diff --git a/src/main/java/com/nis/domain/configuration/BaseStringCfg.java b/src/main/java/com/nis/domain/configuration/BaseStringCfg.java
index 8796a0613..a75f3405e 100644
--- a/src/main/java/com/nis/domain/configuration/BaseStringCfg.java
+++ b/src/main/java/com/nis/domain/configuration/BaseStringCfg.java
@@ -44,7 +44,6 @@ public class BaseStringCfg<T> extends BaseCfg<T> {
 	protected Integer behavCode;//仅用于copy属性使用
 	protected Integer specServiceId;//仅用于copy属性使用
 	protected String domain;//仅用于copy属性使用
-	
 	public String getDomain() {
 		return domain;
 	}
@@ -251,4 +250,17 @@ public class BaseStringCfg<T> extends BaseCfg<T> {
 	public void setIndex(Integer index) {
 		this.index = index;
 	}
+	public Integer getGroupId() {
+		return groupId;
+	}
+	public void setGroupId(Integer groupId) {
+		this.groupId = groupId;
+	}
+	public Integer getRegionId() {
+		return regionId;
+	}
+	public void setRegionId(Integer regionId) {
+		this.regionId = regionId;
+	}
+	
 }
diff --git a/src/main/java/com/nis/util/excel/ImportBigExcel.java b/src/main/java/com/nis/util/excel/ImportBigExcel.java
index 8bfab75a6..8313a5450 100644
--- a/src/main/java/com/nis/util/excel/ImportBigExcel.java
+++ b/src/main/java/com/nis/util/excel/ImportBigExcel.java
@@ -397,7 +397,7 @@ public class ImportBigExcel extends XLSXCovertCSVReader{
 	 * @throws SAXException 
 	 * @throws ParserConfigurationException 
 	 * @throws OpenXML4JException 
-	 * @throws IOException 
+	 * @throws IOException
 	 */
 	public <E> BlockingQueue<E> getDataList(Class<E> cls) throws InstantiationException, IllegalAccessException, IOException, OpenXML4JException, ParserConfigurationException, SAXException, SQLException{
 		log.warn("start to load data...");
@@ -494,7 +494,7 @@ public class ImportBigExcel extends XLSXCovertCSVReader{
 			log.debug("Read success: ["+i+"] "+sb.toString());
 		}
 		long end=System.currentTimeMillis();
-		log.warn(" load data finish,cost:"+(end-start));
+		log.warn(" load data finish,size:"+_dataList.size()+",cost:"+(end-start));
 		return _dataList;
 	}
 	public File getUploadFile() {
diff --git a/src/main/java/com/nis/util/excel/thread/SaveStringCfgThread.java b/src/main/java/com/nis/util/excel/thread/SaveStringCfgThread.java
new file mode 100644
index 000000000..4c005927e
--- /dev/null
+++ b/src/main/java/com/nis/util/excel/thread/SaveStringCfgThread.java
@@ -0,0 +1,390 @@
+package com.nis.util.excel.thread;
+
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+import java.util.concurrent.BlockingQueue;
+import java.util.concurrent.Callable;
+
+import org.apache.commons.lang3.StringUtils;
+import org.apache.ibatis.session.ExecutorType;
+import org.apache.ibatis.session.SqlSession;
+import org.apache.ibatis.session.SqlSessionFactory;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.BeanUtils;
+import org.springframework.jdbc.datasource.DataSourceTransactionManager;
+import org.springframework.transaction.TransactionDefinition;
+import org.springframework.transaction.TransactionStatus;
+import org.springframework.transaction.support.DefaultTransactionDefinition;
+
+import com.beust.jcommander.internal.Lists;
+import com.nis.domain.FunctionRegionDict;
+import com.nis.domain.FunctionServiceDict;
+import com.nis.domain.configuration.AppDomainCfg;
+import com.nis.domain.configuration.AppPolicyCfg;
+import com.nis.domain.configuration.BaseStringCfg;
+import com.nis.domain.configuration.CfgIndexInfo;
+import com.nis.domain.maat.MaatCfg;
+import com.nis.domain.maat.MaatCfg.DigestCfg;
+import com.nis.domain.maat.MaatCfg.GroupCfg;
+import com.nis.domain.maat.MaatCfg.IpCfg;
+import com.nis.domain.maat.MaatCfg.NumBoundaryCfg;
+import com.nis.domain.maat.MaatCfg.StringCfg;
+import com.nis.domain.maat.ToMaatBean;
+import com.nis.domain.maat.ToMaatResult;
+import com.nis.domain.specific.SpecificServiceCfg;
+import com.nis.exceptions.MaatConvertException;
+import com.nis.util.ConfigServiceUtil;
+import com.nis.util.Constants;
+import com.nis.util.DictUtils;
+import com.nis.util.StringUtil;
+import com.nis.web.dao.configuration.AppCfgDao;
+import com.nis.web.dao.configuration.IpCfgDao;
+import com.nis.web.dao.configuration.StringCfgDao;
+import com.nis.web.security.UserUtils;
+import com.nis.web.service.BaseService;
+import com.nis.web.service.SpringContextHolder;
+
+public class SaveStringCfgThread implements Callable<Throwable>{
+	private Logger logger=LoggerFactory.getLogger(getClass());
+	private BlockingQueue<BaseStringCfg<?>> stringCfgs;
+	private FunctionServiceDict serviceDict;
+	private FunctionRegionDict regionDict;
+	private Integer requestId;
+	private SpecificServiceCfg specificServiceCfg;
+	private String specServiceId;
+	private String behaviorId;
+	private String asnIpGroup;
+	private boolean audit;//是否下发
+	private static final SqlSessionFactory sqlSessionFactory=SpringContextHolder.getBean(SqlSessionFactory.class);
+	public SaveStringCfgThread(FunctionServiceDict serviceDict,FunctionRegionDict regionDict,Integer requestId,BlockingQueue<BaseStringCfg<?>> stringCfgs,boolean audit) {
+		this.serviceDict=serviceDict;
+		this.regionDict=regionDict;
+		this.stringCfgs=stringCfgs;
+		this.requestId=requestId;
+		this.audit=audit;
+	}
+	@Override
+	public Throwable call() {
+		// TODO Auto-generated method stub
+		try {
+			FunctionRegionDict appRegion = null;
+			if(serviceDict!=null) {
+				String regionCode = serviceDict.getRegionCode();
+				for (String code : regionCode.split(",")) {
+					if (StringUtils.isNotBlank(code)) {
+						FunctionRegionDict d = DictUtils.getFunctionRegionDictByRegionCode(serviceDict.getFunctionId(),
+								Integer.parseInt(code));
+						if (d != null && d.getConfigServiceType() != null
+								&& d.getConfigServiceType().equals("app_policy")) {
+							appRegion = d;
+							break;
+						}
+					}
+
+				}
+			}
+			DataSourceTransactionManager transactionManager=(DataSourceTransactionManager)SpringContextHolder.getBean("transactionManager");
+			List<BaseStringCfg> _stringCfgs=Lists.newArrayList(Constants.MAAT_JSON_SEND_SIZE);
+			List<AppPolicyCfg> appPolicyCfgs = new ArrayList<AppPolicyCfg>();
+			List<CfgIndexInfo> cfgIndexInfos = new ArrayList<CfgIndexInfo>();
+			while(!stringCfgs.isEmpty()) {
+				//开启一个新事物
+				DefaultTransactionDefinition def = new DefaultTransactionDefinition();
+				def.setPropagationBehavior(TransactionDefinition.PROPAGATION_REQUIRES_NEW); // 事物隔离级别，开启新事务，这样会比较安全些。
+				TransactionStatus status = transactionManager.getTransaction(def); // 获得事务状态
+				try {
+					stringCfgs.drainTo(_stringCfgs, Constants.MAAT_JSON_SEND_SIZE);
+					if(_stringCfgs.size()>0) {
+						List<Integer> compileIds=Lists.newArrayList();
+						List<Integer> groupIds=Lists.newArrayList();
+						List<Integer> regionIds=Lists.newArrayList();
+						try {
+							 compileIds = ConfigServiceUtil.getId(1,_stringCfgs.size());
+							 if(audit) {
+								 groupIds = ConfigServiceUtil.getId(2,_stringCfgs.size());
+								 regionIds = ConfigServiceUtil.getId(3,_stringCfgs.size());
+							 }
+						} catch (Exception e) {
+							e.printStackTrace();
+							logger.info("获取编译ID出错");
+							throw new MaatConvertException("<spring:message code=\"request_service_failed\"/>:"+e.getMessage());
+						}
+						int ind=0;
+						Date date=new Date();
+						for (BaseStringCfg cfg : _stringCfgs) {
+							cfg.setAction(serviceDict.getAction());
+							cfg.setCfgRegionCode(regionDict.getConfigRegionCode());
+							cfg.setCfgType(regionDict.getConfigRegionValue());
+							cfg.setCreateTime(date);
+							cfg.setCreatorId(UserUtils.getUser().getId());
+							cfg.setDoLog(1);
+							cfg.setFunctionId(regionDict.getFunctionId());
+							if(audit){
+								cfg.setIsAudit(Constants.AUDIT_YES);
+								cfg.setIsValid(Constants.VALID_YES);
+								cfg.setAuditorId(UserUtils.getUser().getId());
+								cfg.setAuditTime(date);
+								if(groupIds!=null&&groupIds.size()==_stringCfgs.size()) {
+								cfg.setGroupId(groupIds.get(ind));
+								}
+								if(regionIds!=null&&regionIds.size()==_stringCfgs.size()) {
+								cfg.setRegionId(regionIds.get(ind));
+								}
+							}else {
+								cfg.setIsAudit(Constants.AUDIT_NOT_YET);
+								cfg.setIsValid(Constants.VALID_NO);
+							}
+							
+							cfg.setIsAreaEffective(0);
+							cfg.setAttribute("0");
+							cfg.setClassify("0");
+							cfg.setLable("0");
+							cfg.setRequestId(StringUtil.isEmpty(requestId) ? 0 : requestId);
+							cfg.setServiceId(serviceDict.getServiceId());
+							if(compileIds!=null&&compileIds.size()==_stringCfgs.size()) {
+								cfg.setCompileId(compileIds.get(ind));
+							}
+							if(specificServiceCfg!=null) {
+								cfg.setAppCode(specificServiceCfg.getSpecServiceCode());
+								cfg.setSpecServiceId(specificServiceCfg.getSpecServiceId());
+								if(StringUtils.isNotBlank(behaviorId))
+								cfg.setBehavCode(Integer.parseInt(behaviorId));
+							}
+							if (serviceDict.getServiceId().intValue() == 33
+									|| serviceDict.getServiceId().intValue() == 145
+									|| serviceDict.getServiceId().intValue() == 35
+									|| serviceDict.getServiceId().intValue() == 147
+									|| serviceDict.getServiceId().intValue() == 36
+									|| serviceDict.getServiceId().intValue() == 148) {
+								if (appRegion != null) {
+									AppPolicyCfg appPolicyCfg = new AppPolicyCfg();
+									BeanUtils.copyProperties(cfg, appPolicyCfg,new String[] {"cfgId"});
+									appPolicyCfg.setMatchMethod(0);
+									appPolicyCfg.setIsHexbin(0);
+									appPolicyCfg.setCfgType(appRegion.getConfigRegionValue());
+									appPolicyCfg.setCfgRegionCode(appRegion.getConfigRegionCode());
+									if (StringUtils.isNotBlank(behaviorId)) {
+										appPolicyCfg.setExprType(1);
+									} else {
+										appPolicyCfg.setExprType(0);
+									}
+									appPolicyCfgs.add(appPolicyCfg);
+								}
+							} else {
+								if(!regionDict.getFunctionId().equals(403)) {
+									CfgIndexInfo cfgIndexInfo = new CfgIndexInfo();
+									BeanUtils.copyProperties(cfg, cfgIndexInfo, new String[] {"cfgId"});
+									cfgIndexInfos.add(cfgIndexInfo);
+								}
+								
+							}
+							ind++;
+						}
+						this.saveAndSend(_stringCfgs, cfgIndexInfos, appPolicyCfgs);
+						cfgIndexInfos.clear();
+						appPolicyCfgs.clear();
+						_stringCfgs.clear();
+						transactionManager.commit(status);
+					}
+					
+				}catch (Throwable e) {
+					transactionManager.rollback(status);
+					// TODO: handle exception
+					return e;
+				}
+				
+			}	
+			
+		}catch (Throwable e) {
