代理拦截修改提交

2019-05-21 19:50:54 +08:00
parent ac52747686
commit 182a6a8ddc
34 changed files with 2489 additions and 188 deletions
--- a/src/main/java/com/nis/domain/configuration/BaseIpCfg.java
+++ b/src/main/java/com/nis/domain/configuration/BaseIpCfg.java
@@ -9,6 +9,7 @@
 package com.nis.domain.configuration;
 import java.util.List;
 import java.util.Map;
 import com.google.gson.annotations.Expose;
 import com.google.gson.annotations.SerializedName;
@@ -399,4 +400,110 @@ public class BaseIpCfg extends BaseCfg<BaseIpCfg> {
 	public void setIndex(Integer index) {
 		this.index = index;
 	}
 	protected Integer keyring;
 	protected Integer evCert;
 	protected Integer certTransparency;
 	protected Integer clientCertReq;
 	protected Integer pinning;
 	protected Integer cn;
 	protected Integer issuer;
 	protected Integer selfSigned;
 	protected Integer expiration;
 	protected String failMethod;
 	protected String min;
 	protected String max;
 	protected Integer mirrorClient;
 	protected Integer enable;
 	protected Integer mirrorProfile;
 	public Integer getKeyring() {
 		return keyring;
 	}
 	public void setKeyring(Integer keyring) {
 		this.keyring = keyring;
 	}
 	public Integer getEvCert() {
 		return evCert;
 	}
 	public void setEvCert(Integer evCert) {
 		this.evCert = evCert;
 	}
 	public Integer getCertTransparency() {
 		return certTransparency;
 	}
 	public void setCertTransparency(Integer certTransparency) {
 		this.certTransparency = certTransparency;
 	}
 	public Integer getClientCertReq() {
 		return clientCertReq;
 	}
 	public void setClientCertReq(Integer clientCertReq) {
 		this.clientCertReq = clientCertReq;
 	}
 	public Integer getPinning() {
 		return pinning;
 	}
 	public void setPinning(Integer pinning) {
 		this.pinning = pinning;
 	}
 	public Integer getCn() {
 		return cn;
 	}
 	public void setCn(Integer cn) {
 		this.cn = cn;
 	}
 	public Integer getIssuer() {
 		return issuer;
 	}
 	public void setIssuer(Integer issuer) {
 		this.issuer = issuer;
 	}
 	public Integer getSelfSigned() {
 		return selfSigned;
 	}
 	public void setSelfSigned(Integer selfSigned) {
 		this.selfSigned = selfSigned;
 	}
 	public Integer getExpiration() {
 		return expiration;
 	}
 	public void setExpiration(Integer expiration) {
 		this.expiration = expiration;
 	}
 	public String getFailMethod() {
 		return failMethod;
 	}
 	public void setFailMethod(String failMethod) {
 		this.failMethod = failMethod;
 	}
 	public String getMin() {
 		return min;
 	}
 	public void setMin(String min) {
 		this.min = min;
 	}
 	public String getMax() {
 		return max;
 	}
 	public void setMax(String max) {
 		this.max = max;
 	}
 	public Integer getMirrorClient() {
 		return mirrorClient;
 	}
 	public void setMirrorClient(Integer mirrorClient) {
 		this.mirrorClient = mirrorClient;
 	}
 	public Integer getEnable() {
 		return enable;
 	}
 	public void setEnable(Integer enable) {
 		this.enable = enable;
 	}
 	public Integer getMirrorProfile() {
 		return mirrorProfile;
 	}
 	public void setMirrorProfile(Integer mirrorProfile) {
 		this.mirrorProfile = mirrorProfile;
 	}
 }
--- a/src/main/java/com/nis/domain/configuration/BaseStringCfg.java
+++ b/src/main/java/com/nis/domain/configuration/BaseStringCfg.java
@@ -282,5 +282,110 @@ public class BaseStringCfg<T> extends BaseCfg<T> {
 	public void setRegionId(Integer regionId) {
 		this.regionId = regionId;
 	}
-	
+	protected Integer keyring;
 	protected Integer evCert;
 	protected Integer certTransparency;
 	protected Integer clientCertReq;
 	protected Integer pinning;
 	protected Integer cn;
 	protected Integer issuer;
 	protected Integer selfSigned;
 	protected Integer expiration;
 	protected String failMethod;
 	protected String min;
 	protected String max;
 	protected Integer mirrorClient;
 	protected Integer enable;
 	protected Integer mirrorProfile;
 	public Integer getKeyring() {
 		return keyring;
 	}
 	public void setKeyring(Integer keyring) {
 		this.keyring = keyring;
 	}
 	public Integer getEvCert() {
 		return evCert;
 	}
 	public void setEvCert(Integer evCert) {
 		this.evCert = evCert;
 	}
 	public Integer getCertTransparency() {
 		return certTransparency;
 	}
 	public void setCertTransparency(Integer certTransparency) {
 		this.certTransparency = certTransparency;
 	}
 	public Integer getClientCertReq() {
 		return clientCertReq;
 	}
 	public void setClientCertReq(Integer clientCertReq) {
 		this.clientCertReq = clientCertReq;
 	}
 	public Integer getPinning() {
 		return pinning;
 	}
 	public void setPinning(Integer pinning) {
 		this.pinning = pinning;
 	}
 	public Integer getCn() {
 		return cn;
 	}
 	public void setCn(Integer cn) {
 		this.cn = cn;
 	}
 	public Integer getIssuer() {
 		return issuer;
 	}
 	public void setIssuer(Integer issuer) {
 		this.issuer = issuer;
 	}
 	public Integer getSelfSigned() {
 		return selfSigned;
 	}
 	public void setSelfSigned(Integer selfSigned) {
 		this.selfSigned = selfSigned;
 	}
 	public Integer getExpiration() {
 		return expiration;
 	}
 	public void setExpiration(Integer expiration) {
 		this.expiration = expiration;
 	}
 	public String getFailMethod() {
 		return failMethod;
 	}
 	public void setFailMethod(String failMethod) {
 		this.failMethod = failMethod;
 	}
 	public String getMin() {
 		return min;
 	}
 	public void setMin(String min) {
 		this.min = min;
 	}
 	public String getMax() {
 		return max;
 	}
 	public void setMax(String max) {
 		this.max = max;
 	}
 	public Integer getMirrorClient() {
 		return mirrorClient;
 	}
 	public void setMirrorClient(Integer mirrorClient) {
 		this.mirrorClient = mirrorClient;
 	}
 	public Integer getEnable() {
 		return enable;
 	}
 	public void setEnable(Integer enable) {
 		this.enable = enable;
 	}
 	public Integer getMirrorProfile() {
 		return mirrorProfile;
 	}
 	public void setMirrorProfile(Integer mirrorProfile) {
 		this.mirrorProfile = mirrorProfile;
 	}
 }
--- a/src/main/java/com/nis/domain/configuration/PxyInterceptCfg.java
+++ b/src/main/java/com/nis/domain/configuration/PxyInterceptCfg.java
@@ -0,0 +1,137 @@
 package com.nis.domain.configuration;
 import com.nis.util.excel.ExcelField;
 public class PxyInterceptCfg extends CfgIndexInfo {
 	/**
 	 * 
 	 */
 	private static final long serialVersionUID = 994229066993318362L;
 	@ExcelField(title="pxy_intercept_monit_keyring",sort=7)
 	private String keyring;
 	@ExcelField(title="exclusions_ev_cert",dictType="SYS_YES_NO",sort=8)
 	private String evCert;
 	@ExcelField(title="exclusions_cert_transparency",dictType="SYS_YES_NO",sort=9)
 	private String certTransparency;
 	@ExcelField(title="exclusions_client_cert_req",dictType="SYS_YES_NO",sort=10)
 	private String clientCertReq;
 	@ExcelField(title="exclusions_pinning",dictType="SYS_YES_NO",sort=11)
 	private String pinning;
 	@ExcelField(title="cert_verify_approach_cn",dictType="SYS_YES_NO",sort=12)
 	private String cn;
 	@ExcelField(title="cert_verify_approach_issuer",dictType="SYS_YES_NO",sort=13)
 	private String issuer;
 	@ExcelField(title="cert_verify_approach_self_signed",dictType="SYS_YES_NO",sort=14)
 	private String selfSigned;
 	@ExcelField(title="cert_verify_approach_expiration",dictType="SYS_YES_NO",sort=15)
 	private String expiration;
 	@ExcelField(title="cert_verify_fail_method",dictType="FAIL_METHOD",sort=16)
 	private String failMethod;
 	@ExcelField(title="ssl_ver_min",dictType="SSL_VERSION",sort=17)
 	private String min;
 	@ExcelField(title="ssl_ver_max",dictType="SSL_VERSION",sort=18)
 	private String max;
 	@ExcelField(title="ssl_ver_mirror_client",dictType="SYS_YES_NO",sort=19)
 	private String mirrorClient;
 	@ExcelField(title="decrypt_mirror_enable",dictType="SYS_YES_NO",sort=20)
 	private String enable;
 	@ExcelField(title="decrypt_mirror_mirror_profile",sort=21)
 	private String mirrorProfile;
 	private String userRegion1;
 	private String userRegion2;
 	private String userRegion3;
 	private String userRegion4;
 	private String userRegion5;
 	public String getKeyring() {
 		return keyring;
 	}
 	public void setKeyring(String keyring) {
 		this.keyring = keyring;
 	}
 	public String getEvCert() {
 		return evCert;
 	}
 	public void setEvCert(String evCert) {
 		this.evCert = evCert;
 	}
 	public String getCertTransparency() {
 		return certTransparency;
 	}
 	public void setCertTransparency(String certTransparency) {
 		this.certTransparency = certTransparency;
 	}
 	public String getClientCertReq() {
 		return clientCertReq;
 	}
 	public void setClientCertReq(String clientCertReq) {
 		this.clientCertReq = clientCertReq;
 	}
 	public String getPinning() {
 		return pinning;
 	}
 	public void setPinning(String pinning) {
 		this.pinning = pinning;
 	}
 	public String getCn() {
 		return cn;
 	}
 	public void setCn(String cn) {
 		this.cn = cn;
 	}
 	public String getIssuer() {
 		return issuer;
 	}
 	public void setIssuer(String issuer) {
 		this.issuer = issuer;
 	}
 	public String getSelfSigned() {
 		return selfSigned;
 	}
 	public void setSelfSigned(String selfSigned) {
 		this.selfSigned = selfSigned;
 	}
 	public String getExpiration() {
 		return expiration;
 	}
 	public void setExpiration(String expiration) {
 		this.expiration = expiration;
 	}
 	public String getFailMethod() {
 		return failMethod;
 	}
 	public void setFailMethod(String failMethod) {
 		this.failMethod = failMethod;
 	}
 	public String getMin() {
 		return min;
 	}
 	public void setMin(String min) {
 		this.min = min;
 	}
 	public String getMax() {
 		return max;
 	}
 	public void setMax(String max) {
 		this.max = max;
 	}
 	public String getMirrorClient() {
 		return mirrorClient;
 	}
 	public void setMirrorClient(String mirrorClient) {
 		this.mirrorClient = mirrorClient;
 	}
 	public String getEnable() {
 		return enable;
 	}
 	public void setEnable(String enable) {
 		this.enable = enable;
 	}
 	public String getMirrorProfile() {
 		return mirrorProfile;
 	}
 	public void setMirrorProfile(String mirrorProfile) {
 		this.mirrorProfile = mirrorProfile;
 	}
 }
--- a/src/main/java/com/nis/domain/configuration/template/InterceptDomainTemplate.java
+++ b/src/main/java/com/nis/domain/configuration/template/InterceptDomainTemplate.java
@@ -0,0 +1,142 @@
 package com.nis.domain.configuration.template;
 import com.nis.util.excel.ExcelField;
 public class InterceptDomainTemplate extends StringAllNotDoLogTemplate {
 	private Integer keyring;
 	private Integer evCert;
 	private Integer certTransparency;
 	private Integer clientCertReq;
 	private Integer pinning;
 	private Integer cn;
 	private Integer issuer;
 	private Integer selfSigned;
 	private Integer expiration;
 	private String failMethod;
 	private String min;
 	private String max;
 	private Integer mirrorClient;
 	private Integer enable;
 	private Integer mirrorProfile;
 	@ExcelField(title="pxy_intercept_monit_keyring",align=2,sort=17)
 	public Integer getKeyring() {
 		return keyring;
 	}
 	public void setKeyring(Integer keyring) {
 		this.keyring = keyring;
 	}
 	@ExcelField(title="exclusions_ev_cert",align=2,sort=18)
 	public Integer getEvCert() {
 		return evCert;
 	}
 	public void setEvCert(Integer evCert) {
 		this.evCert = evCert;
 	}
 	@ExcelField(title="exclusions_cert_transparency",align=2,sort=19)
 	public Integer getCertTransparency() {
 		return certTransparency;
 	}
 	public void setCertTransparency(Integer certTransparency) {
 		this.certTransparency = certTransparency;
 	}
 	@ExcelField(title="exclusions_client_cert_req",align=2,sort=20)
 	public Integer getClientCertReq() {
 		return clientCertReq;
 	}
 	public void setClientCertReq(Integer clientCertReq) {
 		this.clientCertReq = clientCertReq;
 	}
 	@ExcelField(title="exclusions_pinning",align=2,sort=21)
 	public Integer getPinning() {
 		return pinning;
 	}
 	public void setPinning(Integer pinning) {
 		this.pinning = pinning;
 	}
 	@ExcelField(title="cert_verify_approach_cn",align=2,sort=22)
 	public Integer getCn() {
 		return cn;
 	}
 	public void setCn(Integer cn) {
 		this.cn = cn;
 	}
 	@ExcelField(title="cert_verify_approach_issuer",align=2,sort=23)
 	public Integer getIssuer() {
 		return issuer;
 	}
 	public void setIssuer(Integer issuer) {
 		this.issuer = issuer;
 	}
 	@ExcelField(title="cert_verify_approach_self_signed",align=2,sort=24)
 	public Integer getSelfSigned() {
 		return selfSigned;
 	}
 	public void setSelfSigned(Integer selfSigned) {
 		this.selfSigned = selfSigned;
 	}
 	@ExcelField(title="cert_verify_approach_expiration",align=2,sort=25)
 	public Integer getExpiration() {
 		return expiration;
 	}
 	public void setExpiration(Integer expiration) {
 		this.expiration = expiration;
 	}
 	@ExcelField(title="cert_verify_fail_method",dictType="FAIL_METHOD",align=2,sort=26)
 	public String getFailMethod() {
 		return failMethod;
 	}
 	public void setFailMethod(String failMethod) {
 		this.failMethod = failMethod;
 	}
 	@ExcelField(title="ssl_ver_min",dictType="SSL_VERSION",align=2,sort=27)
 	public String getMin() {
 		return min;
 	}
 	public void setMin(String min) {
 		this.min = min;
 	}
 	@ExcelField(title="ssl_ver_max",dictType="SSL_VERSION",align=2,sort=28)
 	public String getMax() {
 		return max;
 	}
 	public void setMax(String max) {
 		this.max = max;
 	}
 	@ExcelField(title="ssl_ver_mirror_client",align=2,sort=29)
 	public Integer getMirrorClient() {
 		return mirrorClient;
 	}
 	public void setMirrorClient(Integer mirrorClient) {
 		this.mirrorClient = mirrorClient;
 	}
 	@ExcelField(title="decrypt_mirror_enable",align=2,sort=30)
 	public Integer getEnable() {
 		return enable;
 	}
 	public void setEnable(Integer enable) {
 		this.enable = enable;
 	}
 	@ExcelField(title="decrypt_mirror_mirror_profile",align=2,sort=31)
 	public Integer getMirrorProfile() {
 		return mirrorProfile;
 	}
 	public void setMirrorProfile(Integer mirrorProfile) {
 		this.mirrorProfile = mirrorProfile;
 	}
 }
--- a/src/main/java/com/nis/domain/configuration/template/InterceptIpTemplate.java
+++ b/src/main/java/com/nis/domain/configuration/template/InterceptIpTemplate.java
@@ -0,0 +1,143 @@
 package com.nis.domain.configuration.template;
 import com.nis.util.excel.ExcelField;
 public class InterceptIpTemplate extends IpAllNotDoLogTemplate {
 	private Integer keyring;
 	private Integer evCert;
 	private Integer certTransparency;
 	private Integer clientCertReq;
 	private Integer pinning;
 	private Integer cn;
 	private Integer issuer;
 	private Integer selfSigned;
 	private Integer expiration;
 	private String failMethod;
 	private String min;
 	private String max;
 	private Integer mirrorClient;
 	private Integer enable;
 	private Integer mirrorProfile;
 	@ExcelField(title="pxy_intercept_monit_keyring",align=2,sort=17)
 	public Integer getKeyring() {
 		return keyring;
 	}
 	public void setKeyring(Integer keyring) {
 		this.keyring = keyring;
 	}
 	@ExcelField(title="exclusions_ev_cert",align=2,sort=18)
 	public Integer getEvCert() {
 		return evCert;
 	}
 	public void setEvCert(Integer evCert) {
 		this.evCert = evCert;
 	}
 	@ExcelField(title="exclusions_cert_transparency",align=2,sort=19)
 	public Integer getCertTransparency() {
 		return certTransparency;
 	}
 	public void setCertTransparency(Integer certTransparency) {
 		this.certTransparency = certTransparency;
 	}
 	@ExcelField(title="exclusions_client_cert_req",align=2,sort=20)
 	public Integer getClientCertReq() {
 		return clientCertReq;
 	}
 	public void setClientCertReq(Integer clientCertReq) {
 		this.clientCertReq = clientCertReq;
 	}
 	@ExcelField(title="exclusions_pinning",align=2,sort=21)
 	public Integer getPinning() {
 		return pinning;
 	}
 	public void setPinning(Integer pinning) {
 		this.pinning = pinning;
 	}
 	@ExcelField(title="cert_verify_approach_cn",align=2,sort=22)
 	public Integer getCn() {
 		return cn;
 	}
 	public void setCn(Integer cn) {
 		this.cn = cn;
 	}
 	@ExcelField(title="cert_verify_approach_issuer",align=2,sort=23)
 	public Integer getIssuer() {
 		return issuer;
 	}
 	public void setIssuer(Integer issuer) {
 		this.issuer = issuer;
 	}
 	@ExcelField(title="cert_verify_approach_self_signed",align=2,sort=24)
 	public Integer getSelfSigned() {
 		return selfSigned;
 	}
 	public void setSelfSigned(Integer selfSigned) {
 		this.selfSigned = selfSigned;
 	}
 	@ExcelField(title="cert_verify_approach_expiration",align=2,sort=25)
 	public Integer getExpiration() {
 		return expiration;
 	}
 	public void setExpiration(Integer expiration) {
 		this.expiration = expiration;
 	}
 	@ExcelField(title="cert_verify_fail_method",dictType="FAIL_METHOD",align=2,sort=26)
 	public String getFailMethod() {
 		return failMethod;
 	}
 	public void setFailMethod(String failMethod) {
 		this.failMethod = failMethod;
 	}
