTTP_RES_HDR isValid=${1} appIdObjects=2 + log ${policyDict} + ${rescode} ${policyId2} AddPolicies 1 ${policyDict} v2 + insert_policyId_to_file1 deny_profileId6 ${profiledId} + insert_policyId_to_file1 deny_objectId25 ${objectId} + insert_policyId_to_file1 deny_objectId26 ${objectId1} + insert_policyId_to_file1 deny_objectId27 ${objectId2} + insert_policyId_to_file1 intercept_deny_policyId10 ${policyId1} + insert_policyId_to_file1 deny_policyId10 ${policyId2} + +Proxy-Policy-deny-00012 + [Tags] cookie + +Proxy-Policy-deny-00013 + [Tags] set-cookie + +Proxy-Policy-deny-00014 + [Tags] 请求体 + +Proxy-Policy-deny-00015 + [Tags] 应答体 + +Proxy-Policy-deny-00016 + [Tags] 最大组合1 + +Proxy-Policy-deny-00017 + [Tags] 最大组合2