+			// TODO: handle exception
+			return e;
+		}
+		
+		return null;
+	}
+	
+	public String getBehaviorId() {
+		return behaviorId;
+	}
+	public void setBehaviorId(String behaviorId) {
+		this.behaviorId = behaviorId;
+	}
+	public String getAsnIpGroup() {
+		return asnIpGroup;
+	}
+	public void setAsnIpGroup(String asnIpGroup) {
+		this.asnIpGroup = asnIpGroup;
+	}
+	public SpecificServiceCfg getSpecificServiceCfg() {
+		return specificServiceCfg;
+	}
+	public void setSpecificServiceCfg(SpecificServiceCfg specificServiceCfg) {
+		this.specificServiceCfg = specificServiceCfg;
+	}
+	public FunctionServiceDict getServiceDict() {
+		return serviceDict;
+	}
+	public void setServiceDict(FunctionServiceDict serviceDict) {
+		this.serviceDict = serviceDict;
+	}
+	public Integer getRequestId() {
+		return requestId;
+	}
+	public void setRequestId(Integer requestId) {
+		this.requestId = requestId;
+	}
+	public String getSpecServiceId() {
+		return specServiceId;
+	}
+	public void setSpecServiceId(String specServiceId) {
+		this.specServiceId = specServiceId;
+	}
+	public void saveAndSend(List<BaseStringCfg> _stringCfgs,List<CfgIndexInfo> cfgIndexInfos, List<AppPolicyCfg> appPolicyCfgs) {
+		logger.warn("saveAndSend start");
+		long start=System.currentTimeMillis();
+		if(_stringCfgs.size()>0) {
+			SqlSession batchSqlSession = null;
+			List<MaatCfg> configCompileList = new ArrayList();
+			try{
+				batchSqlSession = sqlSessionFactory.openSession(ExecutorType.BATCH, false);
+				for(int index = 0; index < _stringCfgs.size();index++){
+					if (regionDict.getDictId().intValue() == 167) {
+						BaseStringCfg<?> cfg = _stringCfgs.get(index);
+		                cfg.setTableName("intercept_pkt_bin");
+						((StringCfgDao) batchSqlSession.getMapper(StringCfgDao.class)).saveStringCfgBatch(cfg);
+					}else
+					// http url
+					if (regionDict.getDictId().intValue() == 9||regionDict.getDictId().intValue() == 15 || regionDict.getDictId().intValue() == 596) {
+						BaseStringCfg<?> cfg = _stringCfgs.get(index);
+		                cfg.setTableName("http_url_cfg");
+						((StringCfgDao) batchSqlSession.getMapper(StringCfgDao.class)).saveStringCfgBatch(cfg);
+					}else
+					// FTP url/content
+					if (regionDict.getDictId().intValue() == 36||regionDict.getDictId().intValue() == 37) {
+						BaseStringCfg<?> cfg = _stringCfgs.get(index);
+		                cfg.setTableName("ftp_keyword_cfg");
+						((StringCfgDao) batchSqlSession.getMapper(StringCfgDao.class)).saveStringCfgBatch(cfg);
+					}else
+					// P2P eMule Keyword
+					if(regionDict.getDictId().intValue() == 158){
+						BaseStringCfg<?> cfg = _stringCfgs.get(index);
+		                cfg.setTableName("p2p_keyword_cfg");
+						((StringCfgDao) batchSqlSession.getMapper(StringCfgDao.class)).saveStringCfgBatch(cfg);
+					}else
+					// P2P File Marking
+					if(regionDict.getDictId().intValue() == 159){
+						BaseStringCfg<?> cfg = _stringCfgs.get(index);
+		                cfg.setTableName("p2p_hash_cfg");
+						((StringCfgDao) batchSqlSession.getMapper(StringCfgDao.class)).saveStringCfgBatch(cfg);
+					}else
+					// BGP AS
+					if (regionDict.getFunctionId().equals(61)) {
+						BaseStringCfg<?> cfg = _stringCfgs.get(index);
+		                cfg.setTableName("ntc_bgp_as_cfg");
+						((StringCfgDao) batchSqlSession.getMapper(StringCfgDao.class)).saveStringCfgBatch(cfg);
+					}else
+					// SSL SNI/SAN/CN
+					if (regionDict.getFunctionId().intValue() == 34) {
+						BaseStringCfg<?> cfg = _stringCfgs.get(index);
+		                cfg.setTableName("ssl_keyword_cfg");
+						((StringCfgDao) batchSqlSession.getMapper(StringCfgDao.class)).saveStringCfgBatch(cfg);
+					}else
+					// HTTP 请求/应答内容
+					if(regionDict.getDictId().intValue()==12||regionDict.getDictId().intValue()==13||regionDict.getDictId().intValue()==601||regionDict.getDictId().intValue()==602) {
+						BaseStringCfg<?> cfg = _stringCfgs.get(index);
+		                cfg.setTableName("http_body_cfg");
+						((StringCfgDao) batchSqlSession.getMapper(StringCfgDao.class)).saveStringCfgBatch(cfg);
+					}else
+					// 流媒体协议
+					if(regionDict.getDictId().intValue()==25){
+						BaseStringCfg<?> cfg = _stringCfgs.get(index);
+		                cfg.setTableName("av_cont_url_cfg");
+						((StringCfgDao) batchSqlSession.getMapper(StringCfgDao.class)).saveStringCfgBatch(cfg);
+					}else
+					// Voip Account
+					if(regionDict.getDictId().intValue()==16){
+						BaseStringCfg<?> cfg = _stringCfgs.get(index);
+		                cfg.setTableName("av_voip_account_cfg");
+						((StringCfgDao) batchSqlSession.getMapper(StringCfgDao.class)).saveStringCfgBatch(cfg);
+					}else
+					// APP域名特征
+					if(regionDict.getDictId().intValue()==64){
+						AppDomainCfg cfg=new AppDomainCfg();
+						BeanUtils.copyProperties(_stringCfgs.get(index), cfg);
+						((AppCfgDao) batchSqlSession.getMapper(AppCfgDao.class)).insertAppDomainCfgBatch(cfg);
+					}
+					if (cfgIndexInfos != null && cfgIndexInfos.size() > 0) {
+						CfgIndexInfo cfgIndexInfo = cfgIndexInfos.get(index);
+						((IpCfgDao) batchSqlSession.getMapper(IpCfgDao.class)).saveCfgIndexForBatch(cfgIndexInfo);
+					}
+					if (appPolicyCfgs != null && appPolicyCfgs.size() > 0) {
+						SpringContextHolder.getBean(AppCfgDao.class).insertAppPolicyCfgForBatch(appPolicyCfgs.get(index));
+					}
+					if(audit) {
+						List<GroupCfg> groupRelationList = new ArrayList();
+						List<IpCfg> ipRegionList = new ArrayList();
+						List<StringCfg> strRegionList = new ArrayList();
+						List<NumBoundaryCfg> numRegionList = new ArrayList();
+						List<DigestCfg> digestRegionList = new ArrayList();
+						List<IpCfg> areaIpRegionList = new ArrayList();
+						GroupCfg group = new GroupCfg();
+						StringCfg cfg = new StringCfg();
+						BeanUtils.copyProperties(_stringCfgs.get(index), cfg);
+						group.setGroupId(_stringCfgs.get(index).getGroupId());
+						group.setCompileId(_stringCfgs.get(index).getCompileId());
+						group.setAuditTime(_stringCfgs.get(index).getAuditTime());
+						group.setIsValid(_stringCfgs.get(index).getIsValid());
+						groupRelationList.add(group);
+						cfg.setGroupId(group.getGroupId());
+						//处理配置关键字转译
+						cfg.setCfgKeywords(BaseService.keywordsEscape(cfg.getCfgKeywords()));
+						//增强字符串转换
+						cfg.setDistrict(BaseService.keywordsEscape(cfg.getDistrict()));
+						strRegionList.add(cfg);
+						MaatCfg maatCfg = new MaatCfg();
+						maatCfg.initDefaultValue();
+						BeanUtils.copyProperties(_stringCfgs.get(index), maatCfg);
+						maatCfg.setAction(_stringCfgs.get(index).getAction());
+						maatCfg.setAuditTime(_stringCfgs.get(index).getAuditTime());
+						maatCfg.setIpRegionList(ipRegionList);
+						maatCfg.setStrRegionList(strRegionList);
+						maatCfg.setNumRegionList(numRegionList);
+						maatCfg.setDigestRegionList(digestRegionList);
+						maatCfg.setGroupRelationList(groupRelationList);
+						maatCfg.setGroupNum(groupRelationList.size());
+						maatCfg.setAreaIpRegionList(areaIpRegionList);
+						maatCfg.setIsValid(_stringCfgs.get(index).getIsValid());
+						configCompileList.add(maatCfg);
+					}
+					
+				}
+				batchSqlSession.commit();
+			}finally {
+				if(batchSqlSession != null){
+					batchSqlSession.close();
+				}
+			}
+			
+			if(audit&&configCompileList.size()>0) {
+				
+				ToMaatBean maatBean = new ToMaatBean();	
+				maatBean.setConfigCompileList(configCompileList);
+				maatBean.setAuditTime(new Date());
+				maatBean.setCreatorName(UserUtils.getUser().getName());
+				maatBean.setVersion(Constants.MAAT_VERSION);
+				maatBean.setOpAction(Constants.INSERT_ACTION);
+				//调用服务接口下发配置数据
+				String json=BaseService.gsonToJson(maatBean);
+				logger.info("http配置下发配置参数："+json);
+				//调用服务接口下发配置
+				ToMaatResult result = ConfigServiceUtil.postMaatCfg(json);
+				logger.info("http配置下发响应信息："+result.getMsg());
+				
+			}
+		}
+		long end=System.currentTimeMillis();
+		logger.warn("saveAndSend finish,cost:"+(end-start));
+	}
+}
diff --git a/src/main/java/com/nis/web/controller/BaseController.java b/src/main/java/com/nis/web/controller/BaseController.java
index 01d30f918..348331f01 100644
--- a/src/main/java/com/nis/web/controller/BaseController.java
+++ b/src/main/java/com/nis/web/controller/BaseController.java
@@ -91,7 +91,6 @@ import com.nis.util.excel.thread.CheckComplexStringFormatThread;
 import com.nis.util.excel.thread.CheckDnsResStrategyFormatThread;
 import com.nis.util.excel.thread.CheckIpFormatThread;
 import com.nis.util.excel.thread.CheckStringFormatThread;
-import com.nis.web.dao.configuration.IpCfgDao;
 import com.nis.web.security.UserUtils;
 import com.nis.web.service.ArchiveServcie;
 import com.nis.web.service.AreaService;
@@ -1249,6 +1248,7 @@ public class BaseController {
 					String specServiceId = request.getParameter("appId");
 					String behaviorId = request.getParameter("behaviorId");
 					String asnIpGroup = request.getParameter("asnGroupId");
+					String isSend = request.getParameter("isSend");
 					SpecificServiceCfg specificServiceCfg = null;
 					if (serviceDict!=null&&(serviceDict.getServiceId().intValue() == 33 || serviceDict.getServiceId().intValue() == 145
 							|| serviceDict.getServiceId().intValue() == 35
@@ -1403,7 +1403,7 @@ public class BaseController {
 									asnIpCfgs.add(_cfg);
 									ind++;
 								}
-								this.splitAndSave(regionDict, serviceDict, specificServiceCfg, asnIpCfgs, cfgIndexInfos, appPolicyCfgs);
+								this.splitAndSave(regionDict, serviceDict, specificServiceCfg, asnIpCfgs, cfgIndexInfos, appPolicyCfgs,isSend.equals("1"));
 								cfgIndexInfos.clear();
 								appPolicyCfgs.clear();
 								_ipPortCfgs.clear();
@@ -1415,9 +1415,21 @@ public class BaseController {
 								ipPortCfgs.drainTo(_ipPortCfgs, Constants.MAAT_JSON_SEND_SIZE);
 								List<Integer> compileIds=Lists.newArrayList();
 								List<Integer> regionIds=Lists.newArrayList();
+								List<Integer> groupIds=Lists.newArrayList();
+								List<Integer> numRegionGroupIds=Lists.newArrayList();
+								List<Integer> numRegionRegionIds=Lists.newArrayList();
 								if(!regionDict.getFunctionId().equals(405)) {//app ip compileId 从config_group_info中取
 									try {
 										 compileIds = ConfigServiceUtil.getId(1,_ipPortCfgs.size());
+										 if(isSend.equals("1")) {
+											 groupIds = ConfigServiceUtil.getId(2,_ipPortCfgs.size());
+											 regionIds = ConfigServiceUtil.getId(3,_ipPortCfgs.size());
+										 }
+										 //需要获取数值域的id