 	@ExcelField(title="ssl_ver_min",dictType="SSL_VERSION",align=2,sort=27)
 	public String getMin() {
 		return min;
 	}
 	public void setMin(String min) {
 		this.min = min;
 	}
 	@ExcelField(title="ssl_ver_max",dictType="SSL_VERSION",align=2,sort=28)
 	public String getMax() {
 		return max;
 	}
 	public void setMax(String max) {
 		this.max = max;
 	}
 	@ExcelField(title="ssl_ver_mirror_client",align=2,sort=29)
 	public Integer getMirrorClient() {
 		return mirrorClient;
 	}
 	public void setMirrorClient(Integer mirrorClient) {
 		this.mirrorClient = mirrorClient;
 	}
 	@ExcelField(title="decrypt_mirror_enable",align=2,sort=30)
 	public Integer getEnable() {
 		return enable;
 	}
 	public void setEnable(Integer enable) {
 		this.enable = enable;
 	}
 	@ExcelField(title="decrypt_mirror_mirror_profile",align=2,sort=31)
 	public Integer getMirrorProfile() {
 		return mirrorProfile;
 	}
 	public void setMirrorProfile(Integer mirrorProfile) {
 		this.mirrorProfile = mirrorProfile;
 	}
 }
--- a/src/main/java/com/nis/domain/configuration/template/IpAllNotDoLogTemplate.java
+++ b/src/main/java/com/nis/domain/configuration/template/IpAllNotDoLogTemplate.java
@@ -15,13 +15,13 @@ public class IpAllNotDoLogTemplate extends BasicTemplate{
-	private String cfgDesc;
+	protected String cfgDesc;
-	private String srcIpAddress; 
+	protected String srcIpAddress; 
-	private String destIpAddress; 
+	protected String destIpAddress; 
-	private String srcPort; 
+	protected String srcPort; 
-	private String destPort;
+	protected String destPort;
-	private Integer protocol;
+	protected Integer protocol;
-	private Integer direction;
+	protected Integer direction;
 	@ExcelField(title="config_describe",align=2,sort=1)
 	public String getCfgDesc() {
--- a/src/main/java/com/nis/util/SchedulerTaskUtil.java
+++ b/src/main/java/com/nis/util/SchedulerTaskUtil.java
@@ -146,8 +146,8 @@ public class SchedulerTaskUtil {
 									}else if("2".equals(m.get("cfgType"))){
 										strList.addAll(configSynchronizationDao.getStrList(regionTable,compileIds));
 										//512/521/514/1026业务的用户自定义域取DOMAIN_STR取自Keyword
-										if(entity.getServiceId()==512
+										if(/*entity.getServiceId()==512
-												||entity.getServiceId()==521
+												||*/entity.getServiceId()==521
 												||entity.getServiceId()==514
 												||entity.getServiceId()==1026) {
 											keywordMap=configSynchronizationDao.getCompileIdWithKeyword(regionTable, compileIds);
@@ -208,9 +208,9 @@ public class SchedulerTaskUtil {
 												}
 												userRegion += n.get("regionKey")+"="+value+Constants.USER_REGION_SPLIT;
 											}else{
-												if(regionKey.equals("keyring_id") && StringUtil.isEmpty(value)){
+												/*if(regionKey.equals("keyring_id") && StringUtil.isEmpty(value)){
 													value = "0";
-												}else if(regionKey.equals("DOMAIN_STR")) {
+												}else*/ if(regionKey.equals("DOMAIN_STR")) {
 													if(!StringUtil.isEmpty(keywordMap) && !StringUtil.isEmpty(keywordMap.get(cfg.getCompileId()))) {
 														value = keywordMap.get(cfg.getCompileId()).getCfgKeywords();
 													}
--- a/src/main/java/com/nis/util/excel/ExportExcel.java
+++ b/src/main/java/com/nis/util/excel/ExportExcel.java
@@ -23,6 +23,7 @@ import java.util.Set;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import org.apache.commons.collections.CollectionUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.poi.ss.usermodel.Cell;
 import org.apache.poi.ss.usermodel.CellStyle;
@@ -49,7 +50,9 @@ import com.nis.domain.SysDataDictionaryItem;
 import com.nis.domain.basics.PolicyGroupInfo;
 import com.nis.domain.basics.ServiceDictInfo;
 import com.nis.domain.basics.SysDictInfo;
 import com.nis.domain.callback.ProxyFileTrafficMirrorCfg;
 import com.nis.domain.configuration.DnsResStrategy;
 import com.nis.domain.configuration.PxyObjKeyring;
 import com.nis.util.Constants;
 import com.nis.util.DictUtils;
 import com.nis.util.Encodes;
@@ -58,6 +61,8 @@ import com.nis.util.StringUtil;
 import com.nis.web.dao.basics.PolicyGroupInfoDao;
 import com.nis.web.dao.basics.SysDictInfoDao;
 import com.nis.web.dao.configuration.DnsResStrategyDao;
 import com.nis.web.dao.configuration.ProxyFileTrafficMirrorDao;
 import com.nis.web.dao.configuration.PxyObjKeyringDao;
 import com.nis.web.service.SpringContextHolder;
 /**
@@ -72,6 +77,8 @@ public class ExportExcel {
 	private static DnsResStrategyDao dnsResStrategyDao = SpringContextHolder.getBean(DnsResStrategyDao.class);
 	private static PolicyGroupInfoDao policyGroupInfoDao = SpringContextHolder.getBean(PolicyGroupInfoDao.class);
 	private static SysDictInfoDao sysDictInfoDao = SpringContextHolder.getBean(SysDictInfoDao.class);
 	private static PxyObjKeyringDao pxyObjKeyringDao = SpringContextHolder.getBean(PxyObjKeyringDao.class);
 	private static ProxyFileTrafficMirrorDao proxyFileDao = SpringContextHolder.getBean(ProxyFileTrafficMirrorDao.class);
 	/**
 	 * 工作薄对象
@@ -587,7 +594,352 @@ public class ExportExcel {
 			commentStr=commentStr+"▶"+msgProp.getProperty("ip_check")+"(IPv4)\n";
 			index++;
 		}
-			
+		/**********************************************************************pxy intercept************************************************************************************************************/
 		//pxy intercept
 		if("pxy_intercept_monit_keyring".equals(headerStr)) {
 			commentStr="";
 			List<PxyObjKeyring> certificateList=pxyObjKeyringDao.findList(null,1,1,"ip");
 			if(CollectionUtils.isNotEmpty(certificateList)) {
 				for (PxyObjKeyring certificate : certificateList) {
 					commentStr=commentStr+certificate.getCompileId()+"（"+certificate.getCfgDesc()+"）\n";
 					index++;
 				}
 			}
 			if(StringUtil.isEmpty(headerStr)){
 				headerStr="";
 				commentStr="";
 			}else{
 				commentStr=msgProp.getProperty("select")+":\n"+commentStr;
 				index++;
 				index++;
 				commentStr=commentStr+"\n"+msgProp.getProperty("rule_desc_tip")+":\n";
 				index++;
 				/*//2、默认值说明
 				commentStr=commentStr+"▶"+msgProp.getProperty("default_value")+":0\n";
 				index++;*/
 				index++;
 			}
 		}
 		//ev_cert
 		if("exclusions_ev_cert".equals(headerStr)) {
 			commentStr="";
 			commentStr=msgProp.getProperty("select")+":\n"+commentStr;
 			index++;
 			commentStr+=1+"（"+msgProp.getProperty("yes")+"）\n";
 			index++;
 			commentStr+=0+"（"+msgProp.getProperty("no")+"）\n";
 			index++;
 			if(StringUtil.isEmpty(headerStr)){
 				headerStr="";
 				commentStr="";
 			}else{
 				index++;
 				commentStr=commentStr+"\n"+msgProp.getProperty("rule_desc_tip")+":\n";
 				index++;
 				//2、默认值说明
 				commentStr=commentStr+"▶"+msgProp.getProperty("default_value")+":0\n";
 				index++;
 				index++;
 			}
 		}
 		//cert_transparency
 		if("exclusions_cert_transparency".equals(headerStr)) {
 			commentStr="";
 			commentStr=msgProp.getProperty("select")+":\n"+commentStr;
 			index++;
 			commentStr+=1+"（"+msgProp.getProperty("yes")+"）\n";
 			index++;
 			commentStr+=0+"（"+msgProp.getProperty("no")+"）\n";
 			index++;
 			if(StringUtil.isEmpty(headerStr)){
 				headerStr="";
 				commentStr="";
 			}else{
 				index++;
 				commentStr=commentStr+"\n"+msgProp.getProperty("rule_desc_tip")+":\n";
 				index++;
 				//2、默认值说明
 				commentStr=commentStr+"▶"+msgProp.getProperty("default_value")+":0\n";
 				index++;
 				index++;
 			}
 		}
 		//client_cert_req
 		if("exclusions_client_cert_req".equals(headerStr)) {
 			commentStr="";
 			commentStr=msgProp.getProperty("select")+":\n"+commentStr;
 			index++;
 			commentStr+=1+"（"+msgProp.getProperty("yes")+"）\n";
 			index++;
 			commentStr+=0+"（"+msgProp.getProperty("no")+"）\n";
 			index++;
 			if(StringUtil.isEmpty(headerStr)){
 				headerStr="";
 				commentStr="";
 			}else{
 				index++;
 				commentStr=commentStr+"\n"+msgProp.getProperty("rule_desc_tip")+":\n";
 				index++;
 				//2、默认值说明
 				commentStr=commentStr+"▶"+msgProp.getProperty("default_value")+":1\n";
 				index++;
 				index++;
 			}
 		}
 		//pinning
 		if("exclusions_pinning".equals(headerStr)) {
 			commentStr="";
 			commentStr=msgProp.getProperty("select")+":\n"+commentStr;
 			index++;
 			commentStr+=1+"（"+msgProp.getProperty("yes")+"）\n";
 			index++;
 			commentStr+=0+"（"+msgProp.getProperty("no")+"）\n";
 			index++;
 			if(StringUtil.isEmpty(headerStr)){
 				headerStr="";
 				commentStr="";
 			}else{
 				index++;
 				commentStr=commentStr+"\n"+msgProp.getProperty("rule_desc_tip")+":\n";
 				index++;
 				//2、默认值说明
 				commentStr=commentStr+"▶"+msgProp.getProperty("default_value")+":1\n";
 				index++;
 				index++;
 			}
 		}
 		//cn
 		if("cert_verify_approach_cn".equals(headerStr)) {
 			commentStr="";
 			commentStr=msgProp.getProperty("select")+":\n"+commentStr;
 			index++;
 			commentStr+=1+"（"+msgProp.getProperty("yes")+"）\n";
 			index++;
 			commentStr+=0+"（"+msgProp.getProperty("no")+"）\n";
 			index++;
 			if(StringUtil.isEmpty(headerStr)){
 				headerStr="";
 				commentStr="";
 			}else{
 				index++;
 				commentStr=commentStr+"\n"+msgProp.getProperty("rule_desc_tip")+":\n";
 				index++;
 				//2、默认值说明
 				commentStr=commentStr+"▶"+msgProp.getProperty("default_value")+":1\n";
 				index++;
 				index++;
 			}
 		}
 		//issuer
 		if("cert_verify_approach_issuer".equals(headerStr)) {
 			commentStr="";
 			commentStr=msgProp.getProperty("select")+":\n"+commentStr;
 			index++;
 			commentStr+=1+"（"+msgProp.getProperty("yes")+"）\n";
 			index++;
 			commentStr+=0+"（"+msgProp.getProperty("no")+"）\n";
 			index++;
 			if(StringUtil.isEmpty(headerStr)){
 				headerStr="";
 				commentStr="";
 			}else{
 				index++;
 				commentStr=commentStr+"\n"+msgProp.getProperty("rule_desc_tip")+":\n";
 				index++;
 				//2、默认值说明
 				commentStr=commentStr+"▶"+msgProp.getProperty("default_value")+":1\n";
 				index++;
 				index++;
 			}
 		}
 		//self-signed
 		if("cert_verify_approach_self_signed".equals(headerStr)) {
 			commentStr="";
 			commentStr=msgProp.getProperty("select")+":\n"+commentStr;
 			index++;
 			commentStr+=1+"（"+msgProp.getProperty("yes")+"）\n";
 			index++;
 			commentStr+=0+"（"+msgProp.getProperty("no")+"）\n";
 			index++;
 			if(StringUtil.isEmpty(headerStr)){
 				headerStr="";
 				commentStr="";
 			}else{
 				index++;
 				commentStr=commentStr+"\n"+msgProp.getProperty("rule_desc_tip")+":\n";
 				index++;
 				//2、默认值说明
 				commentStr=commentStr+"▶"+msgProp.getProperty("default_value")+":1\n";
 				index++;
 				index++;
 			}
 		}
 		//expiration
 		if("cert_verify_approach_expiration".equals(headerStr)) {
 			commentStr="";
 			commentStr=msgProp.getProperty("select")+":\n"+commentStr;
 			index++;
 			commentStr+=1+"（"+msgProp.getProperty("yes")+"）\n";
 			index++;
 			commentStr+=0+"（"+msgProp.getProperty("no")+"）\n";
 			index++;
 			if(StringUtil.isEmpty(headerStr)){
 				headerStr="";
 				commentStr="";
 			}else{
 				index++;
 				commentStr=commentStr+"\n"+msgProp.getProperty("rule_desc_tip")+":\n";
 				index++;
 				//2、默认值说明
 				commentStr=commentStr+"▶"+msgProp.getProperty("default_value")+":1\n";
 				index++;
 				index++;
 			}
 		}
 		//fail_method
 		if("cert_verify_fail_method".equals(headerStr)) {
 			commentStr="";
 			defaultValue="pass-through";
 			List<SysDataDictionaryItem> failMethods=DictUtils.getDictList("FAIL_METHOD");
 			if(CollectionUtils.isNotEmpty(failMethods)){
 				for (SysDataDictionaryItem failMethod : failMethods) {
 					commentStr=commentStr+failMethod.getItemCode()+"（"+msgProp.getProperty(failMethod.getItemValue(),failMethod.getItemValue())+"）"+"\n";
 					index++;
 				}
 				if(StringUtil.isEmpty(commentStr)){
 					headerStr="";
 					commentStr="";
 				}
 				if(StringUtil.isEmpty(defaultValue)){
 					defaultValue = region.getConfigDirection().split(",")[0];
 				}
 			}
 			commentStr=msgProp.getProperty("select")+":\n"+commentStr;
 			index++;
 			commentStr=commentStr+msgProp.getProperty("rule_desc_tip")+":\n";
 			index++;
 			//1、默认值说明
 			if(!StringUtil.isEmpty(defaultValue)){
 				commentStr=commentStr+"▶"+msgProp.getProperty("default_value")+":"+defaultValue+"\n";
 				index++;
 			}
 		}
 		//fail_method
 		if("ssl_ver_mirror_client".equals(headerStr)) {
 			commentStr="";
 			defaultValue="0";
 			commentStr=msgProp.getProperty("select")+":\n"+commentStr;
 			index++;
 			commentStr+=1+"（"+msgProp.getProperty("yes")+"）\n";
 			index++;
 			commentStr+=0+"（"+msgProp.getProperty("no")+"）\n";
 			index++;
 			commentStr=commentStr+msgProp.getProperty("rule_desc_tip")+":\n";
 			index++;
 			//1、默认值说明
 			if(!StringUtil.isEmpty(defaultValue)){
 				commentStr=commentStr+"▶"+msgProp.getProperty("default_value")+":"+defaultValue+"\n";
 				index++;
 			}
 			commentStr=commentStr+"▶"+msgProp.getProperty("ssl_ver_mirror_client_on","if the mirror client option value is '1', the min SSL version and the max SSL version will be ignored")+"\n";
 			index++;
 		}
 		//min
 		if("ssl_ver_min".equals(headerStr)) {
 			commentStr="";
 			defaultValue="ssl3";
 			List<SysDataDictionaryItem> sslversions=DictUtils.getDictList("SSL_VERSION");
 			if(CollectionUtils.isNotEmpty(sslversions)){
 				for (SysDataDictionaryItem sslversion : sslversions) {
 					commentStr=commentStr+sslversion.getItemCode()+"（"+msgProp.getProperty(sslversion.getItemValue(),sslversion.getItemValue())+"）"+"\n";
 					index++;
 				}
 				if(StringUtil.isEmpty(commentStr)){
 					headerStr="";
 					commentStr="";
 				}
 			}
 			commentStr=msgProp.getProperty("select")+":\n"+commentStr;
 			index++;
 			commentStr=commentStr+msgProp.getProperty("rule_desc_tip")+":\n";
 			index++;
 			//1、默认值说明
 			if(!StringUtil.isEmpty(defaultValue)){
 				commentStr=commentStr+"▶"+msgProp.getProperty("default_value")+":"+defaultValue+"\n";
 				index++;
 			}
 		}
 		//max
 		if("ssl_ver_max".equals(headerStr)) {
 			commentStr="";
 			defaultValue="tls13";
 			List<SysDataDictionaryItem> sslversions=DictUtils.getDictList("SSL_VERSION");
 			if(CollectionUtils.isNotEmpty(sslversions)){
 				for (SysDataDictionaryItem sslversion : sslversions) {
 					commentStr=commentStr+sslversion.getItemCode()+"（"+msgProp.getProperty(sslversion.getItemValue(),sslversion.getItemValue())+"）"+"\n";
 					index++;
 				}
 				if(StringUtil.isEmpty(commentStr)){
 					headerStr="";
 					commentStr="";
 				}
 			}
 			commentStr=msgProp.getProperty("select")+":\n"+commentStr;
 			index++;
 			commentStr=commentStr+msgProp.getProperty("rule_desc_tip")+":\n";
 			index++;
 			//1、默认值说明
 			if(!StringUtil.isEmpty(defaultValue)){
 				commentStr=commentStr+"▶"+msgProp.getProperty("default_value")+":"+defaultValue+"\n";
 				index++;
 			}
 		}
 		if("decrypt_mirror_enable".equals(headerStr)) {
 			commentStr="";
 			defaultValue="0";
 			commentStr=msgProp.getProperty("select")+":\n"+commentStr;
 			index++;
 			commentStr+=1+"（"+msgProp.getProperty("yes")+"）\n";
 			index++;
 			commentStr+=0+"（"+msgProp.getProperty("no")+"）\n";
 			index++;
 			commentStr=commentStr+msgProp.getProperty("rule_desc_tip")+":\n";
 			index++;
 			//1、默认值说明
 			if(!StringUtil.isEmpty(defaultValue)){
 				commentStr=commentStr+"▶"+msgProp.getProperty("default_value")+":"+defaultValue+"\n";
 				index++;
 			}
 			commentStr=commentStr+"▶"+msgProp.getProperty("decrypt_mirror_enable_on","if the enable option value is '1', the Mirror profile is needed")+"\n";
 			index++;
 		}
 		if("decrypt_mirror_mirror_profile".equals(headerStr)) {
 			commentStr="";
 			List<ProxyFileTrafficMirrorCfg> mirrorProfileList=proxyFileDao.findMirrorList(null,1,1);
 			if(CollectionUtils.isNotEmpty(mirrorProfileList)) {
 				for (ProxyFileTrafficMirrorCfg mirrorProfile : mirrorProfileList) {
 					commentStr=commentStr+mirrorProfile.getCompileId()+"（"+mirrorProfile.getCfgDesc()+"）\n";
 					index++;
 				}
 			}
 			if(StringUtil.isEmpty(headerStr)){
 				headerStr="";
 				commentStr="";
 			}else{
 				commentStr=msgProp.getProperty("select")+":\n"+commentStr;
 				index++;
 				index++;
 				commentStr=commentStr+"\n"+msgProp.getProperty("rule_desc_tip")+":\n";
 				index++;
 				/*//2、默认值说明
 				commentStr=commentStr+"▶"+msgProp.getProperty("default_value")+":0\n";
 				index++;*/
 				index++;
 			}
 		}
 		/**********************************************************************pxy intercept************************************************************************************************************/
 		if(region.getRegionType().equals(1)){//IP配置
 			//ip配置需要导入的信息：srcIp srcPort destIp destPort Protocol Direction
 			//确定需要导入的srcIp srcPort destIp destPort信息
--- a/src/main/java/com/nis/util/excel/thread/CheckIpFormatThread.java
+++ b/src/main/java/com/nis/util/excel/thread/CheckIpFormatThread.java
@@ -1,6 +1,7 @@