+										 if(serviceDict!=null&&serviceDict.getProtocolId()!=null) {
+											 numRegionGroupIds = ConfigServiceUtil.getId(2,_ipPortCfgs.size());
+											 numRegionRegionIds = ConfigServiceUtil.getId(3,_ipPortCfgs.size());
+										 }
 									} catch (Exception e) {
 										e.printStackTrace();
 										logger.info("获取编译ID出错");
@@ -1443,8 +1455,29 @@ public class BaseController {
 									cfg.setCreatorId(UserUtils.getUser().getId());
 									cfg.setDoLog(1);
 									cfg.setFunctionId(regionDict.getFunctionId());
-									cfg.setIsAudit(0);
-									cfg.setIsValid(0);
+									if(isSend.equals("1")) {
+										cfg.setIsAudit(Constants.AUDIT_YES);
+										cfg.setIsValid(Constants.VALID_YES);
+										cfg.setAuditorId(UserUtils.getUser().getId());
+										cfg.setAuditTime(date);
+										if(groupIds!=null&&groupIds.size()==_ipPortCfgs.size()) {
+										cfg.setGroupId(groupIds.get(ind));
+										}
+										if(regionIds!=null&&regionIds.size()==_ipPortCfgs.size()) {
+										cfg.setRegionId(regionIds.get(ind));
+										}
+										if(serviceDict!=null&&serviceDict.getProtocolId()!=null) {
+											if(numRegionGroupIds!=null&&numRegionGroupIds.size()==_ipPortCfgs.size()) {
+												cfg.setNumberRegionGroupId(numRegionGroupIds.get(ind));
+											}
+											if(numRegionRegionIds!=null&&numRegionRegionIds.size()==_ipPortCfgs.size()) {
+												cfg.setNumberRegionRegionId(numRegionRegionIds.get(ind));
+											}
+										 }
+									}else {
+										cfg.setIsAudit(Constants.AUDIT_NOT_YET);
+										cfg.setIsValid(Constants.VALID_NO);
+									}
 									cfg.setIsAreaEffective(0);
 									cfg.setAttribute("0");
 									cfg.setClassify("0");
@@ -1499,7 +1532,7 @@ public class BaseController {
 									}
 									ind++;
 								}
-								this.splitAndSave(regionDict, serviceDict, specificServiceCfg, _ipPortCfgs, cfgIndexInfos, appPolicyCfgs);
+								this.splitAndSave(regionDict, serviceDict, specificServiceCfg, _ipPortCfgs, cfgIndexInfos, appPolicyCfgs,isSend.equals("1"));
 								cfgIndexInfos.clear();
 								appPolicyCfgs.clear();
 								_ipPortCfgs.clear();
@@ -1507,12 +1540,42 @@ public class BaseController {
 						}
 						
 					} else if (regionDict.getRegionType().equals(2)) {
+//						List<Future<Throwable>> list=Lists.newArrayList();
+//						ExecutorService service=Executors.newFixedThreadPool(Constants.SAVE_AND_DEL_THREAD_SIZE);
+//						for(int j=0;j<Constants.SAVE_AND_DEL_THREAD_SIZE;j++) {
+//							SaveStringCfgThread t=new SaveStringCfgThread(serviceDict, regionDict, requestId, stringCfgs,isSend.equals("1"));
+//							t.setSpecificServiceCfg(specificServiceCfg);
+//							t.setAsnIpGroup(asnIpGroup);
+//							t.setBehaviorId(behaviorId);
+//							t.setSpecServiceId(specServiceId);
+//							list.add(service.submit(t));
+//						}
+//						service.shutdown();
+//						while(!service.isTerminated()) {
+//							Thread.sleep(10);
+//						}
+//						for(Future<Throwable> e:list) {
+//							if(e.get()!=null) {
+//								try {
+//									throw e.get();
+//								} catch (Throwable e1) {
+//									// TODO Auto-generated catch block
+//									e1.printStackTrace();
+//								}
+//							}
+//						}
 						List<BaseStringCfg> _stringCfgs=Lists.newArrayList(Constants.MAAT_JSON_SEND_SIZE);
 						while(!stringCfgs.isEmpty()) {
 							stringCfgs.drainTo(_stringCfgs, Constants.MAAT_JSON_SEND_SIZE);
 							List<Integer> compileIds=Lists.newArrayList();
+							List<Integer> groupIds=Lists.newArrayList();
+							List<Integer> regionIds=Lists.newArrayList();
 							try {
 								 compileIds = ConfigServiceUtil.getId(1,_stringCfgs.size());
+								 if(isSend.equals("1")) {
+									 groupIds = ConfigServiceUtil.getId(2,_stringCfgs.size());
+									 regionIds = ConfigServiceUtil.getId(3,_stringCfgs.size());
+								 }
 							} catch (Exception e) {
 								e.printStackTrace();
 								logger.info("获取编译ID出错");
@@ -1521,16 +1584,27 @@ public class BaseController {
 							int ind=0;
 							for (BaseStringCfg cfg : _stringCfgs) {
 								cfg.setAction(serviceDict.getAction());
-								/*cfg.setAuditorId(UserUtils.getUser().getId());
-								cfg.setAuditTime(date);*/
 								cfg.setCfgRegionCode(regionDict.getConfigRegionCode());
 								cfg.setCfgType(regionDict.getConfigRegionValue());
 								cfg.setCreateTime(date);
 								cfg.setCreatorId(UserUtils.getUser().getId());
 								cfg.setDoLog(1);
 								cfg.setFunctionId(regionDict.getFunctionId());
-								cfg.setIsAudit(0);
-								cfg.setIsValid(0);
+								if(isSend.equals("1")) {
+									cfg.setIsAudit(Constants.AUDIT_YES);
+									cfg.setIsValid(Constants.VALID_YES);
+									cfg.setAuditorId(UserUtils.getUser().getId());
+									cfg.setAuditTime(date);
+									if(groupIds!=null&&groupIds.size()==_stringCfgs.size()) {
+									cfg.setGroupId(groupIds.get(ind));
+									}
+									if(regionIds!=null&&regionIds.size()==_stringCfgs.size()) {
+									cfg.setRegionId(regionIds.get(ind));
+									}
+								}else {
+									cfg.setIsAudit(Constants.AUDIT_NOT_YET);
+									cfg.setIsValid(Constants.VALID_NO);
+								}
 								cfg.setIsAreaEffective(0);
 								cfg.setAttribute("0");
 								cfg.setClassify("0");
@@ -1579,7 +1653,7 @@ public class BaseController {
 								}
 								ind++;
 							}
-							this.splitAndSave(regionDict, serviceDict, specificServiceCfg, _stringCfgs, cfgIndexInfos, appPolicyCfgs);
+							this.splitAndSave(regionDict, serviceDict, specificServiceCfg, _stringCfgs, cfgIndexInfos, appPolicyCfgs,isSend.equals("1"));
 							cfgIndexInfos.clear();
 							appPolicyCfgs.clear();
 							_stringCfgs.clear();
@@ -1657,7 +1731,7 @@ public class BaseController {
 								}
 								ind++;
 							}
-							this.splitAndSave(regionDict, serviceDict, specificServiceCfg, _complexkeywordCfgs, cfgIndexInfos, appPolicyCfgs);
+							this.splitAndSave(regionDict, serviceDict, specificServiceCfg, _complexkeywordCfgs, cfgIndexInfos, appPolicyCfgs,isSend.equals("1"));
 							cfgIndexInfos.clear();
 							appPolicyCfgs.clear();
 							_complexkeywordCfgs.clear();
@@ -1697,7 +1771,7 @@ public class BaseController {
 									cfg.setCompileId(compileIds.get(ind));
 									ind++;
 								}
-								this.splitAndSave(regionDict, serviceDict, specificServiceCfg, _dnsResStrategies, cfgIndexInfos, appPolicyCfgs);
+								this.splitAndSave(regionDict, serviceDict, specificServiceCfg, _dnsResStrategies, cfgIndexInfos, appPolicyCfgs,isSend.equals("1"));
 								_dnsResStrategies.clear();
 								cfgIndexInfos.clear();
 								appPolicyCfgs.clear();
@@ -1789,7 +1863,7 @@ public class BaseController {
 	public void splitAndSave(FunctionRegionDict regionDict,FunctionServiceDict serviceDict,
 			SpecificServiceCfg specificServiceCfg,
 			List<? extends BaseCfg> list,List<CfgIndexInfo> cfgIndexInfos,
-			List<AppPolicyCfg> appPolicyCfgs){
+			List<AppPolicyCfg> appPolicyCfgs,boolean send){
 		if(list!=null&&list.size()>0) {
 			String type=null;
 			if (list.get(0) instanceof BaseIpCfg) {
@@ -1803,6 +1877,12 @@ public class BaseController {
 			}else if(list.get(0) instanceof AsnIpCfg) {
 				type="AsnIpCfg";
 			}
+			if (cfgIndexInfos != null && cfgIndexInfos.size() > 0) {
+				ipCfgService.saveCfgIndexOf(cfgIndexInfos);
+			}
+			if (appPolicyCfgs != null && appPolicyCfgs.size() > 0) {
+				appCfgService.savePolicyList(appPolicyCfgs);
+			}
 			if("BaseIpCfg".equals(type)) {
 				List<BaseIpCfg> listPage = (List<BaseIpCfg>) list;
 				if (regionDict.getFunctionId().equals(301)) {
@@ -1812,7 +1892,7 @@ public class BaseController {
 				}else if (specificServiceCfg!=null&&regionDict.getFunctionId().equals(405)) {
 					appCfgService.saveAppIpCfg((List<BaseIpCfg>)listPage,specificServiceCfg);
 				}else {
-					ipCfgService.saveBatch((List<BaseIpCfg>)listPage, IpCfgDao.class);
+					ipCfgService.saveIpBatch(regionDict,serviceDict,(List<BaseIpCfg>)listPage,send);
 				}
 			}else if("AsnIpCfg".equals(type)) {
 				List<AsnIpCfg> listPage = (List<AsnIpCfg>) list;
@@ -1823,51 +1903,51 @@ public class BaseController {
 				// ip_payload
 				if (regionDict.getDictId().intValue() == 167) {
 					// interceptCfgService.saveInterceptCfg(listPage);
-					interceptCfgService.saveStringCfgBatch(listPage, "intercept_pkt_bin");
+					interceptCfgService.saveStringCfgBatch(regionDict,serviceDict,listPage, "intercept_pkt_bin",send);
 				}
 				// http url
 				if (regionDict.getDictId().intValue() == 9||regionDict.getDictId().intValue() == 15 || regionDict.getDictId().intValue() == 596) {
 					// websiteCfgService.saveHttpUrlCfg(listPage);
-					websiteCfgService.saveStringCfgBatch(listPage, "http_url_cfg");
+					websiteCfgService.saveStringCfgBatch(regionDict,serviceDict,listPage, "http_url_cfg",send);
 				}
 				// FTP url/content
 				if (regionDict.getDictId().intValue() == 36||regionDict.getDictId().intValue() == 37) {
 					// fileTransferCfgService.saveFtpCfg(listPage);
-					fileTransferCfgService.saveStringCfgBatch(listPage, "ftp_keyword_cfg");
+					fileTransferCfgService.saveStringCfgBatch(regionDict,serviceDict,listPage, "ftp_keyword_cfg",send);
 				}
 				// P2P eMule Keyword
 				if(regionDict.getDictId().intValue() == 158){
-					fileTransferCfgService.saveStringCfgBatch(listPage, "p2p_keyword_cfg");
+					fileTransferCfgService.saveStringCfgBatch(regionDict,serviceDict,listPage, "p2p_keyword_cfg",send);
 				}
 				// P2P File Marking
 				if(regionDict.getDictId().intValue() == 159){
 					// fileTransferCfgService.saveP2pCfg(listPage);
-					fileTransferCfgService.saveStringCfgBatch(listPage, "p2p_hash_cfg");
+					fileTransferCfgService.saveStringCfgBatch(regionDict,serviceDict,listPage, "p2p_hash_cfg",send);
 				}
 				// BGP AS
 				if (regionDict.getFunctionId().equals(61)) {
 					// bgpCfgService.saveBgpAsCfg(listPage);
-					bgpCfgService.saveStringCfgBatch(listPage, "ntc_bgp_as_cfg");
+					bgpCfgService.saveStringCfgBatch(regionDict,serviceDict,listPage, "ntc_bgp_as_cfg",send);
 				}
 				// SSL SNI/SAN/CN
 				if (regionDict.getFunctionId().intValue() == 34) {
 					// websiteCfgService.saveSslCfg(listPage);
-					websiteCfgService.saveStringCfgBatch(listPage, "ssl_keyword_cfg");
+					websiteCfgService.saveStringCfgBatch(regionDict,serviceDict,listPage, "ssl_keyword_cfg",send);
 				}
 				// HTTP 请求/应答内容
 				if(regionDict.getDictId().intValue()==12||regionDict.getDictId().intValue()==13||regionDict.getDictId().intValue()==601||regionDict.getDictId().intValue()==602) {
 					// websiteCfgService.saveHttpBodyCfg(listPage);
-					websiteCfgService.saveStringCfgBatch(listPage, "http_body_cfg");
+					websiteCfgService.saveStringCfgBatch(regionDict,serviceDict,listPage, "http_body_cfg",send);
 				}
 				// 流媒体协议
 				if(regionDict.getDictId().intValue()==25){
 					// avContentCfgService.saveContUrlCfg(listPage);
-					avContentCfgService.saveStringCfgBatch(listPage, "av_cont_url_cfg");
+					avContentCfgService.saveStringCfgBatch(regionDict,serviceDict,listPage, "av_cont_url_cfg",send);
 				}
 				// Voip Account
 				if(regionDict.getDictId().intValue()==16){
 					// avContentCfgService.saveVoIpAccountCfg(listPage);
-					avContentCfgService.saveStringCfgBatch(listPage, "av_voip_account_cfg");
+					avContentCfgService.saveStringCfgBatch(regionDict,serviceDict,listPage, "av_voip_account_cfg",send);
 				}
 				// APP域名特征
 				if(regionDict.getDictId().intValue()==64){
@@ -1907,12 +1987,6 @@ public class BaseController {
 				dnsResStrategyService.saveDnsResStrategyCfgBatch(listPage);
 			}
 		}	
-		if (cfgIndexInfos != null && cfgIndexInfos.size() > 0) {
-			ipCfgService.saveCfgIndexOf(cfgIndexInfos);
-		}
-		if (appPolicyCfgs != null && appPolicyCfgs.size() > 0) {
-			appCfgService.savePolicyList(appPolicyCfgs);
-		}
 	}
 	/**
 	 * 多域配置导出
diff --git a/src/main/java/com/nis/web/controller/SystemController.java b/src/main/java/com/nis/web/controller/SystemController.java
index a9c46db59..c7ffd18eb 100644
--- a/src/main/java/com/nis/web/controller/SystemController.java
+++ b/src/main/java/com/nis/web/controller/SystemController.java
@@ -32,26 +32,32 @@ public class SystemController  extends BaseController{
 				boolean topShow = false;
 				for(SysMenu second:menu.getChildren()){
 					boolean secondShow = false;
-					if(!StringUtil.isEmpty(second.getChildren())&&second.getIsShow()==1){
-						for(SysMenu third:second.getChildren()){
-							boolean thirdShow = false;
-							if(!StringUtil.isEmpty(third.getChildren())&&third.getIsShow()==1){
-								for(SysMenu fourth:third.getChildren()){
-									if(!StringUtil.isEmpty(fourth.getMenuBg())&&fourth.getIsShow()==1){
-										newList.add(fourth);
+					if(second.getIsShow()==1){
+						if(!StringUtil.isEmpty(second.getMenuBg())){
+							secondShow = true;
+						}
+						if(!StringUtil.isEmpty(second.getChildren())){
+							for(SysMenu third:second.getChildren()){
+								boolean thirdShow = false;
+								if(third.getIsShow()==1){
+									if(!StringUtil.isEmpty(third.getMenuBg())){
 										thirdShow = true;
 										secondShow = true;
 									}
+									if(!StringUtil.isEmpty(third.getChildren())){
+										for(SysMenu fourth:third.getChildren()){
+											if(!StringUtil.isEmpty(fourth.getMenuBg())&&fourth.getIsShow()==1){
+												newList.add(fourth);
+												thirdShow = true;
+												secondShow = true;
+											}
+										}
+									}
 								}
-							}else{
-								if(!StringUtil.isEmpty(third.getMenuBg())&&third.getIsShow()==1){
-									thirdShow = true;
-									secondShow = true;
+								if(thirdShow){
+									newList.add(third);
 								}
 							}
-							if(thirdShow){
-								newList.add(third);
-							}
 						}
 						
 						if(secondShow){
@@ -59,10 +65,6 @@ public class SystemController  extends BaseController{
 							topShow = true;
 						}
 						
-					}else{
-						if(!StringUtil.isEmpty(second.getMenuBg())&&second.getIsShow()==1){
-							topShow = true;
-						}
 					}
 				}
 				if(topShow){
diff --git a/src/main/java/com/nis/web/dao/configuration/AppCfgDao.java b/src/main/java/com/nis/web/dao/configuration/AppCfgDao.java
index c9ba4e4aa..a3c383848 100644
--- a/src/main/java/com/nis/web/dao/configuration/AppCfgDao.java
+++ b/src/main/java/com/nis/web/dao/configuration/AppCfgDao.java
@@ -41,6 +41,7 @@ public interface AppCfgDao {
 	public IpPortCfg getAppPolicyIpCfg(AppPolicyCfg entity) ;
 	public List<IpPortCfg> getAppPolicyIpList(AppPolicyCfg entity);
 	public int insertAppPolicyCfg(AppPolicyCfg entity);
+	public int insertAppPolicyCfgForBatch(AppPolicyCfg entity);
 	public int updateAppPolicyCfg(AppPolicyCfg entity);	
 	public int insertAppPolicyIpCfg(IpPortCfg entity);
 	public int deleteAppPolicyIpCfg(AppPolicyCfg entity);
@@ -49,6 +50,7 @@ public interface AppCfgDao {
 	public List<AppIpCfg> findAppIpList(AppIpCfg entity) ;
 	public AppIpCfg getAppIpCfg(Long cfgId) ;
 	public int insertAppIpCfg(AppIpCfg entity);
+	public int insertAppIpCfgForBatch(AppIpCfg entity);
 	public int insertAppIpCfgBatch(List<AppIpCfg> list);
 	public int updateAppIpCfg(AppIpCfg entity);
 	//app http特征增删改查
diff --git a/src/main/java/com/nis/web/dao/configuration/AppCfgDao.xml b/src/main/java/com/nis/web/dao/configuration/AppCfgDao.xml
index 7e9d83d08..7cfcfb034 100644
--- a/src/main/java/com/nis/web/dao/configuration/AppCfgDao.xml
+++ b/src/main/java/com/nis/web/dao/configuration/AppCfgDao.xml
@@ -1690,6 +1690,21 @@
      ,#{userRegion4,jdbcType=VARCHAR} ,#{userRegion5,jdbcType=VARCHAR} ,#{doLog,jdbcType=INTEGER}
     )
   </insert>
+  <insert id="insertAppPolicyCfgForBatch" parameterType="com.nis.domain.configuration.AppPolicyCfg" >
+    insert into app_policy_cfg (
+    APP_CODE,BEHAV_CODE,SPEC_SERVICE_ID,CFG_DESC,ACTION,IS_VALID,IS_AUDIT,
+    CREATOR_ID,CREATE_TIME,EDITOR_ID,EDIT_TIME,AUDITOR_ID,AUDIT_TIME,
+    SERVICE_ID,REQUEST_ID,COMPILE_ID,IS_AREA_EFFECTIVE,CLASSIFY,
+    ATTRIBUTE,LABLE,AREA_EFFECTIVE_IDS,RATELIMIT,FUNCTION_ID,
+    CFG_TYPE,CFG_REGION_CODE,EXPR_TYPE,MATCH_METHOD,IS_HEXBIN,USER_REGION1
+    ,USER_REGION2,USER_REGION3,USER_REGION4,USER_REGION5,DO_LOG
+    )values (
+     <include refid="AppCommonCfg_Value_List" />,
+     #{exprType,jdbcType=INTEGER},#{matchMethod,jdbcType=INTEGER},#{isHexbin,jdbcType=INTEGER}
+     ,#{userRegion1,jdbcType=VARCHAR} ,#{userRegion2,jdbcType=VARCHAR} ,#{userRegion3,jdbcType=VARCHAR}
+     ,#{userRegion4,jdbcType=VARCHAR} ,#{userRegion5,jdbcType=VARCHAR} ,#{doLog,jdbcType=INTEGER}
+    )
+  </insert>
   <insert id="insertAppIpCfg" parameterType="com.nis.domain.configuration.AppIpCfg" >
     <selectKey resultType="java.lang.Long" order="AFTER" keyProperty="cfgId">
     	SELECT LAST_INSERT_ID()
@@ -1709,6 +1724,22 @@
     ,#{userRegion3,jdbcType=VARCHAR},#{userRegion4,jdbcType=VARCHAR},#{userRegion5,jdbcType=VARCHAR}
     )
   </insert>
+  <insert id="insertAppIpCfgForBatch" parameterType="com.nis.domain.configuration.AppIpCfg" >
+    insert into app_ip_cfg (
+    APP_CODE,BEHAV_CODE,SPEC_SERVICE_ID, CFG_DESC,ACTION,IS_VALID,IS_AUDIT,
+    CREATOR_ID,CREATE_TIME,EDITOR_ID,EDIT_TIME,AUDITOR_ID,AUDIT_TIME,
+    SERVICE_ID,REQUEST_ID,COMPILE_ID,IS_AREA_EFFECTIVE,CLASSIFY,
+    ATTRIBUTE,LABLE,AREA_EFFECTIVE_IDS,RATELIMIT,FUNCTION_ID,CFG_TYPE,CFG_REGION_CODE,
+    IP_TYPE, IP_PATTERN, SRC_IP_ADDRESS,DEST_IP_ADDRESS, PORT_PATTERN,SRC_PORT,DEST_PORT,
+    DIRECTION,PROTOCOL,DO_LOG,user_region1,user_region2,user_region3,user_region4,user_region5
+    )values (
+     <include refid="AppCommonCfg_Value_List" />,
+     #{ipType,jdbcType=INTEGER}, #{ipPattern,jdbcType=INTEGER},#{srcIpAddress,jdbcType=VARCHAR},#{destIpAddress,jdbcType=VARCHAR},
+    #{portPattern,jdbcType=INTEGER},#{srcPort,jdbcType=VARCHAR},#{destPort,jdbcType=VARCHAR},#{direction,jdbcType=INTEGER}, 
+    #{protocol,jdbcType=INTEGER},#{doLog,jdbcType=INTEGER},#{userRegion1,jdbcType=VARCHAR},#{userRegion2,jdbcType=VARCHAR}
+    ,#{userRegion3,jdbcType=VARCHAR},#{userRegion4,jdbcType=VARCHAR},#{userRegion5,jdbcType=VARCHAR}
+    )
+  </insert>
   <insert id="insertAppIpCfgBatch" parameterType="com.nis.domain.configuration.AppIpCfg" >
     insert into app_ip_cfg (
     APP_CODE,BEHAV_CODE,SPEC_SERVICE_ID, CFG_DESC,ACTION,IS_VALID,IS_AUDIT,
diff --git a/src/main/java/com/nis/web/dao/configuration/IpCfgDao.xml b/src/main/java/com/nis/web/dao/configuration/IpCfgDao.xml
index 5bc7e6ec0..7cd36e97d 100644
--- a/src/main/java/com/nis/web/dao/configuration/IpCfgDao.xml
+++ b/src/main/java/com/nis/web/dao/configuration/IpCfgDao.xml
@@ -862,8 +862,8 @@
     )values (
    		#{cfgDesc,jdbcType=VARCHAR},
    		#{action,jdbcType=INTEGER}, 
-    	0,
-    	0,
+    	#{isValid,jdbcType=INTEGER}, 
+    	#{isAudit,jdbcType=INTEGER}, 
     	#{creatorId,jdbcType=INTEGER}, 
    		#{createTime,jdbcType=TIMESTAMP},
    		#{editorId,jdbcType=INTEGER},
diff --git a/src/main/java/com/nis/web/service/BaseService.java b/src/main/java/com/nis/web/service/BaseService.java
index 1b3970622..1e20ab466 100644
--- a/src/main/java/com/nis/web/service/BaseService.java
+++ b/src/main/java/com/nis/web/service/BaseService.java
@@ -1,6 +1,7 @@
 package com.nis.web.service;
 
 import java.io.IOException;
+import java.lang.reflect.Field;
 import java.lang.reflect.Type;
 import java.math.BigDecimal;
 import java.text.SimpleDateFormat;
@@ -20,6 +21,7 @@ import org.slf4j.LoggerFactory;
 import org.springframework.beans.BeanUtils;
 import org.springframework.transaction.annotation.Transactional;
 
+import com.beust.jcommander.internal.Maps;
 import com.google.common.collect.Lists;
 import com.google.gson.Gson;
 import com.google.gson.GsonBuilder;
@@ -35,6 +37,8 @@ import com.google.gson.stream.JsonToken;
 import com.google.gson.stream.JsonWriter;
 import com.googlecode.ipv6.IPv6Address;
 import com.googlecode.ipv6.IPv6Network;
+import com.nis.domain.FunctionRegionDict;
+import com.nis.domain.FunctionServiceDict;
 import com.nis.domain.SysRole;
 import com.nis.domain.SysUser;
 import com.nis.domain.basics.AsnIpCfg;
@@ -53,6 +57,10 @@ import com.nis.domain.configuration.DnsResStrategy;
 import com.nis.domain.configuration.PxyObjKeyring;
 import com.nis.domain.configuration.PxyObjTrustedCaCert;
 import com.nis.domain.configuration.PxyObjTrustedCaCrl;
+import com.nis.domain.maat.MaatCfg;
+import com.nis.domain.maat.ToMaatBean;
+import com.nis.domain.maat.ToMaatResult;
+import com.nis.domain.maat.MaatCfg.DigestCfg;
 import com.nis.domain.maat.MaatCfg.GroupCfg;
 import com.nis.domain.maat.MaatCfg.IpCfg;
 import com.nis.domain.maat.MaatCfg.NumBoundaryCfg;
@@ -61,78 +69,81 @@ import com.nis.util.ConfigServiceUtil;
 import com.nis.util.Configurations;
 import com.nis.util.Constants;
 import com.nis.util.IpUtil;
+import com.nis.util.Reflections;
 import com.nis.util.StringUtil;
 import com.nis.util.StringUtils;
+import com.nis.web.dao.CrudDao;
+import com.nis.web.dao.configuration.AreaIpCfgDao;
+import com.nis.web.dao.configuration.IpCfgDao;
 import com.nis.web.dao.configuration.StringCfgDao;
+import com.nis.web.security.UserUtils;
 
 /**