 package com.nis.util.excel.thread;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.Properties;
@@ -21,15 +22,21 @@ import com.nis.domain.FunctionServiceDict;
 import com.nis.domain.SysDataDictionaryItem;
 import com.nis.domain.basics.AsnGroupInfo;
 import com.nis.domain.basics.PolicyGroupInfo;
 import com.nis.domain.callback.ProxyFileTrafficMirrorCfg;
 import com.nis.domain.configuration.BaseIpCfg;
 import com.nis.domain.configuration.DnsResStrategy;
 import com.nis.domain.configuration.IpPortCfg;
 import com.nis.domain.configuration.PxyObjKeyring;
 import com.nis.domain.configuration.template.IpRateLimitTemplate;
 //import com.nis.util.AsnCacheUtils;
 import com.nis.util.Constants;
 import com.nis.util.DictUtils;
 import com.nis.util.IPUtil;
 import com.nis.util.StringUtil;
 import com.nis.web.dao.configuration.ProxyFileTrafficMirrorDao;
 import com.nis.web.dao.configuration.PxyObjKeyringDao;
 import com.nis.web.service.BaseService;
 import com.nis.web.service.SpringContextHolder;
 public class CheckIpFormatThread implements Callable<String>{
 	private Logger logger=Logger.getLogger(CheckIpFormatThread.class);
@@ -41,6 +48,8 @@ public class CheckIpFormatThread implements Callable<String>{
 	private FunctionRegionDict regionDict;
 	private List<Map<Long,AsnGroupInfo>> asnNoMaps;
 	private Map<Long,AsnGroupInfo> asnGroupInfos;
 	private static PxyObjKeyringDao pxyObjKeyringDao = SpringContextHolder.getBean(PxyObjKeyringDao.class);
 	private static ProxyFileTrafficMirrorDao proxyFileDao = SpringContextHolder.getBean(ProxyFileTrafficMirrorDao.class);
 //	private DnsResStrategyDao dnsResStrategyDao;
 	public CheckIpFormatThread(FunctionServiceDict serviceDict,FunctionRegionDict regionDict,Properties prop,BlockingQueue<? extends Object> srcQueue,BlockingQueue<BaseIpCfg> destQueue) {
 		this.serviceDict=serviceDict;
@@ -115,6 +124,16 @@ public class CheckIpFormatThread implements Callable<String>{
 		if(regionDict.getFunctionId().equals(200) && serviceDict.getAction().equals(1)){
 			protocol="6";
 		}
 		List<SysDataDictionaryItem> sslversions = new ArrayList<>();
 		List<SysDataDictionaryItem> failmethods = new ArrayList<>();
 		List<PxyObjKeyring> certificateList=new ArrayList<>();
 		List<ProxyFileTrafficMirrorCfg> mirrorProfileList=new ArrayList<>();
 		if(serviceDict!=null&&serviceDict.getServiceId().equals(512)) {
 			certificateList=pxyObjKeyringDao.findList(null,1,1,"ip");
 			sslversions=DictUtils.getDictList("SSL_VERSION");
 			failmethods=DictUtils.getDictList("FAIL_METHOD");
 			mirrorProfileList=proxyFileDao.findMirrorList(null, 1, 1);
 		}
 		for (int i = 0; i < list.size(); i++) {
 			StringBuffer errInfo = new StringBuffer();
 			IpPortCfg baseIpCfg = new IpPortCfg();
@@ -546,7 +565,229 @@ public class CheckIpFormatThread implements Callable<String>{
 					}
 				}
 			}
-			
+			if(serviceDict!=null&&serviceDict.getServiceId().equals(512)) {
 				Integer kering=baseIpCfg.getKeyring();
 				Integer evCet=baseIpCfg.getEvCert();
 				Integer certTransparency=baseIpCfg.getCertTransparency();
 				Integer clientCertReq=baseIpCfg.getClientCertReq();
 				Integer pinning=baseIpCfg.getPinning();
 				Integer cn=baseIpCfg.getCn();
 				Integer issuer=baseIpCfg.getIssuer();
 				Integer selfSigned=baseIpCfg.getSelfSigned();
 				Integer expiration=baseIpCfg.getExpiration();
 				String failMethod=baseIpCfg.getFailMethod();
 				String min=baseIpCfg.getMin();
 				String max=baseIpCfg.getMax();
 				Integer mirrorClient=baseIpCfg.getMirrorClient();
 				Integer enable=baseIpCfg.getEnable();
 				Integer mirrorProfile=baseIpCfg.getMirrorProfile();
 				Map<String,Object> userRegionMap=new HashMap<>();
 				Map<String,Object> map=new HashMap<>();
 				if(kering!=null) {
 					boolean has=false;
 					for(PxyObjKeyring keyring:certificateList) {
 						if(keyring.getCompileId().toString().equals(kering.toString())) {
 							has=true;
 							break;
 						}
 					}
 					if(has) {
 						userRegionMap.put("keyring", kering);
 					}else {
 						errInfo.append(String.format(prop.getProperty("is_incorrect"),
 								prop.getProperty("pxy_intercept_monit_keyring") + " ") + ";");
 					}
 				}else {
 					userRegionMap.put("keyring", 0);
 				}
 				if(evCet!=null) {
 					if(evCet!=0&&evCet!=1) {
 						errInfo.append(String.format(prop.getProperty("is_incorrect"),
 								prop.getProperty("exclusions_ev_cert","exclusions ev cert") + " ") + ";");
 					}else {
 						map.put("ev_cert", evCet);
 					}
 				}else {
 					map.put("ev_cert", 0);
 				}
 				if(certTransparency!=null) {
 					if(certTransparency!=0&&certTransparency!=1) {
 						errInfo.append(String.format(prop.getProperty("is_incorrect"),
 								prop.getProperty("exclusions_cert_transparency","exclusions cert transparency") + " ") + ";");
 					}else {
 						map.put("cert_transparency", certTransparency);
 					}
 				}else {
 					map.put("cert_transparency", 0);
 				}
 				if(clientCertReq!=null) {
 					if(clientCertReq!=0&&clientCertReq!=1) {
 						errInfo.append(String.format(prop.getProperty("is_incorrect"),
 								prop.getProperty("exclusions_client_cert_req","exclusions client cert req") + " ") + ";");
 					}else {
 						map.put("client_cert_req", clientCertReq);
 					}
 				}else {
 					map.put("client_cert_req", 1);
 				}
 				if(pinning!=null) {
 					if(pinning!=0&&pinning!=1) {
 						errInfo.append(String.format(prop.getProperty("is_incorrect"),
 								prop.getProperty("exclusions_pinning","exclusions pinning") + " ") + ";");
 					}else {
 						map.put("pinning", pinning);
 					}
 				}else {
 					map.put("pinning", 1);
 				}
 				userRegionMap.put("exclusions", map);
 				map=new HashMap<>();
 				Map<String,Object> map1=new HashMap<>();
 				if(cn!=null) {
 					if(cn!=0&&cn!=1) {
 						errInfo.append(String.format(prop.getProperty("is_incorrect"),
 								prop.getProperty("cert_verify_approach_cn","cert verify approach cn") + " ") + ";");
 					}else {
 						map1.put("cn", cn);
 					}
 				}else {
 					map1.put("cn", 1);
 				}
 				if(issuer!=null) {
 					if(issuer!=0&&issuer!=1) {
 						errInfo.append(String.format(prop.getProperty("is_incorrect"),
 								prop.getProperty("cert_verify_approach_issuer","cert verify approach issuer") + " ") + ";");
 					}else {
 						map1.put("issuer", issuer);
 					}
 				}else {
 					map1.put("issuer", 1);
 				}
 				if(selfSigned!=null) {
 					if(selfSigned!=0&&selfSigned!=1) {
 						errInfo.append(String.format(prop.getProperty("is_incorrect"),
 								prop.getProperty("cert_verify_approach_self_signed","cert verify approach self signed") + " ") + ";");
 					}else {
 						map1.put("self-signed", selfSigned);
 					}
 				}else {
 					map1.put("self-signed", 1);
 				}
 				if(expiration!=null) {
 					if(expiration!=0&&expiration!=1) {
 						errInfo.append(String.format(prop.getProperty("is_incorrect"),
 								prop.getProperty("cert_verify_approach_expiration","cert verify approach expiration") + " ") + ";");
 					}else {
 						map1.put("expiration", expiration);
 					}
 				}else {
 					map1.put("expiration", 1);
 				}
 				map.put("approach", map1);
 				if(StringUtils.isBlank(failMethod)) {
 					map.put("fail_method", "pass-through");
 				}else {
 					boolean has=false;
 					for(SysDataDictionaryItem fail: failmethods) {
 						if(fail.getItemCode().equals(failMethod)) {
 							has=true;
 							break;
 						}
 					}
 					if(!has) {
 						errInfo.append(String.format(prop.getProperty("is_incorrect"),
 								prop.getProperty("cert_verify_fail_method","cert verify fail method") + " ") + ";");
 					}
 					map.put("fail_method", failMethod);
 				}
 				userRegionMap.put("cert_verify", map);
 				map=new HashMap<>();
 				if(mirrorClient==null) {
 					mirrorClient=0;
 					map.put("mirror_client", 0);
 				}else {
 					if(mirrorClient!=0&&mirrorClient!=1) {
 						errInfo.append(String.format(prop.getProperty("is_incorrect"),
 								prop.getProperty("ssl_ver_mirror_client","SSL version mirror client") + " ") + ";");
 					}else {
 						map.put("mirror_client", mirrorClient);
 					}
 				}
 				if(mirrorClient==0) {
 					int minSort=0,maxSort=0;
 					if(StringUtils.isBlank(min)) {
 						min="ssl3";
 					}
 					if(StringUtils.isBlank(max)) {
 						max="tls13";
 					}
 					for(SysDataDictionaryItem sslversion: sslversions) {
 						if(sslversion.getItemCode().equals(min)) {
 							minSort=sslversion.getItemSort();
 						}
 						if(sslversion.getItemCode().equals(max)) {
 							maxSort=sslversion.getItemSort();
 						}
 					}
 					if(minSort==0) {
 						errInfo.append(String.format(prop.getProperty("is_incorrect"),
 								prop.getProperty("ssl_ver_min","min SSL version") + " ") + ";");
 					}
 					if(maxSort==0) {
 						errInfo.append(String.format(prop.getProperty("is_incorrect"),
 								prop.getProperty("ssl_ver_max","max SSL version") + " ") + ";");
 					}
 					if(minSort>=maxSort) {
 						errInfo.append(prop.getProperty("min_should_less_than_max","the min SSL version should less than the max SSL version") + ";");
 					}
 					map.put("min", min);
 					map.put("max", max);
 				}
 				userRegionMap.put("ssl_ver", map);
 				map=new HashMap<>();
 				if(enable==null) {
 					enable=0;
 					map.put("enable", 0);
 				}else {
 					if(enable!=0&&enable!=1) {
 						errInfo.append(String.format(prop.getProperty("is_incorrect"),
 								prop.getProperty("decrypt_mirror_enable","decrypt mirror enable") + " ") + ";");
 					}else {
 						map.put("enable", enable);
 					}
 				}
 				//enable==1的时候才设置mirror_profile
 				if(enable==1) {
 					if(mirrorProfile==null) {
 						errInfo.append(String.format(prop.getProperty("is_incorrect"),
 								prop.getProperty("decrypt_mirror_mirror_profile") + " ") + ";");
 					}else {
 						boolean has=false;
 						for(ProxyFileTrafficMirrorCfg _mirrorProfile:mirrorProfileList) {
 							if(_mirrorProfile.getCompileId().toString().equals(mirrorProfile.toString())) {
 								has=true;
 								break;
 							}
 						}
 						if(has) {
 							map.put("mirror_profile", mirrorProfile);
 						}else {
 							errInfo.append(String.format(prop.getProperty("is_incorrect"),
 									prop.getProperty("decrypt_mirror_mirror_profile") + " ") + ";");
 						}
 						map.put("mirror_profile", mirrorProfile);
 					}
 				}
 				userRegionMap.put("decrypt_mirror", map);
 				baseIpCfg.setUserRegion1(BaseService.gsonToJson(userRegionMap));
 			}
 			// IpSpoofing
 			if (regionDict.getFunctionId().equals(214)) {
 				List<SysDataDictionaryItem> dicts = DictUtils.getDictList("SPOOFING_IP_TYPE");
--- a/src/main/java/com/nis/util/excel/thread/CheckStringFormatThread.java
+++ b/src/main/java/com/nis/util/excel/thread/CheckStringFormatThread.java
@@ -1,7 +1,9 @@
 package com.nis.util.excel.thread;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.Properties;
 import java.util.Set;
 import java.util.concurrent.BlockingQueue;
@@ -19,10 +21,15 @@ import com.beust.jcommander.internal.Sets;
 import com.nis.domain.FunctionRegionDict;
 import com.nis.domain.FunctionServiceDict;
 import com.nis.domain.SysDataDictionaryItem;
 import com.nis.domain.callback.ProxyFileTrafficMirrorCfg;
 import com.nis.domain.configuration.BaseStringCfg;
-import com.nis.domain.configuration.IpPortCfg;
+import com.nis.domain.configuration.PxyObjKeyring;
 import com.nis.util.Constants;
 import com.nis.util.DictUtils;
 import com.nis.web.dao.configuration.ProxyFileTrafficMirrorDao;
 import com.nis.web.dao.configuration.PxyObjKeyringDao;
 import com.nis.web.service.BaseService;
 import com.nis.web.service.SpringContextHolder;
 public class CheckStringFormatThread implements Callable<String>{
 	private Logger logger=Logger.getLogger(CheckStringFormatThread.class);
@@ -32,6 +39,8 @@ public class CheckStringFormatThread implements Callable<String>{
 //	private DnsResStrategyDao dnsResStrategyDao;
 	private FunctionServiceDict serviceDict;
 	private FunctionRegionDict regionDict;
 	private static PxyObjKeyringDao pxyObjKeyringDao = SpringContextHolder.getBean(PxyObjKeyringDao.class);
 	private static ProxyFileTrafficMirrorDao proxyFileDao = SpringContextHolder.getBean(ProxyFileTrafficMirrorDao.class);
 	public CheckStringFormatThread(FunctionServiceDict serviceDict,FunctionRegionDict regionDict,Properties prop,BlockingQueue<? extends Object> srcQueue,BlockingQueue<BaseStringCfg<?>> destQueue) {
 		this.serviceDict=serviceDict;
 		this.regionDict=regionDict;
@@ -91,6 +100,16 @@ public class CheckStringFormatThread implements Callable<String>{
 		StringBuffer errTip = new StringBuffer();
 		Pattern pattern = Pattern.compile("\t|\r|\n|\b|\f");
 		Pattern domainPattern = Pattern.compile("^[a-zA-Z0-9.-]*$");
 		List<SysDataDictionaryItem> sslversions = new ArrayList<>();
 		List<SysDataDictionaryItem> failmethods = new ArrayList<>();
 		List<PxyObjKeyring> certificateList=new ArrayList<>();
 		List<ProxyFileTrafficMirrorCfg> mirrorProfileList=new ArrayList<>();
 		if(serviceDict!=null&&serviceDict.getServiceId().equals(512)) {
 			certificateList=pxyObjKeyringDao.findList(null,1,1,"ip");
 			sslversions=DictUtils.getDictList("SSL_VERSION");
 			failmethods=DictUtils.getDictList("FAIL_METHOD");
 			mirrorProfileList=proxyFileDao.findMirrorList(null, 1, 1);
 		}
 		for (int i = 0; i < list.size(); i++) {
 			StringBuffer errInfo = new StringBuffer();
 			BaseStringCfg baseStringCfg = new BaseStringCfg();
@@ -494,6 +513,229 @@ public class CheckStringFormatThread implements Callable<String>{
 				}
 			}
 			if(serviceDict!=null&&serviceDict.getServiceId().equals(512)) {
 				Integer kering=baseStringCfg.getKeyring();
 				Integer evCet=baseStringCfg.getEvCert();
 				Integer certTransparency=baseStringCfg.getCertTransparency();
 				Integer clientCertReq=baseStringCfg.getClientCertReq();
 				Integer pinning=baseStringCfg.getPinning();
 				Integer cn=baseStringCfg.getCn();
 				Integer issuer=baseStringCfg.getIssuer();
 				Integer selfSigned=baseStringCfg.getSelfSigned();
 				Integer expiration=baseStringCfg.getExpiration();
 				String failMethod=baseStringCfg.getFailMethod();
 				String min=baseStringCfg.getMin();
 				String max=baseStringCfg.getMax();
 				Integer mirrorClient=baseStringCfg.getMirrorClient();
 				Integer enable=baseStringCfg.getEnable();
 				Integer mirrorProfile=baseStringCfg.getMirrorProfile();
 				Map<String,Object> userRegionMap=new HashMap<>();
 				Map<String,Object> map=new HashMap<>();
 				if(kering!=null) {
 					boolean has=false;
 					for(PxyObjKeyring keyring:certificateList) {
 						if(keyring.getCompileId().toString().equals(kering.toString())) {
 							has=true;
 							break;
 						}
 					}
 					if(has) {
 						userRegionMap.put("keyring", kering);
 					}else {
 						errInfo.append(String.format(prop.getProperty("is_incorrect"),
 								prop.getProperty("pxy_intercept_monit_keyring") + " ") + ";");
 					}
 				}else {
 					userRegionMap.put("keyring", 0);
 				}
 				if(evCet!=null) {
 					if(evCet!=0&&evCet!=1) {
 						errInfo.append(String.format(prop.getProperty("is_incorrect"),
 								prop.getProperty("exclusions_ev_cert","exclusions ev cert") + " ") + ";");
 					}else {
 						map.put("ev_cert", evCet);
 					}
 				}else {
 					map.put("ev_cert", 0);
 				}
 				if(certTransparency!=null) {
 					if(certTransparency!=0&&certTransparency!=1) {
 						errInfo.append(String.format(prop.getProperty("is_incorrect"),
 								prop.getProperty("exclusions_cert_transparency","exclusions cert transparency") + " ") + ";");
 					}else {
 						map.put("cert_transparency", certTransparency);
 					}
 				}else {
 					map.put("cert_transparency", 0);
 				}
 				if(clientCertReq!=null) {
 					if(clientCertReq!=0&&clientCertReq!=1) {
 						errInfo.append(String.format(prop.getProperty("is_incorrect"),
 								prop.getProperty("exclusions_client_cert_req","exclusions client cert req") + " ") + ";");
 					}else {
 						map.put("client_cert_req", clientCertReq);
 					}
 				}else {
 					map.put("client_cert_req", 1);
 				}
 				if(pinning!=null) {
 					if(pinning!=0&&pinning!=1) {
 						errInfo.append(String.format(prop.getProperty("is_incorrect"),
 								prop.getProperty("exclusions_pinning","exclusions pinning") + " ") + ";");
 					}else {
 						map.put("pinning", pinning);
 					}
 				}else {
 					map.put("pinning", 1);
 				}
 				userRegionMap.put("exclusions", map);
 				map=new HashMap<>();
 				Map<String,Object> map1=new HashMap<>();
 				if(cn!=null) {
 					if(cn!=0&&cn!=1) {
 						errInfo.append(String.format(prop.getProperty("is_incorrect"),
 								prop.getProperty("cert_verify_approach_cn","cert verify approach cn") + " ") + ";");