  * Service基类
+ * 
  * @author ThinkGem
  * @version 2014-05-16
  */
 public abstract class BaseService {
-	
-	
-	
+
 	/**
 	 * 日志对象
 	 */
 	protected Logger logger = LoggerFactory.getLogger(getClass());
-	
-	
-	
+
 	/**
 	 * 数据范围过滤
-	 * @param user 当前用户对象，通过“entity.getCurrentUser()”获取
-	 * @param officeAlias 机构表别名，多个用“,”逗号隔开。
-	 * @param userAlias 用户表别名，多个用“,”逗号隔开，传递空，忽略此参数
+	 * 
+	 * @param user
+	 *            当前用户对象，通过“entity.getCurrentUser()”获取
+	 * @param officeAlias
+	 *            机构表别名，多个用“,”逗号隔开。
+	 * @param userAlias
+	 *            用户表别名，多个用“,”逗号隔开，传递空，忽略此参数
 	 * @return 标准连接条件对象
 	 */
 	public static String dataScopeFilter(SysUser user, String officeAlias, String userAlias) {
 
-		
 		StringBuilder sqlString = new StringBuilder();
-		
+
 		// 进行权限过滤，多个角色权限范围之间为或者关系。
 		List<Integer> dataScope = Lists.newArrayList();
-		
-		if (StringUtils.isBlank(user.getLoginId())){
+
+		if (StringUtils.isBlank(user.getLoginId())) {
 			return "";
 		}
-		
+
 		// 超级管理员，跳过权限过滤
-		if (user.isAdmin()){
+		if (user.isAdmin()) {
 			boolean isDataScopeAll = isContainsDataScopeAll(user.getUserRoleList());
-			
-			
-			
+
 			for (SysRole r : user.getUserRoleList()) {
-				for (String oa : StringUtils.split(officeAlias, ",")){
-					if (!dataScope.contains(r.getDataScope()) && StringUtils.isNotBlank(oa)){
-						
-						sqlString.append(createScopeSql(r.getDataScope(),oa,user,null));
+				for (String oa : StringUtils.split(officeAlias, ",")) {
+					if (!dataScope.contains(r.getDataScope()) && StringUtils.isNotBlank(oa)) {
+
+						sqlString.append(createScopeSql(r.getDataScope(), oa, user, null));
 						dataScope.add(r.getDataScope());
 					}
 				}
 			}
 			// 如果没有全部数据权限，并设置了用户别名，则当前权限为本人；如果未设置别名，当前无权限为已植入权限
-			if (!isDataScopeAll){
-				if (StringUtils.isNotBlank(userAlias)){
-					for (String ua : StringUtils.split(userAlias, ",")){
+			if (!isDataScopeAll) {
+				if (StringUtils.isNotBlank(userAlias)) {
+					for (String ua : StringUtils.split(userAlias, ",")) {
 						sqlString.append(" OR " + ua + ".id = '" + user.getId() + "'");
 					}
-				}else {
-					for (String oa : StringUtils.split(officeAlias, ",")){
-						//sqlString.append(" OR " + oa + ".id  = " + user.getOffice().getId());
+				} else {
+					for (String oa : StringUtils.split(officeAlias, ",")) {
+						// sqlString.append(" OR " + oa + ".id = " + user.getOffice().getId());
 						sqlString.append(" OR " + oa + ".id IS NULL");
 					}
 				}
-			}else{
+			} else {
 				// 如果包含全部权限，则去掉之前添加的所有条件，并跳出循环。
 				sqlString = new StringBuilder();
 			}
 		}
-		if (StringUtils.isNotBlank(sqlString.toString())){
+		if (StringUtils.isNotBlank(sqlString.toString())) {
 			return " AND (" + sqlString.substring(4) + ")";
 		}
 		return "";
@@ -140,129 +151,131 @@ public abstract class BaseService {
 
 	/**
 	 * 数据范围过滤
-	 * @param user 当前用户对象，通过“entity.getCurrentUser()”获取
-	 * @param configAlias 配置表别名，多个用","逗号隔开，传递空，忽略此参数
+	 * 
+	 * @param user
+	 *            当前用户对象，通过“entity.getCurrentUser()”获取
+	 * @param configAlias
+	 *            配置表别名，多个用","逗号隔开，传递空，忽略此参数
 	 * @return 标准连接条件对象
 	 */
 	public static String configScopeFilter(SysUser user, String configAlias) {
 
-		
 		StringBuilder sqlString = new StringBuilder();
-		
+
 		// 进行权限过滤，多个角色权限范围之间为或者关系。
 		List<Integer> dataScope = Lists.newArrayList();
-		
-		if (StringUtils.isBlank(user.getLoginId())){
+
+		if (StringUtils.isBlank(user.getLoginId())) {
 			return "";
 		}
-		
+
 		// 超级管理员，跳过权限过滤
-		if (!user.isAdmin()){
+		if (!user.isAdmin()) {
 			boolean isDataScopeAll = isContainsDataScopeAll(user.getUserRoleList());
 			// 如果没有全部数据权限
-			if (!isDataScopeAll){
+			if (!isDataScopeAll) {
 				for (SysRole r : user.getUserRoleList()) {
-					for (String c : StringUtils.split(configAlias, ",")){
-						if (!dataScope.contains(r.getDataScope()) && StringUtils.isNotBlank(c)){
-							sqlString.append(createScopeSql(r.getDataScope(),"",user,c));
+					for (String c : StringUtils.split(configAlias, ",")) {
+						if (!dataScope.contains(r.getDataScope()) && StringUtils.isNotBlank(c)) {
+							sqlString.append(createScopeSql(r.getDataScope(), "", user, c));
 							dataScope.add(r.getDataScope());
 						}
 					}
 				}
-				
-			}else{
+
+			} else {
 				// 如果包含全部权限，则去掉之前添加的所有条件但增加配置审核取消以及删除的配置，并跳出循环。
 				sqlString = new StringBuilder();
 				sqlString.append(" OR " + configAlias + ".is_audit !=3");
 			}
 		}
-		if (StringUtils.isNotBlank(sqlString.toString())){
+		if (StringUtils.isNotBlank(sqlString.toString())) {
 			return " AND (" + sqlString.substring(4) + ")";
 		}
 		return "";
 	}
-	
-	
+
 	/**
 	 * 测试数据是否包含全集
+	 * 
 	 * @return
 	 */
 	private static boolean isContainsDataScopeAll(List<SysRole> roleList) {
 		boolean isDataScopeAll = false;
-		
-		for(SysRole role : roleList) {
-			if(SysRole.DATA_SCOPE_ALL.equals(role.getDataScope())){
+
+		for (SysRole role : roleList) {
+			if (SysRole.DATA_SCOPE_ALL.equals(role.getDataScope())) {
 				isDataScopeAll = true;
 				break;
 			}
 		}
-		
+
 		return isDataScopeAll;
-		
+
 	}
-	
-	
+
 	/**
 	 * 过滤机构信息
-	 * @param dataScope  数据范围（1：所有数据；2：所在公司及以下数据；3：所在公司数据；
-	 * 4：所在部门及以下数据；5：所在部门数据；6：所在单位及以下数据；7：所在单位数据;
-	 * 8:操作员数据；9：审核员数据，10：审计员数据）
+	 * 
+	 * @param dataScope
+	 *            数据范围（1：所有数据；2：所在公司及以下数据；3：所在公司数据；
+	 *            4：所在部门及以下数据；5：所在部门数据；6：所在单位及以下数据；7：所在单位数据;
+	 *            8:操作员数据；9：审核员数据，10：审计员数据）
 	 * @return
 	 */
-	private static String createScopeSql(int dataScope,String officeAlias,SysUser user,String configAlias) {
+	private static String createScopeSql(int dataScope, String officeAlias, SysUser user, String configAlias) {
 		StringBuilder scopeSql = new StringBuilder(1024);
-	
-		if (SysRole.DATA_SCOPE_COMPANY_AND_CHILD.equals(dataScope)){
+
+		if (SysRole.DATA_SCOPE_COMPANY_AND_CHILD.equals(dataScope)) {
 			scopeSql.append(" OR " + officeAlias + ".id = " + user.getCompany().getId());
-			scopeSql.append(" OR " + officeAlias + ".parent_ids LIKE '" + user.getCompany().getParentIds() + user.getCompany().getId() + ",%'");
-		}
-		else if (SysRole.DATA_SCOPE_COMPANY.equals(dataScope)){
+			scopeSql.append(" OR " + officeAlias + ".parent_ids LIKE '" + user.getCompany().getParentIds()
+					+ user.getCompany().getId() + ",%'");
+		} else if (SysRole.DATA_SCOPE_COMPANY.equals(dataScope)) {
 			scopeSql.append(" OR " + officeAlias + ".id = " + user.getCompany().getId());
 			// 包括本公司下的部门 （type=1:公司；type=2：单位 3.部门）
-			scopeSql.append(" OR (" + officeAlias + ".parent_id = '" + user.getCompany().getId() + "' AND " + officeAlias + ".type>1)");
-		}
-		else if (SysRole.DATA_SCOPE_OFFICE_AND_CHILD.equals(dataScope)){
+			scopeSql.append(" OR (" + officeAlias + ".parent_id = '" + user.getCompany().getId() + "' AND "
+					+ officeAlias + ".type>1)");
+		} else if (SysRole.DATA_SCOPE_OFFICE_AND_CHILD.equals(dataScope)) {
 			scopeSql.append(" OR " + officeAlias + ".id = " + user.getOffice().getId());
-			scopeSql.append(" OR " + officeAlias + ".parent_ids LIKE '" + user.getOffice().getParentIds() + user.getOffice().getId() + ",%'");
-		}
-		else if (SysRole.DATA_SCOPE_OFFICE.equals(dataScope)){
+			scopeSql.append(" OR " + officeAlias + ".parent_ids LIKE '" + user.getOffice().getParentIds()
+					+ user.getOffice().getId() + ",%'");
+		} else if (SysRole.DATA_SCOPE_OFFICE.equals(dataScope)) {
 			scopeSql.append(" OR " + officeAlias + ".id = " + user.getOffice().getId());
-		}
-		else if (SysRole.DATA_SCOPE_ENTITY_AND_CHILD.equals(dataScope)){
+		} else if (SysRole.DATA_SCOPE_ENTITY_AND_CHILD.equals(dataScope)) {
 			scopeSql.append(" OR " + officeAlias + ".id = " + user.getEntity().getId());
-			scopeSql.append(" OR " + officeAlias + ".parent_ids LIKE '" + user.getEntity().getParentIds() + user.getEntity().getId() + ",%'");
-			
-		} else if (SysRole.DATA_SCOPE_ENTITY.equals(dataScope)){
+			scopeSql.append(" OR " + officeAlias + ".parent_ids LIKE '" + user.getEntity().getParentIds()
+					+ user.getEntity().getId() + ",%'");
+
+		} else if (SysRole.DATA_SCOPE_ENTITY.equals(dataScope)) {
 			scopeSql.append(" OR " + officeAlias + ".id = " + user.getEntity().getId());
 			// 包括本公司下的部门 （type=1:公司；type=2：单位 3.部门）
-			scopeSql.append(" OR (" + officeAlias + ".parent_id = '" + user.getEntity().getId() + "' AND " + officeAlias + ".type>1)");
-			
-		}else if (SysRole.DATA_SCOPE_CREATOR.equals(dataScope)){
+			scopeSql.append(" OR (" + officeAlias + ".parent_id = '" + user.getEntity().getId() + "' AND " + officeAlias
+					+ ".type>1)");
+
+		} else if (SysRole.DATA_SCOPE_CREATOR.equals(dataScope)) {
 			scopeSql.append(" OR " + configAlias + ".is_audit !=3");
-		}
-		else if (SysRole.DATA_SCOPE_AUDITOR.equals(dataScope)){
+		} else if (SysRole.DATA_SCOPE_AUDITOR.equals(dataScope)) {
 			scopeSql.append(" OR " + configAlias + ".is_audit = 0 or " + configAlias + ".is_audit = 1");
+		} else if (SysRole.DATA_SCOPE_SHOWER.equals(dataScope)) {
+			scopeSql.append(" OR " + configAlias + ".is_audit = 1");
 		}
-		else if (SysRole.DATA_SCOPE_SHOWER.equals(dataScope)){
-			scopeSql.append(" OR " + configAlias + ".is_audit = 1");			
-		}
-		
+
 		return scopeSql.toString();
 	}
+
 	/**
 	 * 
-	 * getTableName(获取表名对应的Class)
-	 * (这里描述这个方法适用条件 – 可选)
+	 * getTableName(获取表名对应的Class) (这里描述这个方法适用条件 – 可选)
+	 * 
 	 * @param clazz
-	 * @return 
-	 *String
-	 * @exception 
-	 * @since  1.0.0
+	 * @return String
+	 * @exception @since
+	 *                1.0.0
 	 */
-	public String getClassName(String tableName){
+	public String getClassName(String tableName) {
 		return Configurations.getStringProperty(tableName, null);
 	}
-	
+
 	public static class MapTypeAdapter extends TypeAdapter<Object> {
 		@Override
 		public Object read(JsonReader in) throws IOException {
@@ -295,12 +308,12 @@ public abstract class BaseService {
 				BigDecimal maxLong = new BigDecimal(Long.MAX_VALUE);
 				BigDecimal maxInteger = new BigDecimal(Integer.MAX_VALUE);
 				// 数字超过long的最大值，返回BigDecimal类型
-				if (dbNum.compareTo(maxLong)==1) {
+				if (dbNum.compareTo(maxLong) == 1) {
 					return dbNum;
-				}else if(dbNum.compareTo(maxInteger)==1){
+				} else if (dbNum.compareTo(maxInteger) == 1) {
 					long lngNum = Long.parseLong(temp);
 					return lngNum;
-				}else{
+				} else {
 					int lngNum = Integer.parseInt(temp);
 					return lngNum;
 				}
@@ -323,66 +336,71 @@ public abstract class BaseService {
 		}
 
 	}
+
 	/**
 	 * 转换成字符串
+	 * 
 	 * @param obj
 	 * @return
 	 */
-	public  static  <T> String gsonToJson(T obj){
-		Gson gson = new GsonBuilder().disableHtmlEscaping().
-				excludeFieldsWithoutExposeAnnotation().
-				registerTypeAdapter(Date.class, new JsonSerializer<Date>() {
+	public static <T> String gsonToJson(T obj) {
+		Gson gson = new GsonBuilder().disableHtmlEscaping().excludeFieldsWithoutExposeAnnotation()
+				.registerTypeAdapter(Date.class, new JsonSerializer<Date>() {
 					@Override
-					public JsonElement serialize(Date src, Type type,
-							JsonSerializationContext context) {
+					public JsonElement serialize(Date src, Type type, JsonSerializationContext context) {
 						String format = "yyyy-MM-dd HH:mm:ss";
-						long time= ((Date) src).getTime();
+						long time = ((Date) src).getTime();
 						SimpleDateFormat sdf = new SimpleDateFormat(format);
 						return new JsonPrimitive(sdf.format(time));
 					}
 				}).create();
 		return gson.toJson(obj);
 	}
+
 	/**
 	 * 字符串转成对象
+	 * 
 	 * @param jsonString
 	 * @param cls
 	 * @return
 	 */
-	public static <T> T gsonFromJson(String jsonString,Class<T> cls){
-		Gson gson = new GsonBuilder()
-			.registerTypeAdapter(new TypeToken<Map>() {}.getType(), new MapTypeAdapter())
-			.registerTypeAdapter(new TypeToken<List>() {}.getType(), new MapTypeAdapter())
-				.create();
+	public static <T> T gsonFromJson(String jsonString, Class<T> cls) {
+		Gson gson = new GsonBuilder().registerTypeAdapter(new TypeToken<Map>() {
+		}.getType(), new MapTypeAdapter()).registerTypeAdapter(new TypeToken<List>() {
+		}.getType(), new MapTypeAdapter()).create();
 		return gson.fromJson(jsonString, cls);
 	}
+
 	/**
 	 * 界面配置list转换为服务接口端的list
+	 * 
 	 * @param <T>
 	 * @param <T>
 	 * @param dstList
 	 * @param srcList
 	 * @param cfgType，1为IP类型，2为字符串类型，3为增强字符串，4数值类型，5摘要类,6回调类[但字符串类域配置和增强字符串域配置在接口参数中同属于strRegionList]
 	 * @param baseCfg，配置基本信息
-	 * @param groupRelationList 配置分组列表
+	 * @param groupRelationList
+	 *            配置分组列表
 	 * @return
 	 */
-	public static <T> Map<String,List> cfgConvert(List dstList,List<T> srcList,Integer cfgType,BaseCfg baseCfg,List groupRelationList){
-		Map<String,List> map = new HashMap();
-		if(cfgType==1){
+	public static <T> Map<String, List> cfgConvert(List dstList, List<T> srcList, Integer cfgType, BaseCfg baseCfg,
+			List groupRelationList) {
+		Map<String, List> map = new HashMap();
+		if (cfgType == 1) {
 			List numRegionList = new ArrayList();
 			Integer groupId = 0;
 			Integer numGroupId = 0;
 			List<Integer> regionIdList = ConfigServiceUtil.getId(3, srcList.size());
-			for(int i=0;i<srcList.size();i++){
+			for (int i = 0; i < srcList.size(); i++) {
 				T srcCfg = srcList.get(i);
 				BaseIpCfg baseIpCfg = new BaseIpCfg();
 				BeanUtils.copyProperties(srcCfg, baseIpCfg);
 				IpCfg cfg = new IpCfg();
 				BeanUtils.copyProperties(baseIpCfg, cfg);
-				//区域IP配置，多条IP配置属于同一个分组，其他业务配置IP，一条配置一个分组
-//				if(groupId==0 || !cfg.getCfgType().equals(Constants.AREA_REGION)){
-				if(groupId==0){
+				// 区域IP配置，多条IP配置属于同一个分组，其他业务配置IP，一条配置一个分组
+				// if(groupId==0 || !cfg.getCfgType().equals(Constants.AREA_REGION)){
+				if (groupId == 0) {
 					GroupCfg group = new GroupCfg();
 					groupId = ConfigServiceUtil.getId(2, 1).get(0);
 					group.setGroupId(groupId);
@@ -394,19 +412,19 @@ public abstract class BaseService {
 				cfg.setGroupId(groupId);
 				cfg.setAuditTime(baseCfg.getAuditTime());
 				cfg.setIsValid(baseCfg.getIsValid());
-				List<IpCfg> cfgs = ipConvert(cfg,baseIpCfg);
-				if(cfgs.size()>1){
-					List<Integer> ids=ConfigServiceUtil.getId(3, cfgs.size()-1);
+				List<IpCfg> cfgs = ipConvert(cfg, baseIpCfg);
+				if (cfgs.size() > 1) {
+					List<Integer> ids = ConfigServiceUtil.getId(3, cfgs.size() - 1);
 					regionIdList.addAll(ids);
 				}
-				for(int j=i;j<cfgs.size()+i;j++) {
-					cfgs.get(j-i).setRegionId(regionIdList.get(j));
+				for (int j = i; j < cfgs.size() + i; j++) {
+					cfgs.get(j - i).setRegionId(regionIdList.get(j));
 				}
 				dstList.addAll(cfgs);
-				
-				//如果protocolId非空非零，需要构造数值型域配置，多条相同协议的IP只需要一条数值域配置（目前没有不同协议IP&情况）
-				if(baseIpCfg.getProtocolId()!=null && baseIpCfg.getProtocolId()!=0 ){		
-					if(numGroupId==0){
+
+				// 如果protocolId非空非零，需要构造数值型域配置，多条相同协议的IP只需要一条数值域配置（目前没有不同协议IP&情况）
+				if (baseIpCfg.getProtocolId() != null && baseIpCfg.getProtocolId() != 0) {
+					if (numGroupId == 0) {
 						GroupCfg group1 = new GroupCfg();
 						group1.setGroupId(ConfigServiceUtil.getId(2, 1).get(0));
 						group1.setCompileId(baseIpCfg.getCompileId());
@@ -422,17 +440,17 @@ public abstract class BaseService {
 						numCfg.setGroupId(group1.getGroupId());
 						numCfg.setIsValid(baseCfg.getIsValid());
 						numRegionList.add(numCfg);
-						map.put("numRegionList",numRegionList);
+						map.put("numRegionList", numRegionList);
 						numGroupId++;
 					}
 				}
 			}
-			
-		}else if(cfgType==2 || cfgType==3){
+
+		} else if (cfgType == 2 || cfgType == 3) {
 			List<Integer> groupIdList = ConfigServiceUtil.getId(2, srcList.size());
 			List<Integer> regionIdList = ConfigServiceUtil.getId(3, srcList.size());
-			for(int i=0;i<srcList.size();i++){
-				//一条业务配置创建一个分组
+			for (int i = 0; i < srcList.size(); i++) {
+				// 一条业务配置创建一个分组
 				GroupCfg group = new GroupCfg();
 				StringCfg cfg = new StringCfg();
 				BeanUtils.copyProperties(srcList.get(i), cfg);
@@ -445,17 +463,17 @@ public abstract class BaseService {
 				cfg.setRegionId(regionIdList.get(i));
 				cfg.setAuditTime(baseCfg.getAuditTime());
 				cfg.setIsValid(baseCfg.getIsValid());
-				//处理配置关键字转译
+				// 处理配置关键字转译
 				cfg.setCfgKeywords(keywordsEscape(cfg.getCfgKeywords()));
-				//增强字符串转换
+				// 增强字符串转换
 				cfg.setDistrict(keywordsEscape(cfg.getDistrict()));
 				dstList.add(cfg);
 			}
-		}else if(cfgType==4){
+		} else if (cfgType == 4) {
 			List<Integer> groupIdList = ConfigServiceUtil.getId(2, srcList.size());
 			List<Integer> regionIdList = ConfigServiceUtil.getId(3, srcList.size());
-			for(int i=0;i<srcList.size();i++){
-				//一条业务配置创建一个分组
+			for (int i = 0; i < srcList.size(); i++) {
+				// 一条业务配置创建一个分组
 				com.nis.domain.maat.MaatCfg.NumBoundaryCfg cfg = new com.nis.domain.maat.MaatCfg.NumBoundaryCfg();
 				BeanUtils.copyProperties(srcList.get(i), cfg);
 				GroupCfg group = new GroupCfg();
@@ -470,11 +488,11 @@ public abstract class BaseService {
 				cfg.setIsValid(baseCfg.getIsValid());
 				dstList.add(cfg);
 			}
-		}else if(cfgType==5){
+		} else if (cfgType == 5) {
 			List<Integer> groupIdList = ConfigServiceUtil.getId(2, srcList.size());
 			List<Integer> regionIdList = ConfigServiceUtil.getId(3, srcList.size());
-			for(int i=0;i<srcList.size();i++){
-				//一条业务配置创建一个分组
+			for (int i = 0; i < srcList.size(); i++) {
+				// 一条业务配置创建一个分组
 				com.nis.domain.maat.MaatCfg.DigestCfg cfg = new com.nis.domain.maat.MaatCfg.DigestCfg();
 				BeanUtils.copyProperties(srcList.get(i), cfg);
 				GroupCfg group = new GroupCfg();
@@ -489,7 +507,7 @@ public abstract class BaseService {
 				cfg.setIsValid(baseCfg.getIsValid());
 				dstList.add(cfg);
 			}
-		}else{
+		} else {
 			dstList.addAll(srcList);
 		}
 		map.put("groupList", groupRelationList);
@@ -497,517 +515,606 @@ public abstract class BaseService {
 		return map;
 	}
 	/**
-	 * 界面IP配置转换为MAAT类或者回调类IP配置
-	 * @param dstIp
-	 * @param srcIp
-	 * @return
+	 * maatCfg转换,不支持callback,注意除了ip类型的range转换完成之后需要额外获取region id之外，其他需要在src中设置 compileId,regionId,regoup id
+	 * 如果ip类型协议id不为空，需要设置numberRegionGroupId，numberRegionRegionId。
+	 * @param src 
+	 * @param cfgType，1为IP类型，2为字符串类型，3为增强字符串，4数值类型，5摘要类[但字符串类域配置和增强字符串域配置在接口参数中同属于strRegionList]
+	 * @return Map<String,List>
+	 * @throws IllegalAccessException 
+	 * @throws IllegalArgumentException 
 	 */
-	/*public static IpCfg ipConvert(IpCfg dstIp,BaseIpCfg srcIp){
-		if(srcIp.getSrcIpAddress()!=null){
-			if(srcIp.getSrcIpAddress().indexOf("/")!=-1){
-				if(srcIp.getIpType()==4 || srcIp.getIpType()==46){//46表示源ip为ipv4，目的ip为ipv6
-					Integer srcMaskNum = Integer.parseInt(srcIp.getSrcIpAddress().split("/")[1]);
-					if(srcMaskNum==0){
-						dstIp.setSrcIpMask("0.0.0.0");
-					}else{
-						dstIp.setSrcIpMask(IpUtil.convertMask(srcMaskNum));
-					}
-					
-					dstIp.setSrcIp(srcIp.getSrcIpAddress().split("/")[0]);
-				}else if(srcIp.getIpType()==6|| srcIp.getIpType()==64){//64表示源ip为ipv6，目的ip为ipv4
-					IPv6Network strangeNetwork = IPv6Network.fromString(srcIp.getSrcIpAddress());
-					dstIp.setSrcIp(srcIp.getSrcIpAddress().split("/")[0]);
-					dstIp.setSrcIpMask(strangeNetwork.getNetmask().asAddress().toString());
-				}else {
-					Pattern patternV4Subnet=Pattern.compile(Constants.IPV4_IP_SUBNET_REGEXP);
-					Pattern patternV6Subnet=Pattern.compile(Constants.IPV6_IP_SUBNET_REGEXP);
-					Matcher matchernV4Subnet=patternV4Subnet.matcher(srcIp.getSrcIpAddress());
-					Matcher matcherV6Subnet=patternV6Subnet.matcher(srcIp.getSrcIpAddress());
-					if(matchernV4Subnet.matches()) {
-						Integer srcMaskNum = Integer.parseInt(srcIp.getSrcIpAddress().split("/")[1]);
-						if(srcMaskNum==0){
-							dstIp.setSrcIpMask("0.0.0.0");
-						}else{
-							dstIp.setSrcIpMask(IpUtil.convertMask(srcMaskNum));
-						}
-						dstIp.setSrcIp(srcIp.getSrcIpAddress().split("/")[0]);
-					}else if(matcherV6Subnet.matches()){
-						IPv6Network strangeNetwork = IPv6Network.fromString(srcIp.getSrcIpAddress());
-						dstIp.setSrcIp(srcIp.getSrcIpAddress().split("/")[0]);
-						dstIp.setSrcIpMask(strangeNetwork.getNetmask().asAddress().toString());
-					}else {
-						throw new RuntimeException("Invalid IP/subnet mask format");
-					}
-				}
-				
-			}else if(srcIp.getSrcIpAddress().indexOf("-")!=-1){
-				if(srcIp.getIpType()==4|| srcIp.getIpType()==46){//46表示源ip为ipv4，目的ip为ipv6
-					dstIp.setSrcIp(srcIp.getSrcIpAddress().split("-")[0]);
-					dstIp.setSrcIpMask(IpUtil.getMask(srcIp.getSrcIpAddress().split("-")[0], srcIp.getSrcIpAddress().split("-")[1]));
-				}else if(srcIp.getIpType()==6|| srcIp.getIpType()==64){//64表示源ip为ipv6，目的ip为ipv4
-					IPv6Address address1 = IPv6Address.fromString(srcIp.getSrcIpAddress().split("-")[0]);
-					IPv6Address address2 = IPv6Address.fromString(srcIp.getSrcIpAddress().split("-")[1]);
-					IPv6Network network = IPv6Network.fromTwoAddresses(address1,address2);
-					dstIp.setSrcIp(address1.toString());
-					dstIp.setSrcIpMask(network.getNetmask().asAddress().toString());
-				}else {
-					Pattern patternV4Range=Pattern.compile(Constants.IPV4_IP_RANGE_REGEXP);