 					}else {
 						map1.put("cn", cn);
 					}
 				}else {
 					map1.put("cn", 1);
 				}
 				if(issuer!=null) {
 					if(issuer!=0&&issuer!=1) {
 						errInfo.append(String.format(prop.getProperty("is_incorrect"),
 								prop.getProperty("cert_verify_approach_issuer","cert verify approach issuer") + " ") + ";");
 					}else {
 						map1.put("issuer", issuer);
 					}
 				}else {
 					map1.put("issuer", 1);
 				}
 				if(selfSigned!=null) {
 					if(selfSigned!=0&&selfSigned!=1) {
 						errInfo.append(String.format(prop.getProperty("is_incorrect"),
 								prop.getProperty("cert_verify_approach_self_signed","cert verify approach self signed") + " ") + ";");
 					}else {
 						map1.put("self-signed", selfSigned);
 					}
 				}else {
 					map1.put("self-signed", 1);
 				}
 				if(expiration!=null) {
 					if(expiration!=0&&expiration!=1) {
 						errInfo.append(String.format(prop.getProperty("is_incorrect"),
 								prop.getProperty("cert_verify_approach_expiration","cert verify approach expiration") + " ") + ";");
 					}else {
 						map1.put("expiration", expiration);
 					}
 				}else {
 					map1.put("expiration", 1);
 				}
 				map.put("approach", map1);
 				if(StringUtils.isBlank(failMethod)) {
 					map.put("fail_method", "pass-through");
 				}else {
 					boolean has=false;
 					for(SysDataDictionaryItem fail: failmethods) {
 						if(fail.getItemCode().equals(failMethod)) {
 							has=true;
 							break;
 						}
 					}
 					if(!has) {
 						errInfo.append(String.format(prop.getProperty("is_incorrect"),
 								prop.getProperty("cert_verify_fail_method","cert verify fail method") + " ") + ";");
 					}
 					map.put("fail_method", failMethod);
 				}
 				userRegionMap.put("cert_verify", map);
 				map=new HashMap<>();
 				if(mirrorClient==null) {
 					mirrorClient=0;
 					map.put("mirror_client", 0);
 				}else {
 					if(mirrorClient!=0&&mirrorClient!=1) {
 						errInfo.append(String.format(prop.getProperty("is_incorrect"),
 								prop.getProperty("ssl_ver_mirror_client","SSL version mirror client") + " ") + ";");
 					}else {
 						map.put("mirror_client", mirrorClient);
 					}
 				}
 				if(mirrorClient==0) {
 					int minSort=0,maxSort=0;
 					if(StringUtils.isBlank(min)) {
 						min="ssl3";
 					}
 					if(StringUtils.isBlank(max)) {
 						max="tls13";
 					}
 					for(SysDataDictionaryItem sslversion: sslversions) {
 						if(sslversion.getItemCode().equals(min)) {
 							minSort=sslversion.getItemSort();
 						}
 						if(sslversion.getItemCode().equals(max)) {
 							maxSort=sslversion.getItemSort();
 						}
 					}
 					if(minSort==0) {
 						errInfo.append(String.format(prop.getProperty("is_incorrect"),
 								prop.getProperty("ssl_ver_min","min SSL version") + " ") + ";");
 					}
 					if(maxSort==0) {
 						errInfo.append(String.format(prop.getProperty("is_incorrect"),
 								prop.getProperty("ssl_ver_max","max SSL version") + " ") + ";");
 					}
 					if(minSort>=maxSort) {
 						errInfo.append(prop.getProperty("min_should_less_than_max","the min SSL version should less than the max SSL version") + ";");
 					}
 					map.put("min", min);
 					map.put("max", max);
 				}
 				userRegionMap.put("ssl_ver", map);
 				map=new HashMap<>();
 				if(enable==null) {
 					enable=0;
 					map.put("enable", 0);
 				}else {
 					if(enable!=0&&enable!=1) {
 						errInfo.append(String.format(prop.getProperty("is_incorrect"),
 								prop.getProperty("decrypt_mirror_enable","decrypt mirror enable") + " ") + ";");
 					}else {
 						map.put("enable", enable);
 					}
 				}
 				//enable==1的时候才设置mirror_profile
 				if(enable==1) {
 					if(mirrorProfile==null) {
 						errInfo.append(String.format(prop.getProperty("is_incorrect"),
 								prop.getProperty("decrypt_mirror_mirror_profile") + " ") + ";");
 					}else {
 						boolean has=false;
 						for(ProxyFileTrafficMirrorCfg _mirrorProfile:mirrorProfileList) {
 							if(_mirrorProfile.getCompileId().toString().equals(mirrorProfile.toString())) {
 								has=true;
 								break;
 							}
 						}
 						if(has) {
 							map.put("mirror_profile", mirrorProfile);
 						}else {
 							errInfo.append(String.format(prop.getProperty("is_incorrect"),
 									prop.getProperty("decrypt_mirror_mirror_profile") + " ") + ";");
 						}
 						map.put("mirror_profile", mirrorProfile);
 					}
 				}
 				userRegionMap.put("decrypt_mirror", map);
 				baseStringCfg.setUserRegion1(BaseService.gsonToJson(userRegionMap));
 			}
 			if (errInfo.toString().length() > 0) {//
 				errTip.append(String.format(prop.getProperty("line"), baseStringCfg.getIndex()) + ",");
 				errTip.append(errInfo);
--- a/src/main/java/com/nis/web/controller/BaseController.java
+++ b/src/main/java/com/nis/web/controller/BaseController.java
@@ -102,6 +102,8 @@ import com.nis.domain.configuration.template.HttpsRejectTemplate;
 import com.nis.domain.configuration.template.HttpsReplaceComplexTemplate;
 import com.nis.domain.configuration.template.HttpsReplaceIpTemplate;
 import com.nis.domain.configuration.template.HttpsReplaceTemplate;
 import com.nis.domain.configuration.template.InterceptDomainTemplate;
 import com.nis.domain.configuration.template.InterceptIpTemplate;
 import com.nis.domain.configuration.template.IpAllNotDoLogTemplate;
 import com.nis.domain.configuration.template.IpAllTemplate;
 import com.nis.domain.configuration.template.IpPayloadTemplate;
@@ -1483,7 +1485,10 @@ public class BaseController {
 							if(serviceDict.getAction().equals(64)) {
 								BlockingQueue<IpRateLimitTemplate> list = ei.getDataList(IpRateLimitTemplate.class );
 								ipPortCfgs=this.checkIpCfgMulity(errTip,serviceDict, regionDict,null,asnGroupInfos, list);
-							}else {
+							}else if(serviceDict!=null&&serviceDict.getServiceId().equals(512)){
 								BlockingQueue<InterceptIpTemplate> list = ei.getDataList(InterceptIpTemplate.class );
 								ipPortCfgs=this.checkIpCfgMulity(errTip,serviceDict, regionDict,null,asnGroupInfos, list);
 							}else{
 								BlockingQueue<IpAllNotDoLogTemplate> list = ei.getDataList(IpAllNotDoLogTemplate.class );
 								ipPortCfgs=this.checkIpCfgMulity(errTip,serviceDict, regionDict,null,asnGroupInfos, list);
 							}
@@ -1516,7 +1521,7 @@ public class BaseController {
 							stringCfgs=this.checkStringCfgMulity(errTip,serviceDict, regionDict, list);
 						}else if (regionDict.getFunctionId().equals(200)){// 拦截策略
 							if(serviceDict.getAction().equals(1)){// 监测
-								BlockingQueue<DomainInterceptMonitTemplate> list = ei.getDataList(DomainInterceptMonitTemplate.class);
+								BlockingQueue<InterceptDomainTemplate> list = ei.getDataList(InterceptDomainTemplate.class);
 								stringCfgs=this.checkStringCfgMulity(errTip,serviceDict, regionDict, list);
 							}else if(serviceDict.getAction().equals(64)){// 限速
 								BlockingQueue<DomainInterceptRateLimitTemplate> list = ei.getDataList(DomainInterceptRateLimitTemplate.class);
@@ -2514,6 +2519,8 @@ public class BaseController {
 			} else if(regionDict.getFunctionId().equals(200)){// 拦截策略
 				if(serviceDict.getAction().intValue()==64) {
 					ei.loadInitParams(IpRateLimitTemplate.class, msgProp, regionDict, serviceDict);
 				}else if(serviceDict.getServiceId().equals(512)){
 					ei.loadInitParams(InterceptIpTemplate.class, msgProp, regionDict, serviceDict);
 				}else {
 					ei.loadInitParams(IpAllNotDoLogTemplate.class, msgProp, regionDict, serviceDict);
 				}
@@ -2537,7 +2544,7 @@ public class BaseController {
 				ei.loadInitParams(AppDomainTemplate.class, msgProp, regionDict, serviceDict);
 			} else if(regionDict.getFunctionId().equals(200)){// 拦截策略 domain
 				if(serviceDict.getAction().equals(1)){// 监测
-					ei.loadInitParams(DomainInterceptMonitTemplate.class, msgProp, regionDict, serviceDict);
+					ei.loadInitParams(InterceptDomainTemplate.class, msgProp, regionDict, serviceDict);
 				}else if(serviceDict.getAction().equals(64)){// 限速
 					ei.loadInitParams(DomainInterceptRateLimitTemplate.class, msgProp, regionDict, serviceDict);
 				}else{// 白名单
--- a/src/main/java/com/nis/web/controller/configuration/ntc/IpController.java
+++ b/src/main/java/com/nis/web/controller/configuration/ntc/IpController.java
@@ -53,6 +53,8 @@ import com.nis.domain.configuration.template.HttpsRejectTemplate;
 import com.nis.domain.configuration.template.HttpsReplaceComplexTemplate;
 import com.nis.domain.configuration.template.HttpsReplaceIpTemplate;
 import com.nis.domain.configuration.template.HttpsReplaceTemplate;
 import com.nis.domain.configuration.template.InterceptDomainTemplate;
 import com.nis.domain.configuration.template.InterceptIpTemplate;
 import com.nis.domain.configuration.template.IpAllNotDoLogTemplate;
 import com.nis.domain.configuration.template.IpAllTemplate;
 import com.nis.domain.configuration.template.IpPayloadTemplate;
@@ -479,7 +481,12 @@ public class IpController extends BaseController{
 					ExportExcel excel=new ExportExcel(serviceDict,regionDict,pro,null, IpRateLimitTemplate.class, 2);
 					excel.setDataList(pro,classList,null).
 			    	write(request,response, fileName).dispose();
-				}else {
+				}else if(serviceDict.getServiceId().equals(512)){
 					List<InterceptIpTemplate> classList=new ArrayList<InterceptIpTemplate>();
 					ExportExcel excel=new ExportExcel(serviceDict,regionDict,pro,null, InterceptIpTemplate.class, 2);
 					excel.setDataList(pro,classList,null).
 			    	write(request,response, fileName).dispose();
 				}else{
 					List<IpAllNotDoLogTemplate> classList=new ArrayList<IpAllNotDoLogTemplate>();
 					ExportExcel excel=new ExportExcel(serviceDict,regionDict,pro,null, IpAllNotDoLogTemplate.class, 2);
 					excel.setDataList(pro,classList,null).
@@ -522,8 +529,8 @@ public class IpController extends BaseController{
 		    	write(request,response, fileName).dispose();
 			}else if(regionDict.getFunctionId().equals(200)){// 拦截策略（域名）
 				if(serviceDict.getAction().equals(1)){// 监测
-					List<DomainInterceptMonitTemplate> classList=new ArrayList<DomainInterceptMonitTemplate>();
+					List<InterceptDomainTemplate> classList=new ArrayList<InterceptDomainTemplate>();
-					ExportExcel excel=new ExportExcel(serviceDict,regionDict,pro,null, DomainInterceptMonitTemplate.class, 2);
+					ExportExcel excel=new ExportExcel(serviceDict,regionDict,pro,null, InterceptDomainTemplate.class, 2);
 					excel.setDataList(pro,classList,null).
 					write(request,response, fileName).dispose();
 				}else if(serviceDict.getAction().equals(64)){// 限速
--- a/src/main/java/com/nis/web/controller/configuration/proxy/InterceptController.java
+++ b/src/main/java/com/nis/web/controller/configuration/proxy/InterceptController.java
@@ -18,15 +18,19 @@ import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.ModelAttribute;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.servlet.mvc.support.RedirectAttributes;
 import com.nis.domain.Page;
 import com.nis.domain.basics.PolicyGroupInfo;
 import com.nis.domain.callback.ProxyFileTrafficMirrorCfg;
 import com.nis.domain.configuration.BaseStringCfg;
 import com.nis.domain.configuration.CfgIndexInfo;
 import com.nis.domain.configuration.HttpUrlCfg;
 import com.nis.domain.configuration.InterceptPktBin;
 import com.nis.domain.configuration.IpPortCfg;
 import com.nis.domain.configuration.PxyInterceptCfg;
 import com.nis.domain.configuration.PxyObjKeyring;
 import com.nis.domain.configuration.PxyObjSpoofingIpPool;
 import com.nis.exceptions.MaatConvertException;
@@ -36,6 +40,7 @@ import com.nis.util.LogUtils;
 import com.nis.util.StringUtil;
 import com.nis.web.controller.configuration.CommonController;
 import com.nis.web.security.UserUtils;
 import com.nis.web.service.BaseService;
 /**
 * IP相关配置控制类
@@ -57,13 +62,17 @@ public class InterceptController extends CommonController {
 		// 获取证书信息
 		List<PxyObjKeyring> certificateList = new ArrayList<PxyObjKeyring>();
-		if (cfg.getFunctionId().equals(200)) {
+		List<ProxyFileTrafficMirrorCfg> mirrorProfiles = new ArrayList<ProxyFileTrafficMirrorCfg>();
-			certificateList = pxyObjKeyringService.findPxyObjKeyrings(null, 1, 1, "ip");
+		if (cfg.getFunctionId().equals(200)) {//改为ajax查询
 			//certificateList = pxyObjKeyringService.findPxyObjKeyrings(null, 1, 1, "ip");
 			//mirrorProfiles=proxyFileTrafficMirrorService.findMirrorList(null,1,1);
 		}
 		if (cfg.getFunctionId().equals(201)) {
 			certificateList = pxyObjKeyringService.findPxyObjKeyrings(null, 1, 1, "domain");
 		}
 		model.addAttribute("certificateList", certificateList);
 		model.addAttribute("mirrorProfiles", mirrorProfiles);
 		/*if(cfg.getFunctionId().equals(214)){
 			// IP地址仿冒策略使用策略组
 			//List<PolicyGroupInfo> policyGroups = policyGroupInfoService.findPolicyGroupInfosByType(6);
@@ -89,13 +98,16 @@ public class InterceptController extends CommonController {
 		}
 		// 获取证书信息
 		List<PxyObjKeyring> certificateList = new ArrayList<PxyObjKeyring>();
 		List<ProxyFileTrafficMirrorCfg> mirrorProfiles = new ArrayList<ProxyFileTrafficMirrorCfg>();
 //		if (entity.getFunctionId().equals(200)) {
 			certificateList = pxyObjKeyringService.findPxyObjKeyrings(null, 1, 1, null);
 			mirrorProfiles=proxyFileTrafficMirrorService.findMirrorList(null,1,1);
 //		}
 //		if (entity.getFunctionId().equals(201)) {
 //			certificateList = pxyObjKeyringService.findPxyObjKeyrings(null, 1, 1, "domain");
 //		}
 		model.addAttribute("certificateList", certificateList);
 		model.addAttribute("mirrorProfiles", mirrorProfiles);
 		model.addAttribute("_cfg", entity);
 		// IP地址仿冒策略使用策略组
@@ -110,6 +122,116 @@ public class InterceptController extends CommonController {
 	public String saveInterceptIpCfg(RedirectAttributes redirectAttributes, Model model, HttpServletRequest request,
 			HttpServletResponse response, String ids, CfgIndexInfo entity) {
 		try {
 			if(!entity.getAction().equals(1)||!entity.getServiceId().equals(512)) {
 				entity.setUserRegion(null);
 			}else {
 				if(entity.getUserRegion()==null) {
 					entity.setUserRegion(new HashMap<String,Object>());
 				}
 				//keyring
 				String keyring = request.getParameter("keyring");
 				if(StringUtils.isNotBlank(keyring)) {
 					entity.getUserRegion().put("keyring", Long.parseLong(keyring));
 				}else {
 					entity.getUserRegion().put("keyring", 0);
 				}
 				Map<String,Object> map = new HashMap();
 				//exclusions
 				String ev_cert = request.getParameter("ev_cert");
 				String cert_transparency = request.getParameter("cert_transparency");
 				String client_cert_req = request.getParameter("client_cert_req");
 				String pinning = request.getParameter("pinning");
 				if(StringUtils.isNotBlank(ev_cert)){
 					map.put("ev_cert", Integer.parseInt(ev_cert.trim()));
 				}else {
 					map.put("ev_cert", 0);
 				}
 				if(StringUtils.isNotBlank(cert_transparency)){
 					map.put("cert_transparency",Integer.parseInt(cert_transparency.trim()));
 				}else {
 					map.put("cert_transparency", 0);
 				}
 				if(StringUtils.isNotBlank(pinning)){
 					map.put("pinning", Integer.parseInt(pinning.trim()));
 				}else {
 					map.put("pinning", 0);
 				}
 				if(StringUtils.isNotBlank(client_cert_req)){
 					map.put("client_cert_req", Integer.parseInt(client_cert_req.trim()));
 				}else {
 					map.put("client_cert_req", 0);
 				}
 				entity.getUserRegion().put("exclusions", map);
 				//cert_verify
 				Map<String,Object> map1=new HashMap<>();
 				map=new HashMap<>();
 				String cn=request.getParameter("cn");
 				String issuer=request.getParameter("issuer");
 				String self_signed=request.getParameter("self-signed");
 				String expiration=request.getParameter("expiration");
 				if(StringUtils.isNotBlank(cn)){
 					map.put("cn",Integer.parseInt(cn.trim()));
 				}else {
 					map.put("cn",0);
 				}
 				if(StringUtils.isNotBlank(issuer)){
 					map.put("issuer",Integer.parseInt(issuer.trim()));
 				}else {
 					map.put("issuer",0);
 				}
 				if(StringUtils.isNotBlank(self_signed)){
 					map.put("self-signed",Integer.parseInt(self_signed.trim()));
 				}else {
 					map.put("self-signed",0);
 				}
 				if(StringUtils.isNotBlank(expiration)){
 					map.put("expiration",Integer.parseInt(expiration.trim()));
 				}else {
 					map.put("expiration",0);
 				}
 				map1.put("approach", map);
 				String fail_method=request.getParameter("fail_method");
 				if(StringUtils.isNotBlank(fail_method)){
 					map1.put("fail_method",fail_method.trim());
 				}
 				entity.getUserRegion().put("cert_verify", map1);
 				//ssl_ver
 				map=new HashMap<>();
 				String mirror_client=request.getParameter("mirror_client");
 				String min=request.getParameter("min");