-					Pattern patternV6Range=Pattern.compile(Constants.IPV6_IP_RANGE_REGEXP);
-					Matcher matcherV4Range=patternV4Range.matcher(srcIp.getSrcIpAddress());
-					Matcher matcherV6Range=patternV6Range.matcher(srcIp.getSrcIpAddress());
-					if(matcherV4Range.matches()) {
-						dstIp.setSrcIp(srcIp.getSrcIpAddress().split("-")[0]);
-						dstIp.setSrcIpMask(IpUtil.getMask(srcIp.getSrcIpAddress().split("-")[0], srcIp.getSrcIpAddress().split("-")[1]));
-					}else if(matcherV6Range.matches()) {
-						IPv6Address address1 = IPv6Address.fromString(srcIp.getSrcIpAddress().split("-")[0]);
-						IPv6Address address2 = IPv6Address.fromString(srcIp.getSrcIpAddress().split("-")[1]);
-						IPv6Network network = IPv6Network.fromTwoAddresses(address1,address2);
-						dstIp.setSrcIp(address1.toString());
-						dstIp.setSrcIpMask(network.getNetmask().asAddress().toString());
-					}else {
-						throw new RuntimeException("Invalid IP range format");
-					}
-				}
-				
-			}else{
-				if(srcIp.getIpType()==4|| srcIp.getIpType()==46){//46表示源ip为ipv4，目的ip为ipv6
-					dstIp.setSrcIp(srcIp.getSrcIpAddress());
-					dstIp.setSrcIpMask("255.255.255.255");
-				}else if(srcIp.getIpType()==6|| srcIp.getIpType()==64){//64表示源ip为ipv6，目的ip为ipv4
-					dstIp.setSrcIp(srcIp.getSrcIpAddress());
-					dstIp.setSrcIpMask("FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF");
-				}else {//all
-					Pattern patternV4=Pattern.compile(Constants.IPV4_IP_REGEXP);
-					Pattern patternV6=Pattern.compile(Constants.IPV6_IP_REGEXP);
-					Matcher matcherV4=patternV4.matcher(srcIp.getSrcIpAddress());
-					Matcher matcherV6=patternV6.matcher(srcIp.getSrcIpAddress());
-					 if(matcherV4.matches()) {
-						dstIp.setSrcIp(srcIp.getSrcIpAddress());
-						dstIp.setSrcIpMask("255.255.255.255");
-					}else if(matcherV6.matches()) {
-						dstIp.setSrcIp(srcIp.getSrcIpAddress());
-						dstIp.setSrcIpMask("FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF");
-					}else {
-						throw new RuntimeException("Invalid IP format");
-					}
-				}
-				
+	public static <T> Map<String,List> cfgConvert(BaseCfg<T> src, Integer cfgType) {
+		Map<String,List> map=Maps.newHashMap();
+		List groupRelationList=Lists.newArrayList();
+		Field compileIdF= Reflections.getAccessibleField(src, "compileId");
+		Field groupIdF= Reflections.getAccessibleField(src, "groupId");
+		Field regionIdF= Reflections.getAccessibleField(src, "regionId");
+		try {
+			if(compileIdF==null||compileIdF.get(src)==null) {
+				throw new RuntimeException("Please set compileId first");
 			}
-		}else{
-			if(srcIp.getIpType()==4|| srcIp.getIpType()==46){//46表示源ip为ipv4，目的ip为ipv6
-				dstIp.setSrcIp(srcIp.getSrcIpAddress());
-				dstIp.setSrcIpMask("255.255.255.255");
-			}else if(srcIp.getIpType()==6|| srcIp.getIpType()==64){//64表示源ip为ipv6，目的ip为ipv4
-				dstIp.setSrcIp(srcIp.getSrcIpAddress());
-				dstIp.setSrcIpMask("FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF");
-			}else {//all
-				dstIp.setSrcIp(srcIp.getSrcIpAddress());
-				dstIp.setSrcIpMask("255.255.255.255");
+			if(groupIdF==null||groupIdF.get(src)==null) {
+				throw new RuntimeException("Please set groupId first");
 			}
+			if(regionIdF==null||regionIdF.get(src)==null) {
+				throw new RuntimeException("Please set regionId first");
+			}
+		} catch (IllegalArgumentException | IllegalAccessException e) {
+			// TODO Auto-generated catch block
+			e.printStackTrace();
 		}
-		if(srcIp.getDestIpAddress()!=null){
-			if(srcIp.getDestIpAddress().indexOf("/")!=-1){
-				if(srcIp.getIpType()==4|| srcIp.getIpType()==64){//64表示源ip为ipv6，目的ip为ipv4
-					Integer dstMaskNum = Integer.parseInt(srcIp.getDestIpAddress().split("/")[1]);
-					if(dstMaskNum==0){
-						dstIp.setDstIpMask("0.0.0.0");
-					}else{
-						dstIp.setDstIpMask(IpUtil.convertMask(dstMaskNum));;
-					}
-					dstIp.setDstIp(srcIp.getDestIpAddress().split("/")[0]);
-				}else if(srcIp.getIpType()==6|| srcIp.getIpType()==46){//46表示源ip为ipv4，目的ip为ipv6
-					IPv6Network strangeNetwork = IPv6Network.fromString(srcIp.getDestIpAddress());
-					dstIp.setDstIp(srcIp.getDestIpAddress().split("/")[0]);
-					dstIp.setDstIpMask(strangeNetwork.getNetmask().asAddress().toString());
-				}else {
-					Pattern patternV4Subnet=Pattern.compile(Constants.IPV4_IP_SUBNET_REGEXP);
-					Pattern patternV6Subnet=Pattern.compile(Constants.IPV6_IP_SUBNET_REGEXP);
-					Matcher matchernV4Subnet=patternV4Subnet.matcher(srcIp.getDestIpAddress());
-					Matcher matcherV6Subnet=patternV6Subnet.matcher(srcIp.getDestIpAddress());
-					if(matchernV4Subnet.matches()) {
-						Integer dstMaskNum = Integer.parseInt(srcIp.getDestIpAddress().split("/")[1]);
-						if(dstMaskNum==0){
-							dstIp.setDstIpMask("0.0.0.0");
-						}else{
-							dstIp.setDstIpMask(IpUtil.convertMask(dstMaskNum));;
-						}
-						dstIp.setDstIp(srcIp.getDestIpAddress().split("/")[0]);
-					}else if(matcherV6Subnet.matches()){
-						IPv6Network strangeNetwork = IPv6Network.fromString(srcIp.getDestIpAddress());
-						dstIp.setDstIp(srcIp.getDestIpAddress().split("/")[0]);
-						dstIp.setDstIpMask(strangeNetwork.getNetmask().asAddress().toString());
+		
+		if (cfgType == 1) {
+			List<IpCfg> ipcfgs=Lists.newArrayList();
+			List numRegionList = new ArrayList();
+			BaseIpCfg baseIpCfg = new BaseIpCfg();
+			BeanUtils.copyProperties(src, baseIpCfg);
+			Integer groupId = baseIpCfg.getGroupId();
+			Integer numGroupId = 0;
+			IpCfg cfg = new IpCfg();
+			BeanUtils.copyProperties(baseIpCfg, cfg);
+			// 区域IP配置，多条IP配置属于同一个分组，其他业务配置IP，一条配置一个分组
+			// if(groupId==0 || !cfg.getCfgType().equals(Constants.AREA_REGION)){
+			GroupCfg group = new GroupCfg();
+			if (groupId == 0) {
+				groupId = ConfigServiceUtil.getId(2, 1).get(0);
+			}
+			group.setGroupId(groupId);
+			group.setCompileId(baseIpCfg.getCompileId());
+			group.setAuditTime(baseIpCfg.getAuditTime());
+			group.setIsValid(baseIpCfg.getIsValid());
+			groupRelationList.add(group);
+			cfg.setGroupId(groupId);
+			cfg.setAuditTime(baseIpCfg.getAuditTime());
+			cfg.setIsValid(baseIpCfg.getIsValid());
+			List<IpCfg> cfgs = ipConvert(cfg, baseIpCfg);
+			List<Integer> regionIdList=Lists.newArrayListWithCapacity(cfgs.size() - 1);
+			if (cfgs.size() > 1) {
+				List<Integer> ids = ConfigServiceUtil.getId(3, cfgs.size() - 1);
+				regionIdList.addAll(ids);
+			}
+			for (int i = 1; i < cfgs.size(); i++) {
+				cfgs.get(i).setRegionId(regionIdList.get(i-1));
+			}
+			ipcfgs.addAll(cfgs);
+			map.put("ipRegionList", ipcfgs);
+			// 如果protocolId非空非零，需要构造数值型域配置，多条相同协议的IP只需要一条数值域配置（目前没有不同协议IP&情况）
+			if (baseIpCfg.getProtocolId() != null && baseIpCfg.getProtocolId() != 0) {
+				if (numGroupId == 0) {
+					GroupCfg group1 = new GroupCfg();
+					if(baseIpCfg.getNumberRegionGroupId()!=null) {
+						group1.setGroupId(baseIpCfg.getNumberRegionGroupId());
 					}else {
-						throw new RuntimeException("Invalid IP/subnet mask format");
+						group1.setGroupId(ConfigServiceUtil.getId(2, 1).get(0));
 					}
-				}
-				
-			}else if(srcIp.getDestIpAddress().indexOf("-")!=-1){
-				if(srcIp.getIpType()==4|| srcIp.getIpType()==64){//64表示源ip为ipv6，目的ip为ipv4
-					dstIp.setDstIp(srcIp.getDestIpAddress().split("-")[0]);
-					dstIp.setDstIpMask(IpUtil.getMask(srcIp.getDestIpAddress().split("-")[0], srcIp.getDestIpAddress().split("-")[1]));
-				}else if(srcIp.getIpType()==6|| srcIp.getIpType()==46){//46表示源ip为ipv4，目的ip为ipv6
-					IPv6Address address1 = IPv6Address.fromString(srcIp.getDestIpAddress().split("-")[0]);
-					IPv6Address address2 = IPv6Address.fromString(srcIp.getDestIpAddress().split("-")[1]);
-					IPv6Network network = IPv6Network.fromTwoAddresses(address1,address2);
-					dstIp.setDstIp(address1.toString());
-					dstIp.setDstIpMask(network.getNetmask().asAddress().toString());
-				}else {
-					Pattern patternV4Range=Pattern.compile(Constants.IPV4_IP_RANGE_REGEXP);
-					Pattern patternV6Range=Pattern.compile(Constants.IPV6_IP_RANGE_REGEXP);
-					Matcher matcherV4Range=patternV4Range.matcher(srcIp.getDestIpAddress());
-					Matcher matcherV6Range=patternV6Range.matcher(srcIp.getDestIpAddress());
-					if(matcherV4Range.matches()) {
-						dstIp.setDstIp(srcIp.getDestIpAddress().split("-")[0]);
-						dstIp.setDstIpMask(IpUtil.getMask(srcIp.getDestIpAddress().split("-")[0], srcIp.getDestIpAddress().split("-")[1]));
-					}else if(matcherV6Range.matches()) {
-						IPv6Address address1 = IPv6Address.fromString(srcIp.getDestIpAddress().split("-")[0]);
-						IPv6Address address2 = IPv6Address.fromString(srcIp.getDestIpAddress().split("-")[1]);
-						IPv6Network network = IPv6Network.fromTwoAddresses(address1,address2);
-						dstIp.setDstIp(address1.toString());
-						dstIp.setDstIpMask(network.getNetmask().asAddress().toString());
+					group1.setCompileId(baseIpCfg.getCompileId());
+					group1.setAuditTime(baseIpCfg.getAuditTime());
+					group1.setIsValid(baseIpCfg.getIsValid());
+					groupRelationList.add(group1);
+					NumBoundaryCfg numCfg = new NumBoundaryCfg();
+					numCfg.initDefaultValue();
+					numCfg.setLowBoundary(baseIpCfg.getProtocolId());
+					numCfg.setUpBoundary(baseIpCfg.getProtocolId());
+					if(baseIpCfg.getNumberRegionRegionId()!=null) {
+						numCfg.setRegionId(baseIpCfg.getNumberRegionRegionId());
 					}else {
-						throw new RuntimeException("Invalid IP range format");
+						numCfg.setRegionId(ConfigServiceUtil.getId(3, 1).get(0));
 					}
+					numCfg.setAuditTime(baseIpCfg.getAuditTime());
+					numCfg.setGroupId(group1.getGroupId());
+					numCfg.setIsValid(baseIpCfg.getIsValid());
+					numRegionList.add(numCfg);
+					map.put("numRegionList", numRegionList);
+					numGroupId++;
 				}
-				
-			}else{
-				if(srcIp.getIpType()==4|| srcIp.getIpType()==64){//64表示源ip为ipv6，目的ip为ipv4
-					dstIp.setDstIp(srcIp.getDestIpAddress());
-					dstIp.setDstIpMask("255.255.255.255");
-				}else if(srcIp.getIpType()==6|| srcIp.getIpType()==46){//46表示源ip为ipv4，目的ip为ipv6
-					dstIp.setDstIp(srcIp.getDestIpAddress());
-					dstIp.setDstIpMask("FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF");
-				}else {//all
-					Pattern patternV4=Pattern.compile(Constants.IPV4_IP_REGEXP);
-					Pattern patternV6=Pattern.compile(Constants.IPV6_IP_REGEXP);
-					Matcher matcherV4=patternV4.matcher(srcIp.getDestIpAddress());