 				String max=request.getParameter("max");
 				if(StringUtils.isNotBlank(mirror_client)){
 					map.put("mirror_client", Integer.parseInt(mirror_client.trim()));
 				}else {
 					mirror_client="0";
 					map.put("mirror_client", 0);
 				}
 				if("0".equals(mirror_client)) {
 					if(StringUtils.isNotBlank(min)){
 						map.put("min", min.trim());
 					}
 					if(StringUtils.isNotBlank(max)){
 						map.put("max", max.trim());
 					}
 				}
 				entity.getUserRegion().put("ssl_ver", map);
 				//decrypt_mirror
 				map=new HashMap<>();
 				String enable=request.getParameter("enable");
 				String mirror_profile=request.getParameter("mirror_profile");
 				if(StringUtils.isNotBlank(enable)){
 					map.put("enable", Integer.parseInt(enable.trim()));
 				}else {
 					enable="0";
 					map.put("enable", 0);
 				}
 				if("1".equals(enable)) {
 					if(StringUtils.isNotBlank(mirror_profile)){
 						map.put("mirror_profile", mirror_profile.trim());
 					}
 				}
 				entity.getUserRegion().put("decrypt_mirror", map);
 			}
 			interceptCfgService.saveInterceptCfg(entity);
 			//配置仅保存
 			if(StringUtil.isEmpty(entity.getIsValid()) || entity.getIsValid()!=1) {
@@ -169,6 +291,33 @@ public class InterceptController extends CommonController {
 		model.addAttribute("tabList", tabList);
 		return "/cfg/intercept/interceptSubList";
 	}
 	//替换keyring,mirror_profiles
 	@RequestMapping(value = { "/ajaxGetValues" })
 	@ResponseBody
 	public Map<String,Object> ajaxGetValues(Model model, @RequestParam(required=false,value="keyrings")String keyrings, @RequestParam(required=false,value="mirrorProfiles")String mirrorProfiles) {
 		Map<String,Object> datas=new HashMap<>();
 		List<PxyObjKeyring> certificateList = new ArrayList<PxyObjKeyring>();
 		List<ProxyFileTrafficMirrorCfg> mirrorProfileList = new ArrayList<ProxyFileTrafficMirrorCfg>();
 //		if (entity.getFunctionId().equals(200)) {
 		Map<String,Object> _datas=new HashMap<>();
 		if(StringUtils.isNotBlank(keyrings)) {
 			certificateList = pxyObjKeyringService.findAllPxyObjKeyrings(keyrings, 1, 1, null);
 			for(PxyObjKeyring certificate:certificateList) {
 				_datas.put(certificate.getCompileId().toString(), certificate.getCfgDesc());
 			}
 			datas.put("keyrings", _datas);
 		}
 		if(StringUtils.isNotBlank(mirrorProfiles)) {
 			mirrorProfileList=proxyFileTrafficMirrorService.findMirrorList(mirrorProfiles,1,1);
 			_datas=new HashMap<>();
 			for(ProxyFileTrafficMirrorCfg mirrorProfile:mirrorProfileList) {
 				_datas.put(mirrorProfile.getCompileId().toString(), mirrorProfile.getCfgDesc());
 			}
 			datas.put("mirrorProfiles", _datas);
 		}
 		return datas;
 	}
 	@RequestMapping(value = { "auditInterceptIpCfg", "auditInterceptDomainCfg", "auditInterceptIpPayloadCfg" })
 	public String auditInterceptIpCfg(Model model, @ModelAttribute("cfg") CfgIndexInfo cfg, Integer isValid,
@@ -284,6 +433,7 @@ public class InterceptController extends CommonController {
 			Map<String, String> replaceExportMap = new HashMap<String, String>();
 			Properties prop = getMsgProp();
 			List<CfgIndexInfo> ipLists = new ArrayList<CfgIndexInfo>();
 			List<PxyInterceptCfg> pxyInterceptCfgs=new ArrayList<>();
 			// 导出选中记录
 			if (!StringUtil.isEmpty(ids)) {
 				ipLists = ipCfgService.getByIdsList(ids);
@@ -326,38 +476,103 @@ public class InterceptController extends CommonController {
 			}
 			// 获取证书信息
 			List<PxyObjKeyring> certificateList = new ArrayList<PxyObjKeyring>();
 			List<ProxyFileTrafficMirrorCfg> mirrorProfileList=new ArrayList<>();
 			if (entity.getFunctionId().equals(200)) {
 				certificateList = pxyObjKeyringService.findPxyObjKeyrings(null, 1, 1, "ip");
 				mirrorProfileList=proxyFileTrafficMirrorService.findMirrorList(null, 1, 1);
 			}
 			if (entity.getFunctionId().equals(201)) {
 				certificateList = pxyObjKeyringService.findPxyObjKeyrings(null, 1, 1, "domain");
 			}
 			for (CfgIndexInfo str : ipLists) {
 				PxyInterceptCfg pxyInterceptCfg=new PxyInterceptCfg();
 				BeanUtils.copyProperties(str, pxyInterceptCfg);
 				if (!StringUtil.isEmpty(str.getUserRegion5())) {
 					String cs = DictUtils.getDictLabel("INTERCEPT_DOMAIN_INTENSITY", str.getUserRegion5());
 					str.setUserRegion5(prop.getProperty(cs));
 				}
 				str.setUserRegion(new HashMap<String,Object>());
 				if (certificateList != null) {
-					if (entity.getFunctionId() == 200 || entity.getFunctionId() == 201) {
+					if (entity.getFunctionId() == 200 ) {
-						if (!StringUtil.isEmpty(str.getUserRegion1())) {
+						if (!StringUtil.isEmpty(str.getUserRegion1())&&str.getUserRegion1().startsWith("{")) {
-							boolean flag = false;
+							
-							for (PxyObjKeyring pxyObjKeyring : certificateList) {
+							Map<String,Object> userregion=BaseService.gsonFromJson(str.getUserRegion1(), Map.class);
-								if (str.getUserRegion1().equals(String.valueOf(pxyObjKeyring.getCompileId()))) {
+							if(userregion.containsKey("keyring")) {
-									str.setUserRegion1(pxyObjKeyring.getCfgDesc());
+								for (PxyObjKeyring pxyObjKeyring : certificateList) {
-									flag = true;
+									if (String.valueOf(pxyObjKeyring.getCompileId()).equals(userregion.get("keyring").toString())) {
-									break;
+										pxyInterceptCfg.setKeyring(pxyObjKeyring.getCfgDesc());
 										break;
 									}
 								}
 							}
-							if (!flag) {
+							if(((Map<String,Object>)userregion.get("exclusions")).containsKey("ev_cert")){
-								str.setUserRegion1(null);
+								pxyInterceptCfg.setEvCert(((Map<String,Object>)userregion.get("exclusions")).get("ev_cert").toString());
 							}
 							if(((Map<String,Object>)userregion.get("exclusions")).containsKey("cert_transparency")){
 								pxyInterceptCfg.setCertTransparency(((Map<String,Object>)userregion.get("exclusions")).get("cert_transparency").toString());
 							}
 							if(((Map<String,Object>)userregion.get("exclusions")).containsKey("ev_cert")) {
 								pxyInterceptCfg.setClientCertReq(((Map<String,Object>)userregion.get("exclusions")).get("ev_cert").toString());
 							}
 							if(((Map<String,Object>)userregion.get("exclusions")).containsKey("ev_cert")) {
 								pxyInterceptCfg.setPinning(((Map<String,Object>)userregion.get("exclusions")).get("ev_cert").toString());
 							}
 							if(((Map<String,Object>)((Map<String,Object>)userregion.get("cert_verify")).get("approach")).containsKey("cn")) {
 								pxyInterceptCfg.setCn(((Map<String,Object>)((Map<String,Object>)userregion.get("cert_verify")).get("approach")).get("cn").toString());
 							}
 							if(((Map<String,Object>)((Map<String,Object>)userregion.get("cert_verify")).get("approach")).containsKey("issuer")) {
 								pxyInterceptCfg.setIssuer(((Map<String,Object>)((Map<String,Object>)userregion.get("cert_verify")).get("approach")).get("issuer").toString());
 							}
 							if(((Map<String,Object>)((Map<String,Object>)userregion.get("cert_verify")).get("approach")).containsKey("self-signed")) {
 								pxyInterceptCfg.setSelfSigned(((Map<String,Object>)((Map<String,Object>)userregion.get("cert_verify")).get("approach")).get("self-signed").toString());
 							}
 							if(((Map<String,Object>)((Map<String,Object>)userregion.get("cert_verify")).get("approach")).containsKey("expiration")) {
 								pxyInterceptCfg.setSelfSigned(((Map<String,Object>)((Map<String,Object>)userregion.get("cert_verify")).get("approach")).get("expiration").toString());
 							}
 							if(((Map<String,Object>)((Map<String,Object>)userregion.get("cert_verify")).get("approach")).containsKey("expiration")) {
 								pxyInterceptCfg.setExpiration(((Map<String,Object>)((Map<String,Object>)userregion.get("cert_verify")).get("approach")).get("expiration").toString());
 							}
 							if(((Map<String,Object>)userregion.get("cert_verify")).containsKey("fail_method")) {
 								pxyInterceptCfg.setFailMethod(((Map<String,Object>)userregion.get("cert_verify")).get("fail_method").toString());
 							}
 							if(((Map<String,Object>)userregion.get("ssl_ver")).containsKey("min")) {
 								pxyInterceptCfg.setMin(((Map<String,Object>)userregion.get("ssl_ver")).get("min").toString());
 							}
 							if(((Map<String,Object>)userregion.get("ssl_ver")).containsKey("max")) {
 								pxyInterceptCfg.setMax(((Map<String,Object>)userregion.get("ssl_ver")).get("max").toString());
 							}
 							if(((Map<String,Object>)userregion.get("ssl_ver")).containsKey("mirror_client")) {
 								pxyInterceptCfg.setMirrorClient(((Map<String,Object>)userregion.get("ssl_ver")).get("mirror_client").toString());
 							}
 							if(((Map<String,Object>)userregion.get("decrypt_mirror")).containsKey("enable")) {
 								pxyInterceptCfg.setEnable(((Map<String,Object>)userregion.get("decrypt_mirror")).get("enable").toString());
 							}
 							if(((Map<String,Object>)userregion.get("decrypt_mirror")).containsKey("mirror_profile")) {
 							}
 							//pxyInterceptCfg.setMirrorProfile(((Map<String,Object>)userregion.get("decrypt_mirror")).get("mirror_profile").toString());
 							if(((Map<String,Object>)userregion.get("decrypt_mirror")).containsKey("mirror_profile")) {
 								for (ProxyFileTrafficMirrorCfg mirrorProfile : mirrorProfileList) {
 									if (String.valueOf(mirrorProfile.getCompileId()).equals(((Map<String,Object>)userregion.get("decrypt_mirror")).get("mirror_profile").toString())) {
 										pxyInterceptCfg.setMirrorProfile(mirrorProfile.getCfgDesc());
 										break;
 									}
 								}
 							}
 						}
 					}
 				}
 				pxyInterceptCfgs.add(pxyInterceptCfg);
 			}
 			titleList.add(entity.getMenuNameCode());
-			classMap.put(entity.getMenuNameCode(), CfgIndexInfo.class);
+			if(entity.getFunctionId().equals(200)) {
 				classMap.put(entity.getMenuNameCode(), PxyInterceptCfg.class);
 			}else {
 				classMap.put(entity.getMenuNameCode(), CfgIndexInfo.class);
 			}
 			String cfgIndexInfoNoExport = "";
 			String ipPortInfoNoExport = ",do_log,action,config_describe,valid_identifier,is_audit,creator,creator"
 					+ ",config_time,editor,edit_time,auditor,audit_time"
@@ -375,10 +590,14 @@ public class InterceptController extends CommonController {
 			List<IpPortCfg> ipList = new ArrayList<IpPortCfg>();
 			List<BaseStringCfg> httpUrlList = new ArrayList<BaseStringCfg>();
 			List<BaseStringCfg> pktBinList = new ArrayList<BaseStringCfg>();
 			int index=0;
 			for (CfgIndexInfo cfg : ipLists) {
 				for (Map<String,Object> logTotal : logTotals) {
 					if(cfg.getCompileId().equals(Integer.parseInt((String) logTotal.get("compileId")))){
 						cfg.setTotalLogs((Long)logTotal.get("sum"));
 						if (entity.getFunctionId().equals(200)){
 							pxyInterceptCfgs.get(index).setTotalLogs((Long)logTotal.get("sum"));
 						}
 						break;
 					}
 				}
@@ -398,6 +617,7 @@ public class InterceptController extends CommonController {
 						cfg.setUserRegion5(msgProp.getProperty(DictUtils.getDictLabels("SERVICE_ACTION", cfg.getAction().toString(), cfg.getAction().toString())));
 					}
 				}
 				index++;
 			}
 			if (214==entity.getFunctionId()) {
@@ -410,7 +630,12 @@ public class InterceptController extends CommonController {
 			pktBinList = BaseStringCfg.replaceBaseKeyList(pktBinList);
 			httpUrlList = BaseStringCfg.baseHexList(httpUrlList);
-			dataMap.put(entity.getMenuNameCode(), ipLists);
+			if(entity.getFunctionId().equals(200)) {
 				dataMap.put(entity.getMenuNameCode(), pxyInterceptCfgs);
 			}else {
 				dataMap.put(entity.getMenuNameCode(), ipLists);
 			}
 			if (entity.getFunctionId() == 212) { // IP Payload
 				cfgIndexInfoNoExport = ",policy_name,group_name,userregion4,userregion5,&userregion1:replace_zone-userregion2:replaced_content-userregion3:replace_content-";
 				titleList.add("PXY_INTERCEPT_IP");
--- a/src/main/java/com/nis/web/dao/configuration/ProxyFileTrafficMirrorDao.java
+++ b/src/main/java/com/nis/web/dao/configuration/ProxyFileTrafficMirrorDao.java
@@ -16,4 +16,6 @@ public interface ProxyFileTrafficMirrorDao extends CrudDao<ProxyFileTrafficMirro
 	public ProxyFileTrafficMirrorCfg getCfgById(@Param("cfgId")Long cfgId);
 	List<ProxyFileTrafficMirrorCfg> findByList(@Param("ids")String ids);
 	List<ProxyFileTrafficMirrorCfg> findMirrorList(@Param("compileIds")String compileIds, @Param("isValid")Integer isValid, @Param("isAudit")Integer isAudit);
 }
--- a/src/main/java/com/nis/web/dao/configuration/ProxyFileTrafficMirrorDao.xml
+++ b/src/main/java/com/nis/web/dao/configuration/ProxyFileTrafficMirrorDao.xml
@@ -305,5 +305,23 @@
 		left join request_info ri on a.request_id=ri.id
 	     where a.CFG_ID in (${ids})
  </select>
  <select id="findMirrorList" resultMap="ProxyFileTrafficMirrorCfg">
 		SELECT
 			<include refid="ProxyFileTrafficMirrorCfgColumn"/>
 	    FROM  PXY_PROFILE_TRAFFIC_MIRROR a
 	    <trim prefix="where" prefixOverrides="and">
 	    	<if test="compileIds!=null and compileIds!=''">
 	    	 and a.COMPILE_ID in (${compileIds})
 	    	</if>
 	    	<if test="isValid!=null and isValid!=''">
 	    	 and a.IS_VALID =#{isValid}
 	    	</if>
 	    	<if test="isAudit!=null and isAudit!=''">
 	    	 and a.IS_AUDIT =#{isAudit}
 	    	</if>
 	    </trim>
  </select>
 </mapper>
--- a/src/main/java/com/nis/web/dao/configuration/PxyObjKeyringDao.java
+++ b/src/main/java/com/nis/web/dao/configuration/PxyObjKeyringDao.java
@@ -21,6 +21,9 @@ public interface PxyObjKeyringDao  extends CrudDao<PxyObjKeyring>{
 	List<PxyObjKeyring> findList(@Param("cfgId")Long cfgId
 			,@Param("isAudit")Integer isAudit
 			,@Param("isValid")Integer isValid,@Param("cfgType")String cfgType);
 	List<PxyObjKeyring> findLists(@Param("compileIds")String cfgIds
 			,@Param("isAudit")Integer isAudit
 			,@Param("isValid")Integer isValid,@Param("cfgType")String cfgType);
 	PxyObjTrustedCaCert getPxyObjTrustedCaCert(Long  id);
 	PxyObjTrustedCaCrl getPxyObjTrustedCaCrl(PxyObjTrustedCaCrl  entity);
 	void insertPxyObjTrustedCaCert(PxyObjTrustedCaCert PxyObjTrustedCaCert);
--- a/src/main/java/com/nis/web/dao/configuration/PxyObjKeyringDao.xml
+++ b/src/main/java/com/nis/web/dao/configuration/PxyObjKeyringDao.xml
@@ -366,6 +366,34 @@
   		</if>
 	    </where>
 	</select>
      <select id="findLists" resultMap="PxyObjKeyringMap">
 		SELECT
 			<include refid="PxyObjKeyringColumns"/>
 	    FROM pxy_obj_keyring r
 	    <where>
 	   	 <if test="isValid == -1">
   			AND r.is_valid !=-1
   		</if>
 	   	 <if test="isValid == 1">
   			AND r.is_valid =1
   		</if>
 	   	 <if test="isValid == 0">
   			AND r.is_valid =0
   		</if>
 	   	 <if test="isAudit == 0">
   			AND r.is_audit =0
   		</if>
 	   	 <if test="isAudit == 1">
   			AND r.is_audit =1
   		</if>
 	   	 <if test="cfgType == 'ip' ">
   			<![CDATA[AND r.keyring_type <> 'end-entity']]>
   		</if>
 	   	 <if test="compileIds != null">
   			AND r.COMPILE_ID in(#{compileIds})
   		</if>
 	    </where>
 	</select>
   <!-- 查出所有 有效数据-->
      <select id="getPxyObjTrustedCaCert" resultType="com.nis.domain.configuration.PxyObjTrustedCaCert">
 		SELECT
--- a/src/main/java/com/nis/web/service/BaseService.java
+++ b/src/main/java/com/nis/web/service/BaseService.java
@@ -2508,10 +2508,13 @@ public abstract class BaseService {
 									if(_cfg.getAction().equals(Constants.MONIT_ACTION)) {
 										maatCfg.setUserRegion(Constants.INTERCEPT_IP_MONIT_USER_REGION_KEY+"="+Constants.USER_REGION_PLACEHOLDER);
 									}*/
-									if(serviceDict!=null&&serviceDict.getAction().equals(Constants.MONIT_ACTION)) {// 监测 需要发keyring_id、拦截强度
+									/*if(serviceDict!=null&&serviceDict.getAction().equals(Constants.MONIT_ACTION)) {// 监测 需要发keyring_id、拦截强度
 										_cfg.setUserRegion1(StringUtil.isEmpty(_cfg.getUserRegion1()) ? "0":_cfg.getUserRegion1());
 										_cfg.setUserRegion5(StringUtil.isEmpty(_cfg.getUserRegion5()) ? "1":_cfg.getUserRegion5());
 										maatCfg.setUserRegion(Constants.INTERCEPT_IP_MONIT_USER_REGION_KEY+"=0"+";"+Constants.INTERCEPT_DOMAN_INTENSITY_USER_REGION_KEY+"="+_cfg.getUserRegion5());
 									}*/
 									if(serviceDict!=null&&serviceDict.getServiceId().equals(512)) {
 										maatCfg.setUserRegion(_cfg.getUserRegion1());
 									}
 									if(serviceDict!=null&&serviceDict.getAction().equals(64)) {
 										maatCfg.setUserRegion(Constants.INTERCEPT_IP_RATELIMIT_DROPRATE_USER_REGION_KEY+"="+_cfg.getUserRegion2());
@@ -2673,13 +2676,18 @@ public abstract class BaseService {
 								}else if(regionDict.getDictId()==159) {
 									maatCfg.setUserRegion(Constants.P2P_HASH_TYPE_USER_REGION_KEY+"="+_cfg.getUserRegion1());
 								}else if(regionDict.getFunctionId()==200) {// Domain Intercept
-									String userRegion = Constants.USERREGION_DOMAIN_ID+"="+_cfg.getCompileId()+";"+Constants.USERREGION_DOMAIN_STR+"="+_cfg.getCfgKeywords();
+									if(serviceDict!=null&&serviceDict.getServiceId().equals(512)) {
-									if(_cfg.getAction().equals(Constants.MONIT_ACTION)) {// 监测 需要发keyring_id、拦截强度
+										maatCfg.setUserRegion(_cfg.getUserRegion1());
-										userRegion = Constants.INTERCEPT_IP_MONIT_USER_REGION_KEY+"=0"+";"+Constants.INTERCEPT_DOMAN_INTENSITY_USER_REGION_KEY+"="+_cfg.getUserRegion5()+";" + userRegion;
+									}else {
-									}else if(_cfg.getAction().equals(Constants.RATELIMIT_ACTION)) {// 限速 需要发Droprate
+										String userRegion = Constants.USERREGION_DOMAIN_ID+"="+_cfg.getCompileId()+";"+Constants.USERREGION_DOMAIN_STR+"="+_cfg.getCfgKeywords();
-										userRegion = Constants.INTERCEPT_IP_RATELIMIT_DROPRATE_USER_REGION_KEY+"="+_cfg.getUserRegion2()+";" + userRegion;
+										/*if(_cfg.getAction().equals(Constants.MONIT_ACTION)) {// 监测 需要发keyring_id、拦截强度
 											userRegion = Constants.INTERCEPT_IP_MONIT_USER_REGION_KEY+"=0"+";"+Constants.INTERCEPT_DOMAN_INTENSITY_USER_REGION_KEY+"="+_cfg.getUserRegion5()+";" + userRegion;
 										}else*/ if(_cfg.getAction().equals(Constants.RATELIMIT_ACTION)) {// 限速 需要发Droprate
 											userRegion = Constants.INTERCEPT_IP_RATELIMIT_DROPRATE_USER_REGION_KEY+"="+_cfg.getUserRegion2()+";" + userRegion;
 										}
 										maatCfg.setUserRegion(userRegion);
 									}
-									maatCfg.setUserRegion(userRegion);
+									
 								}else if(regionDict.getFunctionId()==207 || regionDict.getFunctionId()==208 || regionDict.getFunctionId()==209) {// HTTP(s)阻断、重定向、替换
 									String userRegion = Constants.USER_REGION_PLACEHOLDER;
 									if(_cfg.getAction().equals(Constants.REJECT_ACTION)) {// 阻断
--- a/src/main/java/com/nis/web/service/configuration/ConfigSynchronizationService.java
+++ b/src/main/java/com/nis/web/service/configuration/ConfigSynchronizationService.java
@@ -325,8 +325,8 @@ public class ConfigSynchronizationService  extends BaseService{
 					List<BaseStringCfg> strDataList=configSynchronizationDao.getStrList(tableName,compileIds);
 					strList.addAll(strDataList);
 					//512/521/514/1026业务的用户自定义域取DOMAIN_STR取自Keyword
-					if(entity.getServiceId()==512
+					if(/*entity.getServiceId()==512
-							||entity.getServiceId()==521
+							||*/entity.getServiceId()==521
 							||entity.getServiceId()==514
 							||entity.getServiceId()==1026) {
 						keywordMap=configSynchronizationDao.getCompileIdWithKeyword(tableName, compileIds);
@@ -426,10 +426,14 @@ public class ConfigSynchronizationService  extends BaseService{
 							}
 							userRegion += n.get("regionKey")+"="+value+Constants.USER_REGION_SPLIT;
 						}else if(entity.getServiceId().equals(512)) {
 							if(!StringUtil.isEmpty(cfg.getUserRegion1())&&cfg.getUserRegion1().startsWith("{")) {
 								userRegion=cfg.getUserRegion1();
 							}
 						}else{
-							if(regionKey.equals("keyring_id") && StringUtil.isEmpty(value)){
+							/*if(regionKey.equals("keyring_id") && StringUtil.isEmpty(value)){
 								value = "0";
-							}else if(regionKey.equals("DOMAIN_STR")) {
+							}else */if(regionKey.equals("DOMAIN_STR")) {
 								if(!StringUtil.isEmpty(keywordMap) && !StringUtil.isEmpty(keywordMap.get(cfg.getCompileId()))) {
 									value = keywordMap.get(cfg.getCompileId()).getCfgKeywords();
 								}
--- a/src/main/java/com/nis/web/service/configuration/InterceptCfgService.java
+++ b/src/main/java/com/nis/web/service/configuration/InterceptCfgService.java
@@ -27,7 +27,6 @@ import com.nis.domain.maat.MaatCfg.DigestCfg;
 import com.nis.domain.maat.MaatCfg.GroupCfg;
 import com.nis.domain.maat.MaatCfg.IpCfg;
 import com.nis.domain.maat.MaatCfg.StringCfg;
 import com.nis.domain.specific.ConfigGroupInfo;
 import com.nis.exceptions.MaatConvertException;
 import com.nis.util.ConfigServiceUtil;
 import com.nis.util.Constants;
@@ -58,6 +57,9 @@ public class InterceptCfgService extends CrudService<WebsiteCfgDao,CfgIndexInfo>
 	public CfgIndexInfo getInterceptCfg(Long cfgId,Integer compileId){
 		CfgIndexInfo entity = websiteCfgDao.getCfgIndexInfo(cfgId,compileId);
 		if(entity.getServiceId().equals(512)) {
 			entity.setUserRegion((Map<String,Object>)this.gsonFromJson(entity.getUserRegion1(),Map.class));
 		}
 		List<IpPortCfg> ipPortList = websiteCfgDao.getIpPortList(entity);
 		List<InterceptPktBin> pktBinList = interceptCfgDao.getInterceptPktBin(entity);
 		List<HttpUrlCfg> httpUrlList = websiteCfgDao.getHttpUrlList(entity);
@@ -108,7 +110,10 @@ public class InterceptCfgService extends CrudService<WebsiteCfgDao,CfgIndexInfo>
 		if(!StringUtil.isEmpty(entity.getIsValid()) && entity.getIsValid()==1) {
 			isValid=1;
 		}
-		
+		//处理复杂用户自定义域
 		if(!StringUtil.isEmpty(entity.getUserRegion())){
 			entity.setUserRegion1(gsonToJson(entity.getUserRegion()));
 		}
 		entity.setIsValid(0);
 		entity.setIsAudit(0);
@@ -459,7 +464,9 @@ public class InterceptCfgService extends CrudService<WebsiteCfgDao,CfgIndexInfo>
 		boolean doaminFlag=false;
 		String domainUserRegion="";
 		if(entity.getHttpUrlList()!=null && entity.getHttpUrlList().size()>0){
-			doaminFlag=true;
+			if(!entity.getServiceId().equals(512)) {
 				doaminFlag=true;
 			}
 			domainUserRegion=Constants.USERREGION_DOMAIN_ID+"="+entity.getCompileId();
 			String domainStr="";
 			if(entity != null && entity.getHttpUrlList() != null && entity.getHttpUrlList().size() > 0){
@@ -511,59 +518,66 @@ public class InterceptCfgService extends CrudService<WebsiteCfgDao,CfgIndexInfo>
 			maatCfg.setGroupNum(groupRelationList.size());
 			maatCfg.setAreaIpRegionList(areaIpRegionList);
 			maatCfg.setIsValid(entity.getIsValid());
-			
+			if(entity.getServiceId().equals(512)) {
-			//监测 需要发keyring_id
+				maatCfg.setUserRegion(entity.getUserRegion1());
-			if(entity.getAction().equals(Constants.MONIT_ACTION)){
+				if(StringUtil.isEmpty(maatCfg.getUserRegion())){
-				entity.setUserRegion1(StringUtil.isEmpty(entity.getUserRegion1()) ? "0":entity.getUserRegion1());
+					maatCfg.setUserRegion(Constants.USER_REGION_PLACEHOLDER);
-				maatCfg.setUserRegion(Constants.INTERCEPT_IP_MONIT_USER_REGION_KEY+"="+entity.getUserRegion1());
+				}
-				//监测的域名需下发拦截强度
+			}else {
-				if(entity.getFunctionId().equals(200)){
+				//监测 需要发keyring_id
-					if(entity.getHttpUrlList()!=null && entity.getHttpUrlList().size()>0){
+				if(entity.getAction().equals(Constants.MONIT_ACTION)){
-						entity.setUserRegion5(StringUtil.isEmpty(entity.getUserRegion5()) ? "1":entity.getUserRegion5());
+					entity.setUserRegion1(StringUtil.isEmpty(entity.getUserRegion1()) ? "0":entity.getUserRegion1());
-						if(StringUtil.isEmpty(maatCfg.getUserRegion())) {
+					maatCfg.setUserRegion(Constants.INTERCEPT_IP_MONIT_USER_REGION_KEY+"="+entity.getUserRegion1());
-							maatCfg.setUserRegion(Constants.INTERCEPT_DOMAN_INTENSITY_USER_REGION_KEY+"="+entity.getUserRegion5());
+					//监测的域名需下发拦截强度
-						}else {
+					if(entity.getFunctionId().equals(200)){
-							maatCfg.setUserRegion(maatCfg.getUserRegion()+";"+Constants.INTERCEPT_DOMAN_INTENSITY_USER_REGION_KEY+"="+entity.getUserRegion5());
+						if(entity.getHttpUrlList()!=null && entity.getHttpUrlList().size()>0){
 							entity.setUserRegion5(StringUtil.isEmpty(entity.getUserRegion5()) ? "1":entity.getUserRegion5());
 							if(StringUtil.isEmpty(maatCfg.getUserRegion())) {
 								maatCfg.setUserRegion(Constants.INTERCEPT_DOMAN_INTENSITY_USER_REGION_KEY+"="+entity.getUserRegion5());
 							}else {
 								maatCfg.setUserRegion(maatCfg.getUserRegion()+";"+Constants.INTERCEPT_DOMAN_INTENSITY_USER_REGION_KEY+"="+entity.getUserRegion5());
 							}
 						}
 					}
-					
+				}
 				//限速 需要发Droprate=0.001 ，暂不支持Bandwidth=200kbps
 				if(entity.getAction().equals(Constants.RATELIMIT_ACTION)){
 					if(entity.getUserRegion1().equals("0")){//丢包率
 						entity.setUserRegion2(StringUtil.isEmpty(entity.getUserRegion2()) ? "":entity.getUserRegion2());
 						maatCfg.setUserRegion(Constants.INTERCEPT_IP_RATELIMIT_DROPRATE_USER_REGION_KEY+"="+entity.getUserRegion2());
 					}else if(entity.getUserRegion1().equals("1")){//带宽
 						entity.setUserRegion3(StringUtil.isEmpty(entity.getUserRegion3()) ? "":entity.getUserRegion3());
 						maatCfg.setUserRegion(Constants.INTERCEPT_IP_RATELIMIT_BANDWITH_USER_REGION_KEY+"="+entity.getUserRegion3());
 					}
 				}
 				String userRegion="";
 				//替换需要发zone
 				if(entity.getAction().equals(Constants.REPLACE_ACTION)){
 						//HTTP replace： replace type is not null ;find is not null;replace with is not null(userRegion is not null)
 						userRegion=Constants.REPLACE_ZONE_KEY+"="+entity.getUserRegion1();
 						String substitute="";
 						String userRegion2=StringUtil.isEmpty(entity.getUserRegion2()) ? "":entity.getUserRegion2();
 						substitute="/";
 						userRegion2 = BaseService.replaceContentEscape(userRegion2);
 						substitute=substitute+userRegion2;
 						String userRegion3=StringUtil.isEmpty(entity.getUserRegion3()) ? "":entity.getUserRegion3();
 						userRegion3 = BaseService.replaceContentEscape(userRegion3);
 						substitute=substitute+"/"+userRegion3;
 						userRegion=userRegion+";"+Constants.REPLACE_SUBSTITUTE_KEY+"="+substitute;
 						maatCfg.setUserRegion(userRegion);
 				}
 				//ip仿冒自定义域信息
 				if(entity.getAction().equals(48)){
 						//HTTP replace： replace type is not null ;find is not null;replace with is not null(userRegion is not null)
 						userRegion="nat_type="+entity.getUserRegion1();
 						userRegion+=";spoofing_ip_pool="+entity.getUserRegion3();
 						maatCfg.setUserRegion(userRegion);
 				}
 			}
-			//限速 需要发Droprate=0.001 ，暂不支持Bandwidth=200kbps
+			
 			if(entity.getAction().equals(Constants.RATELIMIT_ACTION)){
 				if(entity.getUserRegion1().equals("0")){//丢包率
 					entity.setUserRegion2(StringUtil.isEmpty(entity.getUserRegion2()) ? "":entity.getUserRegion2());
 					maatCfg.setUserRegion(Constants.INTERCEPT_IP_RATELIMIT_DROPRATE_USER_REGION_KEY+"="+entity.getUserRegion2());
 				}else if(entity.getUserRegion1().equals("1")){//带宽
 					entity.setUserRegion3(StringUtil.isEmpty(entity.getUserRegion3()) ? "":entity.getUserRegion3());
 					maatCfg.setUserRegion(Constants.INTERCEPT_IP_RATELIMIT_BANDWITH_USER_REGION_KEY+"="+entity.getUserRegion3());
 				}
 			}
 			String userRegion="";
 			//替换需要发zone
 			if(entity.getAction().equals(Constants.REPLACE_ACTION)){
 					//HTTP replace： replace type is not null ;find is not null;replace with is not null(userRegion is not null)
 					userRegion=Constants.REPLACE_ZONE_KEY+"="+entity.getUserRegion1();
 					String substitute="";
 					String userRegion2=StringUtil.isEmpty(entity.getUserRegion2()) ? "":entity.getUserRegion2();
 					substitute="/";
 					userRegion2 = BaseService.replaceContentEscape(userRegion2);
 					substitute=substitute+userRegion2;
 					String userRegion3=StringUtil.isEmpty(entity.getUserRegion3()) ? "":entity.getUserRegion3();
 					userRegion3 = BaseService.replaceContentEscape(userRegion3);
 					substitute=substitute+"/"+userRegion3;
 					userRegion=userRegion+";"+Constants.REPLACE_SUBSTITUTE_KEY+"="+substitute;
 					maatCfg.setUserRegion(userRegion);
 			}
 			//ip仿冒自定义域信息
 			if(entity.getAction().equals(48)){
 					//HTTP replace： replace type is not null ;find is not null;replace with is not null(userRegion is not null)
 					userRegion="nat_type="+entity.getUserRegion1();
 					userRegion+=";spoofing_ip_pool="+entity.getUserRegion3();
 					maatCfg.setUserRegion(userRegion);
 			}
 			//域名拦截需要增加域名id和域名字符串自定义配置
 			if(StringUtil.isEmpty(maatCfg.getUserRegion()) 
--- a/src/main/java/com/nis/web/service/configuration/ProxyFileTrafficMirrorService.java
+++ b/src/main/java/com/nis/web/service/configuration/ProxyFileTrafficMirrorService.java
@@ -37,7 +37,12 @@ public class ProxyFileTrafficMirrorService extends BaseService{
 		page.setList(list);
 		return page;
 	}
-	
+	/**
 	 */
 	public List<ProxyFileTrafficMirrorCfg> findMirrorList(String compileIds,Integer isValid,Integer isAudit) {
 		return proxyFileDao.findMirrorList(compileIds,isValid,isAudit);
 	}
 	public ProxyFileTrafficMirrorCfg getCfgById(Long cfgId) {
 		return proxyFileDao.getCfgById(cfgId);
 	}
--- a/src/main/java/com/nis/web/service/configuration/PxyObjKeyringService.java
+++ b/src/main/java/com/nis/web/service/configuration/PxyObjKeyringService.java
@@ -85,6 +85,10 @@ public class PxyObjKeyringService extends BaseService{
 		List<PxyObjKeyring> list=pxyObjKeyringDao.findList(cfgId,isValid,isAudit,cfgType);
 		return list;
 	}
 	public List<PxyObjKeyring> findAllPxyObjKeyrings(String compileIds,Integer isValid,Integer isAudit,String cfgType) {
 		List<PxyObjKeyring> list=pxyObjKeyringDao.findLists(compileIds,isValid,isAudit,cfgType);
 		return list;
 	}
 	public PxyObjKeyring getPxyObjKeyring(Long id,Integer isValid) {
 		List<PxyObjKeyring> list=pxyObjKeyringDao.findList(id,isValid,null,null);
--- a/src/main/resources/messages/message_en.properties
+++ b/src/main/resources/messages/message_en.properties
@@ -1542,4 +1542,39 @@ mirror_addr_type=Address Type
 target_name=Target Name
 traffic_mirror_address=Traffic Mirror Address
 content_name=Content Name
-none_profile_tip=Please Choose Profile Info!
+none_profile_tip=Please Choose Profile Info!
 #---------------------------pxy intercept------------------------------------
 min_should_less_than_max=The min SSL version should less than the max SSL version
 exclusions_ev_cert=Exclusion EV Cert
 exclusions_cert_transparency=Exclusion Cert Transparency
 exclusions_client_cert_req=Exclusion Client Cert Request
 exclusions_pinning=Exclusion Pinning
 cert_verify_approach_cn=Approach CN
 cert_verify_approach_issuer=Approach Issuer
 cert_verify_approach_self_signed=Approach Self Signed
 cert_verify_approach_expiration=Approach Expiration
 cert_verify_approach_fail_method=Fail Method
 ssl_ver_min=Min SSL Version
 ssl_ver_max=Max SSL Version
 ssl_ver_mirror_client=Mirror Client
 decrypt_mirror_enable=Mirror Enable
 decrypt_mirror_mirror_profile=Mirror Profile
 exclusions=Exclusions
 ev_cert=EV Cert
 cert_transparency=Cert Transparency
 client_cert_req=Client Cert Request
 pinning=Pinning
 cn=CN
 self_signed=Self Signed
 expiration=Expiration
 approach=Approach
 cert_verify=Cert Verify
 ssl_version=SSL Version
 mirror_client=Mirror Client
 min=Min
 max=Max
 decrypt_mirror=Decrypt Mirror
 enable=Enable
 forward=Forward
 decrypt_mirror_enable_on=if the enable option value is '1', the Mirror profile is needed
 ssl_ver_mirror_client_on=if the mirror client option value is '1', the min SSL version and the max SSL version will be ignored
--- a/src/main/resources/messages/message_ru.properties
+++ b/src/main/resources/messages/message_ru.properties
@@ -1544,4 +1544,39 @@ mirror_addr_type=Address Type
 target_name=Target Name
 traffic_mirror_address=Traffic Mirror Address
 content_name=Content Name
-none_profile_tip=Please Choose Profile Info!
+none_profile_tip=Please Choose Profile Info!
 #---------------------------pxy intercept------------------------------------
 min_should_less_than_max=The min SSL version should less than the max SSL version
 exclusions_ev_cert=Exclusion EV Cert
 exclusions_cert_transparency=Exclusion Cert Transparency
 exclusions_client_cert_req=Exclusion Client Cert Request
 exclusions_pinning=Exclusion Pinning
 cert_verify_approach_cn=Approach CN
 cert_verify_approach_issuer=Approach Issuer
 cert_verify_approach_self_signed=Approach Self Signed
 cert_verify_approach_expiration=Approach Expiration
 cert_verify_approach_fail_method=Fail Method
 ssl_ver_min=Min SSL Version
 ssl_ver_max=Max SSL Version
 ssl_ver_mirror_client=Mirror Client
 decrypt_mirror_enable=Mirror Enable
 decrypt_mirror_mirror_profile=Mirror Profile
 exclusions=Exclusions
 ev_cert=EV Cert
 cert_transparency=Cert Transparency
 client_cert_req=Client Cert Request
 pinning=Pinning
 cn=CN
 self_signed=Self Signed
 expiration=Expiration
 approach=Approach
 cert_verify=Cert Verify
 ssl_version=SSL Version
 mirror_client=Mirror Client
 min=Min
 max=Max
 decrypt_mirror=Decrypt Mirror
 enable=Enable
 forward=Forward
 decrypt_mirror_enable_on=if the enable option value is '1', the Mirror profile is needed
 ssl_ver_mirror_client_on=if the mirror client option value is '1', the min SSL version and the max SSL version will be ignored
--- a/src/main/resources/messages/message_zh_CN.properties
+++ b/src/main/resources/messages/message_zh_CN.properties
@@ -1542,4 +1542,39 @@ mirror_addr_type=\u76EE\u6807\u6807\u8BC6\u7C7B\u578B
 target_name=\u76EE\u6807\u540D\u79F0
 traffic_mirror_address=\u6D41\u91CF\u8F6C\u53D1\u76EE\u7684\u5730\u5740
 content_name=\u5185\u5BB9\u540D\u79F0
-none_profile_tip=Please Choose Profile Info!
+none_profile_tip=Please Choose Profile Info!
 #---------------------------pxy intercept------------------------------------
 min_should_less_than_max=\u6700\u5C0FSSL\u7248\u672C\u5E94\u5C0F\u4E8E\u6700\u5927SSL\u7248\u672C
 exclusions_ev_cert=\u6392\u9664EV\u8BC1\u4E66
 exclusions_cert_transparency=\u6392\u9664\u8BC1\u4E66\u900F\u660E
 exclusions_client_cert_req=\u6392\u9664\u5BA2\u6237\u7AEF\u8BC1\u4E66\u8BF7\u6C42
 exclusions_pinning=\u6392\u9664Pinning
 cert_verify_approach_cn=\u63A5\u8FD1CN
 cert_verify_approach_issuer=\u63A5\u8FD1\u53D1\u5E03\u8005
 cert_verify_approach_self_signed=\u63A5\u8FD1\u81EA\u7B7E\u540D
 cert_verify_approach_expiration=\u63A5\u8FD1\u8FC7\u671F
 cert_verify_fail_method=\u5931\u8D25\u65B9\u6CD5
 ssl_ver_min=\u6700\u5C0FSSL\u7248\u672C
 ssl_ver_max=\u6700\u5927SSL\u7248\u672C
 ssl_ver_mirror_client=\u955C\u50CF\u5BA2\u6237\u7AEF
 decrypt_mirror_enable=\u542F\u7528\u955C\u50CF
 decrypt_mirror_mirror_profile=\u955C\u50CF\u6982\u8981
 exclusions=\u6392\u9664
 ev_cert=EV\u8BC1\u4E66
 cert_transparency=\u8BC1\u4E66\u900F\u660E
 client_cert_req=\u5BA2\u6237\u7AEF\u8BC1\u4E66\u8BF7\u6C42
 pinning=Pinning
 cn=CN
 self_signed=\u81EA\u7B7E\u540D
 expiration=\u8FC7\u671F
 approach=\u63A5\u8FD1
 cert_verify=\u8BC1\u4E66\u9A8C\u8BC1
 ssl_version=SSL\u7248\u672C
 mirror_client=\u955C\u50CF\u5BA2\u6237\u7AEF
 min=\u6700\u5C0F
 max=\u6700\u5927
 decrypt_mirror=\u89E3\u5BC6\u955C\u50CF
 enable=\u542F\u7528
 forward=Forward
 decrypt_mirror_enable_on=\u5982\u679C\u542F\u52A8\u9009\u9879\u7684\u503C\u662F1\uFF0C\u5219\u955C\u50CF\u6587\u4EF6\u9009\u9879\u9700\u8981\u9009\u62E9
 ssl_ver_mirror_client_on=\u5982\u679C\u955C\u50CF\u5BA2\u6237\u7AEF\u9009\u9879\u7684\u503C\u662F1\uFF0C\u5219\u6700\u5927\u6700\u5C0FSSL\u7248\u672C\u53F7\u4F1A\u88AB\u5FFD\u7565
--- a/src/main/resources/service/service_config.xml
+++ b/src/main/resources/service/service_config.xml
@@ -271,10 +271,11 @@
 	<service id="512" functionId="200" serviceType="1" tableName="cfg_index_info" className="CfgIndexInfo" desc="拦截监测">
    	<serviceCfg cfgType="1" tableName="ip_port_cfg" ></serviceCfg>
    	<serviceCfg cfgType="2" tableName=" http_url_cfg" ></serviceCfg>
-    	<userRegion regionKey="keyring_id" regionColumn="userRegion1" userRegionPosition="0" ></userRegion>
+    	<!-- <userRegion regionKey="keyring_id" regionColumn="userRegion1" userRegionPosition="0" ></userRegion>
    	<userRegion regionKey="DOMAIN_ID" regionColumn="compileId"   userRegionPosition="0"></userRegion>
    	<userRegion regionKey="DOMAIN_STR" regionColumn="cfgKeywords"  userRegionPosition="0"></userRegion>
-    	<userRegion regionKey="DOMAIN_INTENSITY" regionColumn="userRegion5" userRegionPosition="0"></userRegion>
+    	<userRegion regionKey="DOMAIN_INTENSITY" regionColumn="userRegion5" userRegionPosition="0"></userRegion> -->
    	<userRegion regionKey="" regionColumn="userRegion1" userRegionPosition="0" ></userRegion>
 	</service>
 	<!-- <service id="513" functionId="201" serviceType="1" tableName="cfg_index_info" className="CfgIndexInfo" desc="域名拦截监测">
    	<serviceCfg cfgType="2" tableName="http_url_cfg" ></serviceCfg>
--- a/src/main/resources/sql/20190521/intercept_policy.sql
+++ b/src/main/resources/sql/20190521/intercept_policy.sql
@@ -0,0 +1,14 @@
 #fail method字典
 INSERT INTO `sys_data_dictionary_name`(`id`, `module_name`, `mark`, `remark`, `revision`, `create_time`, `modify_time`, `status`) VALUES (154, 'fail_method', 'FAIL_METHOD', '用于代理拦截策略', NULL, '2019-05-09 11:01:16', '2019-05-09 11:01:21', 1);
 INSERT INTO `sys_data_dictionary_item`(`id`, `item_code`, `item_value`, `item_desc`, `item_sort`, `status`, `type`, `dictionary_id`) VALUES (4096, 'pass-through', 'Pass-Through', '默认', 1, 1, 1, 154);
 INSERT INTO `sys_data_dictionary_item`(`id`, `item_code`, `item_value`, `item_desc`, `item_sort`, `status`, `type`, `dictionary_id`) VALUES (4097, 'fail-close', 'Fail-Close', NULL, 2, 1, 1, 154);
 INSERT INTO `sys_data_dictionary_item`(`id`, `item_code`, `item_value`, `item_desc`, `item_sort`, `status`, `type`, `dictionary_id`) VALUES (4098, 'ignore', 'Ignore', NULL, 3, 1, 1, 154);
 #SSL version字典
 INSERT INTO `sys_data_dictionary_name`(`id`, `module_name`, `mark`, `remark`, `revision`, `create_time`, `modify_time`, `status`) VALUES (155, 'SSL_VERSION', 'SSL_VERSION', '用于代理拦截策略，SSL版本', NULL, '2019-05-09 11:50:43', '2019-05-09 11:50:46', 1);
 INSERT INTO `sys_data_dictionary_item`(`id`, `item_code`, `item_value`, `item_desc`, `item_sort`, `status`, `type`, `dictionary_id`) VALUES (4099, 'ssl3', 'SSLv3', 'min default', 1, 1, 1, 155);
 INSERT INTO `sys_data_dictionary_item`(`id`, `item_code`, `item_value`, `item_desc`, `item_sort`, `status`, `type`, `dictionary_id`) VALUES (4100, 'tls10', 'TLSv1.0', NULL, 2, 1, 1, 155);
 INSERT INTO `sys_data_dictionary_item`(`id`, `item_code`, `item_value`, `item_desc`, `item_sort`, `status`, `type`, `dictionary_id`) VALUES (4101, 'tls11', 'TLSv1.1', NULL, 3, 1, 1, 155);
 INSERT INTO `sys_data_dictionary_item`(`id`, `item_code`, `item_value`, `item_desc`, `item_sort`, `status`, `type`, `dictionary_id`) VALUES (4102, 'tls12', 'TLSv1.2', NULL, 4, 1, 1, 155);
 INSERT INTO `sys_data_dictionary_item`(`id`, `item_code`, `item_value`, `item_desc`, `item_sort`, `status`, `type`, `dictionary_id`) VALUES (4103, 'tls13', 'TLSv1.3', 'max default', 5, 1, 1, 155);
--- a/src/main/webapp/WEB-INF/views/cfg/complexCfgForm.jsp
+++ b/src/main/webapp/WEB-INF/views/cfg/complexCfgForm.jsp
@@ -113,7 +113,7 @@
 		</div>
 	</div>
 	<!-- 域名拦截增加拦截强度 -->
-	<c:if test="${_cfg.functionId eq 200}">
+	<%-- <c:if test="${_cfg.functionId eq 200}">
 		<div class="col-md-6 hidden intensity">
 			<div class="form-group">
 				<label class="control-label col-md-3"><font color="red">*</font>
@@ -130,7 +130,7 @@
 				<div for="userRegion5"></div>
 			</div>
 		</div>
-	</c:if>
+	</c:if> --%>
 </div>
 <c:if test="${serviceId eq 1025}">
 	<div class="row L3_header hidden">
--- a/src/main/webapp/WEB-INF/views/cfg/intercept/interceptForm.jsp
+++ b/src/main/webapp/WEB-INF/views/cfg/intercept/interceptForm.jsp
@@ -8,12 +8,54 @@
 .boxSolid {
 	border: 1px solid #eeeeee
 }
 fieldset{padding:.35em .625em .75em;margin:0 2px;border:1px solid silver}
 legend{padding:.5em;border:0;width:auto;font-family: "Open Sans", sans-serif;color: #333333;background: #e7ecf1;margin: 12px 0px 14px 0px;font-weight: 300;padding:5px}
 .switch{
 	 border-collapse: collapse;
 }
 </style>
 <script type="text/javascript">
 	$(document)
 			.ready(
 					function() {
-						
+						$(".switch").bootstrapSwitch({
 							/* onText:"<spring:message code='ON'/>",
 							offText:"<spring:message code='OFF'/>", */
 							onColor:"info",
 							offColor:"default",
 							size:"small",
 							onInit: function() {
 								if($(this).val()==''){
 									$(this).val(0);
 								}
 							},
 							onSwitchChange:function(event,state){
 								if(state==true){
 									$(this).val("1");
 									if($(this).attr("id")=="approach"){
 										$(".approach").removeClass("hidden");
 									}
 									if($(this).attr("id")=="mirror_client"){
 										$(".ssl_version").addClass("hidden");
 									}
 									if($(this).attr("id")=="enable"){
 										$(".mirror_profile").removeClass("hidden");
 									}
 								}else{
 									$(this).val("0");
 									if($(this).attr("id")=="approach"){
 										$(".approach").addClass("hidden");
 									}
 									if($(this).attr("id")=="mirror_client"){
 										$(".ssl_version").removeClass("hidden");
 									}
 									if($(this).attr("id")=="enable"){
 										$(".mirror_profile").addClass("hidden");
 									}
 								}
 							}
 						});
 						$(".action").on("change", function() {
 								 switchAction($("input[name=action]:checked").val());
 							   	//拦截根据action切换动作部分
@@ -30,7 +72,7 @@
 						$(".ratelimitAction").find("input[name='userRegion1']").on("change",function(){
 							switchRateLimitType();
 						});
-						$(".monitAction").find("select[name='userRegion1']").on("change",function(){
+						$(".monitAction").find("select[name='keyring']").on("change",function(){
 							selectCert(this);
 						});
 						selectCert();
@@ -49,7 +91,10 @@
 									submitHandler : function(form) {
 										var flag = true;
 										var actionValue=$("input[name=action]:checked").val();
-										
+										//将拦截策略checkbox选中
 										/* $(".userregion:visible").find(":not(checked)").each(function(){
 											$(this).attr("checked",true);
 										}); */
 										//代表所有业务都隐藏了，提示必须增加一种业务数据
@@ -89,14 +134,14 @@
 											$(".disabled").each(function(){
 												$(this).remove();
 											});
-											$("input[name$='exprType']").attr("disabled",false);
+											
-											var action=$("input[name='action']:checked").val();
+											$("input[name$='exprType']").attr("disabled",false);							
-											if(action==1){ //监测 
+											if(actionValue==1){ //监测 
 												$(".ratelimitAction").find("input[name^='userRegion'],select[name^='userRegion']").attr("disabled",true);
 												$(".replaceAction").find("input[name^='userRegion'],select[name^='userRegion']").attr("disabled",true);
 												$(".whiteListAction").find("input[name^='userRegion'],select[name^='userRegion']").attr("disabled",true);
 												$(".spoofingAction").find("input[name^='userRegion'],select[name^='userRegion']").attr("disabled",true);
-											}else if(action==64){//限速
+											}else if(actionValue==64){//限速
 												$(".monitAction").find("input[name^='userRegion'],select[name^='userRegion']").attr("disabled",true);
 												$(".replaceAction").find("input[name^='userRegion'],select[name^='userRegion']").attr("disabled",true);
 												$(".whiteListAction").find("input[name^='userRegion'],select[name^='userRegion']").attr("disabled",true);
@@ -108,12 +153,12 @@
 												if(rateLimitType == 1){//带宽
 													$(".droprate").find("select[name='userRegion2']").attr("disabled",true);
 												}
-											}else if(action==80){//替换
+											}else if(actionValue==80){//替换
 												$(".monitAction").find("input[name^='userRegion'],select[name^='userRegion']").attr("disabled",true);
 												$(".ratelimitAction").find("input[name^='userRegion'],select[name^='userRegion']").attr("disabled",true);
 												$(".whiteListAction").find("input[name^='userRegion'],select[name^='userRegion']").attr("disabled",true);
 												$(".spoofingAction").find("input[name^='userRegion'],select[name^='userRegion']").attr("disabled",true);
-											}else if(action==48){//IP仿冒业务
+											}else if(actionValue==48){//IP仿冒业务
 												$(".monitAction").find("input[name^='userRegion'],select[name^='userRegion']").attr("disabled",true);
 												$(".ratelimitAction").find("input[name^='userRegion'],select[name^='userRegion']").attr("disabled",true);
 												$(".whiteListAction").find("input[name^='userRegion'],select[name^='userRegion']").attr("disabled",true);
@@ -124,6 +169,13 @@
 												$(".replaceAction").find("input[name^='userRegion'],select[name^='userRegion']").attr("disabled",true);
 												$(".spoofingAction").find("input[name^='userRegion'],select[name^='userRegion']").attr("disabled",true);
 											}
 											//处理action parameter
 											/* $(".userRegion").each(function(){
 												$(this).attr("name","userRegion['"+$(this).attr("id")+"']");
 												if($(this).is(":checkbox") && $(this).hasClass("switch")){
 													$(this).attr("checked","checked");
 												}
 											}); */
 											loading('onloading...');
 											form.submit();
 										}else{
@@ -137,7 +189,6 @@
 						/* $("span[title='add']").on("click", function() {
 							$(".ipPort0").removeClass("hidden");
 						}); */
 					});
 	//限流方式
@@ -183,11 +234,11 @@
 	}
 	//实体证书提示域名信息
 	var selectCert=function(){
-		var cert=$(".monitAction").find("select[name='userRegion1']").val();
+		var cert=$(".monitAction").find("select[name='keyring']").val();
-		var keyringType=$(".monitAction").find("select[name='userRegion1']").find("option[value='"+cert+"']").attr("keyringType");
+		var keyringType=$(".monitAction").find("select[name='keyring']").find("option[value='"+cert+"']").attr("keyringType");
 		if(cert != '' && keyringType == 'end-entity'){
-			var san=$(".monitAction").find("select[name='userRegion1']").find("option[value='"+cert+"']").attr("san");
+			var san=$(".monitAction").find("select[name='keyring']").find("option[value='"+cert+"']").attr("san");
-			var cn=$(".monitAction").find("select[name='userRegion1']").find("option[value='"+cert+"']").attr("cn");
+			var cn=$(".monitAction").find("select[name='keyring']").find("option[value='"+cert+"']").attr("cn");
 			if(san.indexOf(cn) > -1){
 				$("#certDomain").attr("title",san);
 			}else{
@@ -204,8 +255,8 @@
 			var serviceType=$(inputObj).attr("serviceType");
 			var prefixName=$(inputObj).attr("name").split("cfgRegionCode")[0];
 			//var matchMethod=$("select[name='"+prefixName+"matchMethod']").val();
-			var cert=$(".monitAction").find("select[name='userRegion1']").val();
+			var cert=$(".monitAction").find("select[name='keyring']").val();
-			var keyringType=$(".monitAction").find("select[name='userRegion1']").find("option[value='"+cert+"']").attr("keyringType");
+			var keyringType=$(".monitAction").find("select[name='keyring']").find("option[value='"+cert+"']").attr("keyringType");
 			if(cert != '' && keyringType == 'end-entity'){
 				var domainDiv = $(inputObj).parent(".intercept_domain_div").is(':hidden');
@@ -213,10 +264,10 @@
 					top.$.jBox.tip("<spring:message code='intercep_domain_required_tip'/>", "<spring:message code='info'/>");
 					return false;
 				}
-				var cn=$(".monitAction").find("select[name='userRegion1']").find("option[value='"+cert+"']").attr("cn");
+				var cn=$(".monitAction").find("select[name='keyring']").find("option[value='"+cert+"']").attr("cn");
 				if(cn !='' && cn != null){
 					var cnReg = new RegExp('^(?=^.{3,255}$)[a-zA-Z0-9][-a-zA-Z0-9]{0,62}(\\'+cn.replace("*","")+')+$');
-					var san=$(".monitAction").find("select[name='userRegion1']").find("option[value='"+cert+"']").attr("san");
+					var san=$(".monitAction").find("select[name='keyring']").find("option[value='"+cert+"']").attr("san");
 					if(san != null && san !=''){
 						//$(".intercept_domain_div").each(function(){
 							if(serviceType == "intercept_domain"){
@@ -500,9 +551,7 @@
 							<input type="hidden" name="isValid" value="${_cfg.isValid}">
 							<input type="hidden" name="isAudit" value="${_cfg.isAudit}">
 							<!-- <input type="hidden" id="doLog" name="doLog" value="2"> -->
 							<div class="form-body">
 								<div class="row">
 									<div class="col-md-6">
 										<div class="form-group">
@@ -531,7 +580,7 @@
 																<c:if test="${_cfg.action==service.action || (_cfg.action==null && satus.index==0)}">checked</c:if>>
 																<c:forEach items="${fns:getDictList('SERVICE_ACTION') }" var="dict">
 																	<c:if test="${(dict.itemCode eq service.action) && (service.action eq 1) }">
-																			<spring:message code="intercept"/>
+																			<spring:message code="forward"/>
 																	</c:if>
 																	<c:if test="${(dict.itemCode eq service.action) && (service.action eq 128) }">
 																			<spring:message code="bypass"/>
@@ -577,39 +626,287 @@
 								<!-- dolog end-->
 								<%--   action 为1 监测时 可以选择证书--%>
-								<div class="row monitAction hidden">
+								<h4 class="form-section monitAction">
 								<h4 class="form-section">
 											<spring:message code="action_region" />
 											<small></small>
-										</h4>
+								</h4>
-									<div class="col-md-6">
+								<fieldset class="monitAction hidden">
-										<div class="form-group">
+									<legend><spring:message code="intercept_file_strategy" /></legend>
-											<label class="control-label col-md-3"><spring:message
+									<div class="row">
-													code="intercept_file_strategy" /></label>
+										<div class="col-md-6">
-											<div class="col-md-6">
+											<div class="form-group">
-												<select name="userRegion1" class="selectpicker show-tick form-control">
+												<label class="control-label col-md-3"><spring:message
-													<option value="" <c:if test="${empty _cfg.userRegion1}">selected</c:if> ><spring:message code="selected"/></option>
+														code="intercept_file_strategy" /></label>
-													<c:forEach items="${certificateList}" var="certificate">
+												<div class="col-md-6">
-														<option value="${certificate.compileId}" 
+													<select name="keyring" class="selectpicker show-tick form-control">
-															cn="${certificate.cn}"
+														<option value="" <c:if test="${empty _cfg.userRegion.keyring}">selected</c:if> ><spring:message code="selected"/></option>
-															san="${certificate.altName}"
+														<c:forEach items="${certificateList}" var="certificate">
-															keyringType="${certificate.keyringType}"
+															<option value="${certificate.compileId}" 
-															<c:if test="${_cfg.userRegion1 eq fn:trim(certificate.compileId)}">
+																cn="${certificate.cn}"
-															selected
+																san="${certificate.altName}"
-															</c:if>
+																keyringType="${certificate.keyringType}"
-															>
+																<c:if test="${_cfg.userRegion.keyring eq fn:trim(certificate.compileId)}">
-															${certificate.cfgDesc}
+																selected
-														</option>
+																</c:if>
-														
+																>
-													</c:forEach>
+																${certificate.cfgDesc}
-								                </select>
+															</option>
 														</c:forEach>
 									                </select>
 												</div>
 												&nbsp;<span id="certDomain" title="" 
 								            class="hidden" data-icon="&#xe08b;" style="cursor:default"></span>
 												 <div for="keyring"></div>
 											</div>
 										</div>
 								</div>
 								</fieldset>
 								<br>
 								<fieldset class="monitAction hidden">
 									<legend><spring:message code="exclusions" /></legend>
 									<div class="row">
 										<div class="col-md-6">
 											<div class="form-group">
 												<label class="control-label col-md-3">
 														<spring:message code="ev_cert" />
 												</label>
 												<div class="col-md-6">
 													<div class="bootstrap-switch">
 									            		<input type="checkbox"   id="ev_cert" name="ev_cert" class="switch userRegion" 
 									            		value="${_cfg.cfgId eq null?0:_cfg.userRegion.exclusions.ev_cert }"  <c:if test="${ _cfg.userRegion.exclusions.ev_cert eq 1}">checked</c:if>/>
 									            	</div>
 												</div>
 												<div for="ev_cert"></div>
 											</div>
 										</div>
 										<div class="col-md-6">
 											<div class="form-group">
 												<label class="control-label col-md-3">
 														<spring:message code="cert_transparency" />
 												</label>
 												<div class="col-md-6">
 													<div class="bootstrap-switch">
 									            		<input type="checkbox"   id="cert_transparency" name="cert_transparency" class="switch userRegion" 
 									            		value="${_cfg.cfgId eq null?0:_cfg.userRegion.exclusions.cert_transparency }"  <c:if test="${_cfg.userRegion.exclusions.cert_transparency eq 1}">checked</c:if>/>
 									            	</div>
 												</div>
 												<div for="cert_transparency"></div>
 											</div>
 											&nbsp;<span id="certDomain" title="" 
 							            class="hidden" data-icon="&#xe08b;" style="cursor:default"></span>
 											 <div for="userRegion1"></div>
 										</div>
 									</div>
-								</div>
+									<div class="row">
 										<div class="col-md-6">
 											<div class="form-group">
 												<label class="control-label col-md-3">
 														<spring:message code="client_cert_req" />
 												</label>
 												<div class="col-md-6">
 													<div class="bootstrap-switch">
 									            		<input type="checkbox"   id="client_cert_req" name="client_cert_req" class="switch userRegion" 
 									            		value="${_cfg.cfgId eq null?1:_cfg.userRegion.exclusions.client_cert_req }"  <c:if test="${_cfg.cfgId eq null or _cfg.userRegion.exclusions.client_cert_req eq 1}">checked</c:if>/>
 									            	</div>
 												</div>
 												<div for="client_cert_req"></div>
 											</div>
 										</div>
 										<div class="col-md-6">
 											<div class="form-group">
 												<label class="control-label col-md-3">
 														<spring:message code="pinning" />
 												</label>
 												<div class="col-md-6">
 													<div class="bootstrap-switch">
 									            		<input type="checkbox"   id="pinning" name="pinning" class="switch userRegion" 
 									            		value="${_cfg.cfgId eq null?1:_cfg.userRegion.exclusions.pinning }"  <c:if test="${_cfg.cfgId eq null or _cfg.userRegion.exclusions.pinning eq 1}">checked</c:if>/>
 									            	</div>
 												</div>
 												<div for="pinning"></div>
 											</div>
 										</div>
 									</div>
 								</fieldset>
 								<br/>
 								<fieldset class="monitAction hidden">
 									<legend><spring:message code="cert_verify" /></legend>
 									<div class="panel panel-default">
 										<div class="panel-heading">
 											<h3 class="panel-title">
 												<spring:message code="approach" />
 											</h3>
 										</div>
 										<div class="panel-body">
 											<div class="row approach">
 											<div class="col-md-6">
 												<div class="form-group">
 													<label class="control-label col-md-3">
 															<spring:message code="cn" />
 													</label>
 													<div class="col-md-6">
 														<div class="bootstrap-switch">
 										            		<input type="checkbox"   id="ev_cert" name="cn" class="switch userRegion" 
 										            		value="${_cfg.cfgId eq null?1:_cfg.userRegion.cert_verify.approach.cn }"  <c:if test="${_cfg.cfgId eq null or _cfg.userRegion.cert_verify.approach.cn eq 1}">checked</c:if>/>
 										            	</div>
 													</div>
 													<div for="cn"></div>
 												</div>
 											</div>
 											<div class="col-md-6">
 												<div class="form-group">
 													<label class="control-label col-md-3">
 															<spring:message code="issuer" />
 													</label>
 													<div class="col-md-6">
 														<div class="bootstrap-switch">
 										            		<input type="checkbox"   id="issuer" name="issuer" class="switch userRegion" 
 										            		value="${_cfg.cfgId eq null?1:_cfg.userRegion.cert_verify.approach.issuer }"  <c:if test="${_cfg.cfgId eq null or _cfg.userRegion.cert_verify.approach.issuer eq 1}">checked</c:if>/>
 										            	</div>
 													</div>
 													<div for="issuer"></div>
 												</div>
 											</div>
 										</div>
 										<div class="row approach">
 											<div class="col-md-6">
 												<div class="form-group">
 													<label class="control-label col-md-3">
 															<spring:message code="self_signed" />
 													</label>
 													<div class="col-md-6">
 														<div class="bootstrap-switch">
 										            		<input type="checkbox"   id="self-signed" name="self-signed" class="switch userRegion" 
 										            		value="${_cfg.cfgId eq null?1:_cfg.userRegion.cert_verify.approach['self-signed'] }"  <c:if test="${_cfg.cfgId eq null or _cfg.userRegion.cert_verify.approach['self-signed'] eq 1}">checked</c:if>/>
 										            	</div>
 													</div>
 													<div for="self-signed"></div>
 												</div>
 											</div>
 											<div class="col-md-6">
 												<div class="form-group">
 													<label class="control-label col-md-3">
 															<spring:message code="expiration" />
 													</label>
 													<div class="col-md-6">
 														<div class="bootstrap-switch">
 										            		<input type="checkbox"   id="expiration" name="expiration" class="switch userRegion" 
 										            		value="${_cfg.cfgId eq null?1:_cfg.userRegion.cert_verify.approach.expiration }"  <c:if test="${_cfg.cfgId eq null or _cfg.userRegion.cert_verify.approach.expiration eq 1}">checked</c:if>/>
 										            	</div>
 													</div>
 													<div for="expiration"></div>
 												</div>
 											</div>
 										</div>
 										</div>
 									</div>
 									<%-- <fieldset>
 										<legend><spring:message code="approach" />
 										</legend> --%>
 									<!-- </fieldset><br/> -->
 									<div class="row">
 										<div class="col-md-6">
 								        <div class="form-group ">
 								            <label class="control-label col-md-3"><spring:message code="cert_verify_fail_method"/></label>
 								            <div class="col-md-6">
 								            	<select id="fail_method" name="fail_method" data-live-search="true" class="selectpicker form-control required">
 													<c:forEach items="${fns:getDictList('FAIL_METHOD')}" var="dictC">
 														<option value="${dictC.itemCode}" <c:if test="${(_cfg.userRegion.cert_verify.fail_method eq null and dictC.itemCode eq 'pass-through') or (_cfg.userRegion.cert_verify.fail_method eq dictC.itemCode)}">selected</c:if>><spring:message code="${dictC.itemValue}"/></option>
 													</c:forEach>
 												</select>
 								            </div>
 								            <div for="fail_method"></div>
 								        </div>
 							   		 </div>
 									</div>
 								</fieldset>
 								<br>
 								<fieldset class="monitAction hidden">
 									<legend><spring:message code="ssl_version" /></legend>
 									<div class="row">
 										<div class="col-md-6">
 											<div class="form-group">
 												<label class="control-label col-md-3">
 														<spring:message code="mirror_client" />
 												</label>
 												<div class="col-md-6">
 													<div class="bootstrap-switch">
 									            		<input type="checkbox"   id="mirror_client" name="mirror_client" class="switch userRegion" 
 									            		value="${_cfg.userRegion.ssl_ver.mirror_client }"  <c:if test="${_cfg.userRegion.ssl_ver.mirror_client eq 1}">checked</c:if>/>
 									            	</div>
 												</div>
 												<div for="mirror_client"></div>
 											</div>
 										</div>
 									</div>
 									<div class="row ssl_version <c:if test="${_cfg.userRegion.ssl_ver.mirror_client eq 1}">hidden</c:if>">
 										<div class="col-md-6">
 											<div class="form-group">
 												<label class="control-label col-md-3">
 														<spring:message code="min" />
 												</label>
 												<div class="col-md-6">
 									            	<select id="min" name="min" class="selectpicker form-control sslVersionCheck">
 														<c:forEach items="${fns:getDictList('SSL_VERSION')}" var="dictC">
 															<option value="${dictC.itemCode}" data-sort="${dictC.itemSort}" <c:if test="${((_cfg.userRegion.ssl_ver.min eq null) and(dictC.itemCode eq 'ssl3'))or (_cfg.userRegion.ssl_ver.min eq dictC.itemCode)}">selected</c:if>><spring:message code="${dictC.itemValue}"/></option>
 														</c:forEach>
 													</select>
 								            	</div>
 												<div for="min"></div>
 											</div>
 										</div>
 										<div class="col-md-6">
 											<div class="form-group">
 												<label class="control-label col-md-3">
 														<spring:message code="max" />
 												</label>
 												<div class="col-md-6">
 									            	<select id="max" name="max" class="selectpicker form-control sslVersionCheck">
 														<c:forEach items="${fns:getDictList('SSL_VERSION')}" var="dictC">
 															<option value="${dictC.itemCode}" data-sort="${dictC.itemSort}" <c:if test="${((_cfg.userRegion.ssl_ver.max eq null) and(dictC.itemCode eq 'tls13'))or (_cfg.userRegion.ssl_ver.max eq dictC.itemCode)}">selected</c:if>><spring:message code="${dictC.itemValue}"/></option>
 														</c:forEach>
 													</select>
 								            	</div>
 												<div for="max"></div>
 											</div>
 										</div>
 									</div>
 								</fieldset>
 								<br>
 								<fieldset class="monitAction hidden">
 									<legend><spring:message code="decrypt_mirror" /></legend>
 									<div class="row">
 										<div class="col-md-6">
 											<div class="form-group">
 												<label class="control-label col-md-3">
 														<spring:message code="enable" />
 												</label>
 												<div class="col-md-6">
 													<div class="bootstrap-switch">
 									            		<input type="checkbox"   id="enable" name="enable" class="switch userRegion" 
 									            		value="${_cfg.userRegion.decrypt_mirror.enable }"  <c:if test="${_cfg.userRegion.decrypt_mirror.enable eq 1}">checked</c:if>/>
 									            	</div>
 												</div>
 												<div for="enable"></div>
 											</div>
 										</div>
 										<div class="col-md-6 mirror_profile <c:if test="${_cfg.userRegion.decrypt_mirror.enable ne 1}">hidden</c:if>">
 											<div class="form-group">
 												<label class="control-label col-md-3">
 														<font color="red">*</font><spring:message code="decrypt_mirror_mirror_profile" />
 												</label>
 												<div class="col-md-6">
 									            	<select id="mirror_profile" name="mirror_profile" data-live-search="true" class="selectpicker form-control required">
 														<option value="" ><spring:message code="selected"/></option>
 														<c:forEach items="${mirrorProfiles}" var="dictC">
 															<option value="${dictC.compileId}" <c:if test="${_cfg.userRegion.decrypt_mirror.mirror_profile eq dictC.compileId}">selected</c:if>><spring:message code="${dictC.cfgDesc}"/></option>
 														</c:forEach>
 													</select>
 								            	</div>
 												<div for="mirror_profile"></div>
 											</div>
 										</div>
 									</div>
 								</fieldset>
 								<%--   action 为64 限速时 --%>
 								<div class="row ratelimitAction hidden">
 								<h4 class="form-section">
--- a/src/main/webapp/WEB-INF/views/cfg/intercept/interceptList.jsp
+++ b/src/main/webapp/WEB-INF/views/cfg/intercept/interceptList.jsp
@@ -90,6 +90,65 @@
 				$("#exportValue").val($("#intype").val());
 		  } 
 		}
 		var keyringArr=[],mirrorProfileArr=[];
 		$("td[userregion]").each(function(){
 			var userregion=$(this).attr("userregion")
 			if(userregion.length>0&&userregion.indexOf("{")==0){
 				var jsonObj=JSON.parse(userregion);
 				var obj=$(this);
 				$(obj).parent().find("td[data-column='keyring']").text(jsonObj.keyring==0?"":jsonObj.keyring);
 				if(jsonObj.keyring){
 					keyringArr.push(jsonObj.keyring);
 				}
 				$(obj).parent().find("td[data-column='ev_cert']").text(jsonObj.exclusions.ev_cert==1?"<spring:message code='yes'/>":"<spring:message code='no'/>");
 				$(obj).parent().find("td[data-column='cert_transparency']").text(jsonObj.exclusions.cert_transparency==1?"<spring:message code='yes'/>":"<spring:message code='no'/>");
 				$(obj).parent().find("td[data-column='client_cert_req']").text(jsonObj.exclusions.client_cert_req==1?"<spring:message code='yes'/>":"<spring:message code='no'/>");
 				$(obj).parent().find("td[data-column='pinning']").text(jsonObj.exclusions.pinning==1?"<spring:message code='yes'/>":"<spring:message code='no'/>");
 				$(obj).parent().find("td[data-column='cn']").text(jsonObj.cert_verify.approach.cn==1?"<spring:message code='yes'/>":"<spring:message code='no'/>");
 				$(obj).parent().find("td[data-column='issuer']").text(jsonObj.cert_verify.approach.issuer==1?"<spring:message code='yes'/>":"<spring:message code='no'/>");
 				$(obj).parent().find("td[data-column='self-signed']").text(jsonObj.cert_verify.approach['self-signed']==1?"<spring:message code='yes'/>":"<spring:message code='no'/>");
 				$(obj).parent().find("td[data-column='expiration']").text(jsonObj.cert_verify.approach.expiration==1?"<spring:message code='yes'/>":"<spring:message code='no'/>");
 				$("input[name='failMethods']").each(function(){
 					if(jsonObj.cert_verify.fail_method==$(this).data("key")){
 						$(obj).parent().find("td[data-column='fail_method']").text($(this).val());
 					}
 				});
 				$("input[name='sslversions']").each(function(){
 					if(jsonObj.ssl_ver.min==$(this).data("key")){
 						$(obj).parent().find("td[data-column='min']").text($(this).val());
 					}
 					if(jsonObj.ssl_ver.max==$(this).data("key")){
 						$(obj).parent().find("td[data-column='max']").text($(this).val());
 					}
 				});
 				$(obj).parent().find("td[data-column='mirror_client']").text(jsonObj.ssl_ver.mirror_client==1?"<spring:message code='yes'/>":"<spring:message code='no'/>");
 				$(obj).parent().find("td[data-column='enable']").text(jsonObj.decrypt_mirror.enable==1?"<spring:message code='yes'/>":"<spring:message code='no'/>");
 				$(obj).parent().find("td[data-column='mirror_profile']").text(jsonObj.decrypt_mirror.mirror_profile);
 				if(jsonObj.decrypt_mirror.mirror_profile){
 					mirrorProfileArr.push(jsonObj.decrypt_mirror.mirror_profile);
 				}
 			}
 		});
 		if(keyringArr.length>0||mirrorProfileArr.length>0){
 			$.post("${ctx}/proxy/intercept/ajaxGetValues",{"keyrings":keyringArr.join(','),"mirrorProfiles":mirrorProfileArr.join(',')},function(data){
 				$("td[data-column='keyring']").each(function(){
 					for(var key in data.keyrings){
 						if($(this).text().trim()==key){
 							$(this).text(data.keyrings[key]);
 						}
 					}
 				});
 				$("td[data-column='mirror_profile']").each(function(){
 					for(var key in data.mirrorProfiles){
 						if($(this).text().trim()==key){
 							$(this).text(data.mirrorProfiles[key]);
 						}
 					}
 				});
 			})
 		}
 	}); 
 </script>
@@ -100,6 +159,12 @@
 </c:if>
 <c:if test="${cfg.functionId eq 200}">
 	<c:set var="interceptType" value="Ip"/>
 	<c:forEach items="${fns:getDictList('FAIL_METHOD')}" var="dict">
 		<input type="hidden" name="failMethods" data-key="${dict.itemCode}" value="${dict.itemValue}">
 	</c:forEach>
 	<c:forEach items="${fns:getDictList('SSL_VERSION')}" var="dict">
 		<input type="hidden" name="sslversions" data-key="${dict.itemCode}" value="${dict.itemValue}">
 	</c:forEach>
 </c:if>
 <c:if test="${cfg.functionId eq 201}">
 	<c:set var="interceptType" value="Domain"/>
@@ -389,8 +454,22 @@
 									<c:if test="${cfg.functionId eq 200 }">
 							    		<th column="userregion2" ><spring:message code="ratelimit"/></th>
 							    		<%-- <th column="bandwith" ><spring:message code="bandwith"/></th> --%>
-							    		<th column="userregion1" ><spring:message code="intercept_file_strategy"/></th>
+							    		<%-- <th column="userregion5" ><spring:message code="intercept_intensity"/></th> --%>
-							    		<th column="userregion5" ><spring:message code="intercept_intensity"/></th>
+							    		<th column="pxy_intercept_monit_keyring" ><spring:message code="pxy_intercept_monit_keyring"/></th>
 							    		<th column="exclusions_ev_cert" ><spring:message code="exclusions_ev_cert"/></th>
 							    		<th column="exclusions_cert_transparency" ><spring:message code="exclusions_cert_transparency"/></th>
 							    		<th column="exclusions_client_cert_req" ><spring:message code="exclusions_client_cert_req"/></th>
 							    		<th column="exclusions_pinning" ><spring:message code="exclusions_pinning"/></th>
 							    		<th column="cert_verify_approach_cn" ><spring:message code="cert_verify_approach_cn"/></th>
 							    		<th column="cert_verify_approach_issuer" ><spring:message code="cert_verify_approach_issuer"/></th>
 							    		<th column="cert_verify_approach_self_signed" ><spring:message code="cert_verify_approach_self_signed"/></th>
 							    		<th column="cert_verify_approach_expiration" ><spring:message code="cert_verify_approach_expiration"/></th>
 							    		<th column="cert_verify_fail_method" ><spring:message code="cert_verify_fail_method"/></th>
 							    		<th column="ssl_ver_min" ><spring:message code="ssl_ver_min"/></th>
 							    		<th column="ssl_ver_max" ><spring:message code="ssl_ver_max"/></th>
 							    		<th column="ssl_ver_mirror_client" ><spring:message code="ssl_ver_mirror_client"/></th>
 							    		<th column="decrypt_mirror_enable" ><spring:message code="decrypt_mirror_enable"/></th>
 							    		<th column="decrypt_mirror_mirror_profile" ><spring:message code="decrypt_mirror_mirror_profile"/></th>
 							    	</c:if>
 									<%-- <c:if test="${cfg.functionId eq 200 }">
 							    		<th column="bandwith" ><spring:message code="bandwith"/></th>
@@ -471,22 +550,30 @@
 								    		${indexCfg.userRegion3 }
 								    	</c:if>
 								    </td> --%>
-								    <td>
+								    <%-- <td>
-								    	<c:if test="${indexCfg.action eq 1}">
+										<c:if test="${indexCfg.action eq 1 }">
-								    		<c:forEach items="${certificateList}" var="certificate">
+											<c:forEach items="${fns:getDictList('INTERCEPT_DOMAIN_INTENSITY') }" var="intentsityC">
-												<c:if test="${indexCfg.userRegion1 eq certificate.compileId}">${certificate.cfgDesc}</c:if>
+												<c:if test="${intentsityC.itemCode eq indexCfg.userRegion5 }">
 													<spring:message code="${intentsityC.itemValue }"/>
 												</c:if>
 											</c:forEach>
 										</c:if>
-								    </td>
+									</td> --%>
-								    <td>
+									<td userregion='${indexCfg.userRegion1}' data-column="keyring"></td>
-											<c:if test="${indexCfg.action eq 1 }">
+								    <td data-column="ev_cert" ></td>
-												<c:forEach items="${fns:getDictList('INTERCEPT_DOMAIN_INTENSITY') }" var="intentsityC">
+								    <td data-column="cert_transparency" ></td>
-													<c:if test="${intentsityC.itemCode eq indexCfg.userRegion5 }">
+								    <td data-column="client_cert_req" ></td>
-														<spring:message code="${intentsityC.itemValue }"/>
+								    <td data-column="pinning" ></td>
-													</c:if>
+								    <td data-column="cn" ></td>
-												</c:forEach>
+								    <td data-column="issuer" ></td>
-											</c:if>
+								    <td data-column="self-signed" ></td>
-										</td>
+								    <td data-column="expiration" ></td>
 								    <td data-column="fail_method" ></td>
 								    <td data-column="min" ></td>
 								    <td data-column="max" ></td>
 								    <td data-column="mirror_client" ></td>
 								    <td data-column="enable" ></td>
 								    <td data-column="mirror_profile" ></td>
 								    </c:if>
 									 <%-- <c:if test="${cfg.functionId eq 200 }">
 								    <td>
--- a/src/main/webapp/static/global/plugins/jquery-validation/1.11.0/jquery.validate.method.js
+++ b/src/main/webapp/static/global/plugins/jquery-validation/1.11.0/jquery.validate.method.js
@@ -878,16 +878,16 @@ jQuery.validator.addMethod("noStrategyCheck",function(value,element) {
 	return flag;
 });
 // 代理拦截策略ssl version min小于max校验
-//jQuery.validator.addMethod("sslVersionCheck",function(value,element) {
+jQuery.validator.addMethod("sslVersionCheck",function(value,element) {
-//	var min,max;
+	var min,max;
-//	if($(element).attr("id")=="min"){
+	if($(element).attr("id")=="min"){
-//		min=element,max=$("#max");
+		min=element,max=$("#max");
-//	}else{
+	}else{
-//		max=element,min=$("#min");
+		max=element,min=$("#min");
-//	}
+	}
-//	if($(min).find("option:selected").data("sort")>=$(max).find("option:selected").data("sort")){
+	if($(min).find("option:selected").data("sort")>=$(max).find("option:selected").data("sort")){
-//		return false;
+		return false;
-//	}else{
+	}else{
-//		return true;
+		return true;
-//	}
+	}
-//});
+});
--- a/src/main/webapp/static/global/plugins/jquery-validation/1.11.0/localization/messages_en.js
+++ b/src/main/webapp/static/global/plugins/jquery-validation/1.11.0/localization/messages_en.js
@@ -98,6 +98,7 @@
 		rangeCross0:"The IP {0} must not between {1} and {2}",
 		rangeCross1:"The IP range {0} has intersections with {1}",
 		protectedCfgUnique:"Keyword already exists.",
-		addrList:"Please enter the legitimate targets identification list"
+		addrList:"Please enter the legitimate targets identification list",
 		sslVersionCheck:"Min SSL version should smaller than Max SSL version"
 	});
 }(jQuery));
--- a/src/main/webapp/static/global/plugins/jquery-validation/1.11.0/localization/messages_ru.js
+++ b/src/main/webapp/static/global/plugins/jquery-validation/1.11.0/localization/messages_ru.js
@@ -98,6 +98,7 @@
 		rangeCross0:"IP {0} не должен находиться между {1} и {2}",
 		rangeCross1:"Диапазон IP {0} имеет пересечения с {1}",
 		protectedCfgUnique:"Ключевое слово уже существует.",
-		addrList:"Please enter the legitimate targets identification list"
+		addrList:"Please enter the legitimate targets identification list",
 		sslVersionCheck:"моя версия SSL должны меньше, чем версия SSL, макс"
 	});
 }(jQuery));
--- a/src/main/webapp/static/global/plugins/jquery-validation/1.11.0/localization/messages_zh.js
+++ b/src/main/webapp/static/global/plugins/jquery-validation/1.11.0/localization/messages_zh.js
@@ -98,6 +98,7 @@
 		rangeCross0:"IP{0}不能介于{1}和{2}",
 		rangeCross1:"IP范围{0}和IP范围{1}有交集",
 		protectedCfgUnique:"关键字已存在",
-		addrList:"请输入合法的目标标识列表"
+		addrList:"请输入合法的目标标识列表",
 		sslVersionCheck:"最小SSL协议版本应小于最大SSL协议版本"
 	});
 }(jQuery));