-					Matcher matcherV6=patternV6.matcher(srcIp.getDestIpAddress());
-					if(matcherV4.matches()) {
-						dstIp.setDstIp(srcIp.getDestIpAddress());
-						dstIp.setDstIpMask("255.255.255.255");
-					}else if(matcherV6.matches()) {
-						dstIp.setDstIp(srcIp.getDestIpAddress());
-						dstIp.setDstIpMask("FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF");
-					}else {
-						throw new RuntimeException("invalid ip format");
-					}
-				}
-				
 			}
-		}else{
-			if(srcIp.getIpType()==4|| srcIp.getIpType()==64){//64表示源ip为ipv6，目的ip为ipv4
-				dstIp.setDstIp(srcIp.getDestIpAddress());
-				dstIp.setDstIpMask("255.255.255.255");
-			}else if(srcIp.getIpType()==6|| srcIp.getIpType()==46){//46表示源ip为ipv4，目的ip为ipv6
-				dstIp.setDstIp(srcIp.getDestIpAddress());
-				dstIp.setDstIpMask("FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF");
-			}else {//all
-				dstIp.setDstIp(srcIp.getDestIpAddress());
-				dstIp.setDstIpMask("255.255.255.255");
-			}
-		}
-		if(srcIp.getSrcPort()!=null){
-			if(srcIp.getSrcPort().indexOf("/")!=-1){
-				String srcMaskNum = srcIp.getSrcPort().split("/")[1];
-				dstIp.setSrcPortMask(srcMaskNum);
-				dstIp.setSrcPort(srcIp.getSrcPort().split("/")[0]);
-			}else{
-				dstIp.setSrcPort(srcIp.getSrcPort());
-				dstIp.setSrcPortMask("65535");
-			}
-		}else{
-			dstIp.setSrcPort("0");
-			dstIp.setSrcPortMask("65535");
-		}
-		if(srcIp.getDestPort()!=null){
-			if(srcIp.getDestPort().indexOf("/")!=-1){
-				String dstMaskNum = srcIp.getDestPort().split("/")[1];
-				dstIp.setDstPortMask(dstMaskNum);
-				dstIp.setDstPort(srcIp.getDestPort().split("/")[0]);
-			}else{
-				dstIp.setDstPort(srcIp.getDestPort());
-				dstIp.setDstPortMask("65535");
-			}
-		}else{
-			dstIp.setDstPort("0");
-			dstIp.setDstPortMask("65535");
-		}
-		return dstIp;
-	}*/
+		} else if (cfgType == 2 || cfgType == 3) {
+				List<StringCfg> stringcfgs=Lists.newArrayList();
+				// 一条业务配置创建一个分组
+				BaseCfg baseCfg=(BaseCfg)src;
+				GroupCfg group = new GroupCfg();
+				StringCfg cfg = new StringCfg();
+				BeanUtils.copyProperties(src, cfg);
+				group.setGroupId(baseCfg.getGroupId());
+				group.setCompileId(baseCfg.getCompileId());
+				group.setAuditTime(baseCfg.getAuditTime());
+				group.setIsValid(baseCfg.getIsValid());
+				groupRelationList.add(group);
+				cfg.setGroupId(group.getGroupId());
+				cfg.setRegionId(baseCfg.getRegionId());
+				cfg.setAuditTime(baseCfg.getAuditTime());
+				cfg.setIsValid(baseCfg.getIsValid());
+				// 处理配置关键字转译
+				cfg.setCfgKeywords(keywordsEscape(cfg.getCfgKeywords()));
+				// 增强字符串转换
+				cfg.setDistrict(keywordsEscape(cfg.getDistrict()));
+				stringcfgs.add(cfg);
+				map.put("strRegionList", stringcfgs);
+		} else if (cfgType == 4) {
+			List<com.nis.domain.maat.MaatCfg.NumBoundaryCfg> numCfgs=Lists.newArrayList();
+				// 一条业务配置创建一个分组
+			BaseCfg baseCfg=(BaseCfg)src;
+			com.nis.domain.maat.MaatCfg.NumBoundaryCfg cfg = new com.nis.domain.maat.MaatCfg.NumBoundaryCfg();
+			BeanUtils.copyProperties(src, cfg);
+			GroupCfg group = new GroupCfg();
+			group.setGroupId(baseCfg.getGroupId());
+			group.setCompileId(baseCfg.getCompileId());
+			group.setAuditTime(baseCfg.getAuditTime());
+			group.setIsValid(baseCfg.getIsValid());
+			groupRelationList.add(group);
+			cfg.setGroupId(group.getGroupId());
+			cfg.setRegionId(baseCfg.getRegionId());
+			cfg.setAuditTime(baseCfg.getAuditTime());
+			cfg.setIsValid(baseCfg.getIsValid());
+			numCfgs.add(cfg);
+			map.put("numRegionList", numCfgs);
+		} else if (cfgType == 5) {
+			List<com.nis.domain.maat.MaatCfg.DigestCfg> digestCfgs=Lists.newArrayList();
+			BaseCfg baseCfg=(BaseCfg)src;
+			// 一条业务配置创建一个分组
+			com.nis.domain.maat.MaatCfg.DigestCfg cfg = new com.nis.domain.maat.MaatCfg.DigestCfg();
+			BeanUtils.copyProperties(src, cfg);
+			GroupCfg group = new GroupCfg();
+			group.setGroupId(baseCfg.getGroupId());
+			group.setCompileId(baseCfg.getCompileId());
+			group.setAuditTime(baseCfg.getAuditTime());
+			group.setIsValid(baseCfg.getIsValid());
+			groupRelationList.add(group);
+			cfg.setGroupId(group.getGroupId());
+			cfg.setRegionId(baseCfg.getRegionId());
+			cfg.setAuditTime(baseCfg.getAuditTime());
+			cfg.setIsValid(baseCfg.getIsValid());
+			digestCfgs.add(cfg);
+			map.put("digestRegionList", digestCfgs);
+		} else {
+			throw new RuntimeException("unknown cfgType "+cfgType);
+		} 
+		map.put("groupRelationList", groupRelationList);
+		return map;
+	}
+
 	/**
 	 * 界面IP配置转换为MAAT类或者回调类IP配置
+	 * 
 	 * @param dstIp
 	 * @param srcIp
 	 * @return
 	 */
-	public static List<IpCfg> ipConvert(IpCfg dstIp,BaseIpCfg srcIp){
-		List<IpCfg> ipConvertList=Lists.newArrayList();
-		boolean isRange=((srcIp.getIpPattern()!=null&&srcIp.getIpPattern()==2)
-				||(srcIp.getSrcIpAddress()!=null&&srcIp.getSrcIpAddress().indexOf("-")>-1)
-				||(srcIp.getDestIpAddress()!=null&&srcIp.getDestIpAddress().indexOf("-")>-1));
-		if(isRange) {
-			List<IpCfg> tempList=Lists.newArrayList();
-			List<IpCfg> tempList1=Lists.newArrayList();
-			if(srcIp.getIpType().intValue()==4) {
-				if(srcIp.getSrcIpAddress()!=null){
-					String startIpPart=srcIp.getSrcIpAddress().split("-")[0];
-					String endIpPart=srcIp.getSrcIpAddress().split("-")[1];
-					Integer startNum=Integer.parseInt(startIpPart.split("\\.")[3]);
-					Integer endNum=Integer.parseInt(endIpPart.split("\\.")[3]);
-					for(int i=startNum;i<=endNum;i++) {
-						IpCfg tempIp=new IpCfg();
+	/*
+	 * public static IpCfg ipConvert(IpCfg dstIp,BaseIpCfg srcIp){
+	 * if(srcIp.getSrcIpAddress()!=null){
+	 * if(srcIp.getSrcIpAddress().indexOf("/")!=-1){ if(srcIp.getIpType()==4 ||
+	 * srcIp.getIpType()==46){//46表示源ip为ipv4，目的ip为ipv6 Integer srcMaskNum =
+	 * Integer.parseInt(srcIp.getSrcIpAddress().split("/")[1]); if(srcMaskNum==0){
+	 * dstIp.setSrcIpMask("0.0.0.0"); }else{
+	 * dstIp.setSrcIpMask(IpUtil.convertMask(srcMaskNum)); }
+	 * 
+	 * dstIp.setSrcIp(srcIp.getSrcIpAddress().split("/")[0]); }else
+	 * if(srcIp.getIpType()==6|| srcIp.getIpType()==64){//64表示源ip为ipv6，目的ip为ipv4
+	 * IPv6Network strangeNetwork = IPv6Network.fromString(srcIp.getSrcIpAddress());
+	 * dstIp.setSrcIp(srcIp.getSrcIpAddress().split("/")[0]);
+	 * dstIp.setSrcIpMask(strangeNetwork.getNetmask().asAddress().toString()); }else
+	 * { Pattern patternV4Subnet=Pattern.compile(Constants.IPV4_IP_SUBNET_REGEXP);
+	 * Pattern patternV6Subnet=Pattern.compile(Constants.IPV6_IP_SUBNET_REGEXP);
+	 * Matcher matchernV4Subnet=patternV4Subnet.matcher(srcIp.getSrcIpAddress());
+	 * Matcher matcherV6Subnet=patternV6Subnet.matcher(srcIp.getSrcIpAddress());
+	 * if(matchernV4Subnet.matches()) { Integer srcMaskNum =
+	 * Integer.parseInt(srcIp.getSrcIpAddress().split("/")[1]); if(srcMaskNum==0){
+	 * dstIp.setSrcIpMask("0.0.0.0"); }else{
+	 * dstIp.setSrcIpMask(IpUtil.convertMask(srcMaskNum)); }
+	 * dstIp.setSrcIp(srcIp.getSrcIpAddress().split("/")[0]); }else
+	 * if(matcherV6Subnet.matches()){ IPv6Network strangeNetwork =
+	 * IPv6Network.fromString(srcIp.getSrcIpAddress());
+	 * dstIp.setSrcIp(srcIp.getSrcIpAddress().split("/")[0]);
+	 * dstIp.setSrcIpMask(strangeNetwork.getNetmask().asAddress().toString()); }else
+	 * { throw new RuntimeException("Invalid IP/subnet mask format"); } }
+	 * 
+	 * }else if(srcIp.getSrcIpAddress().indexOf("-")!=-1){ if(srcIp.getIpType()==4||
+	 * srcIp.getIpType()==46){//46表示源ip为ipv4，目的ip为ipv6
+	 * dstIp.setSrcIp(srcIp.getSrcIpAddress().split("-")[0]);
+	 * dstIp.setSrcIpMask(IpUtil.getMask(srcIp.getSrcIpAddress().split("-")[0],
+	 * srcIp.getSrcIpAddress().split("-")[1])); }else if(srcIp.getIpType()==6||
+	 * srcIp.getIpType()==64){//64表示源ip为ipv6，目的ip为ipv4 IPv6Address address1 =
+	 * IPv6Address.fromString(srcIp.getSrcIpAddress().split("-")[0]); IPv6Address
+	 * address2 = IPv6Address.fromString(srcIp.getSrcIpAddress().split("-")[1]);
+	 * IPv6Network network = IPv6Network.fromTwoAddresses(address1,address2);
+	 * dstIp.setSrcIp(address1.toString());
+	 * dstIp.setSrcIpMask(network.getNetmask().asAddress().toString()); }else {
+	 * Pattern patternV4Range=Pattern.compile(Constants.IPV4_IP_RANGE_REGEXP);
+	 * Pattern patternV6Range=Pattern.compile(Constants.IPV6_IP_RANGE_REGEXP);
+	 * Matcher matcherV4Range=patternV4Range.matcher(srcIp.getSrcIpAddress());
+	 * Matcher matcherV6Range=patternV6Range.matcher(srcIp.getSrcIpAddress());
+	 * if(matcherV4Range.matches()) {
+	 * dstIp.setSrcIp(srcIp.getSrcIpAddress().split("-")[0]);
+	 * dstIp.setSrcIpMask(IpUtil.getMask(srcIp.getSrcIpAddress().split("-")[0],
+	 * srcIp.getSrcIpAddress().split("-")[1])); }else if(matcherV6Range.matches()) {
+	 * IPv6Address address1 =
+	 * IPv6Address.fromString(srcIp.getSrcIpAddress().split("-")[0]); IPv6Address
+	 * address2 = IPv6Address.fromString(srcIp.getSrcIpAddress().split("-")[1]);
+	 * IPv6Network network = IPv6Network.fromTwoAddresses(address1,address2);
+	 * dstIp.setSrcIp(address1.toString());
+	 * dstIp.setSrcIpMask(network.getNetmask().asAddress().toString()); }else {
+	 * throw new RuntimeException("Invalid IP range format"); } }
+	 * 
+	 * }else{ if(srcIp.getIpType()==4||
+	 * srcIp.getIpType()==46){//46表示源ip为ipv4，目的ip为ipv6
+	 * dstIp.setSrcIp(srcIp.getSrcIpAddress());
+	 * dstIp.setSrcIpMask("255.255.255.255"); }else if(srcIp.getIpType()==6||
+	 * srcIp.getIpType()==64){//64表示源ip为ipv6，目的ip为ipv4
+	 * dstIp.setSrcIp(srcIp.getSrcIpAddress());
+	 * dstIp.setSrcIpMask("FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF"); }else {//all
+	 * Pattern patternV4=Pattern.compile(Constants.IPV4_IP_REGEXP); Pattern
+	 * patternV6=Pattern.compile(Constants.IPV6_IP_REGEXP); Matcher
+	 * matcherV4=patternV4.matcher(srcIp.getSrcIpAddress()); Matcher
+	 * matcherV6=patternV6.matcher(srcIp.getSrcIpAddress()); if(matcherV4.matches())
+	 * { dstIp.setSrcIp(srcIp.getSrcIpAddress());
+	 * dstIp.setSrcIpMask("255.255.255.255"); }else if(matcherV6.matches()) {
+	 * dstIp.setSrcIp(srcIp.getSrcIpAddress());
+	 * dstIp.setSrcIpMask("FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF"); }else { throw
+	 * new RuntimeException("Invalid IP format"); } }
+	 * 
+	 * } }else{ if(srcIp.getIpType()==4||
+	 * srcIp.getIpType()==46){//46表示源ip为ipv4，目的ip为ipv6
+	 * dstIp.setSrcIp(srcIp.getSrcIpAddress());
+	 * dstIp.setSrcIpMask("255.255.255.255"); }else if(srcIp.getIpType()==6||
+	 * srcIp.getIpType()==64){//64表示源ip为ipv6，目的ip为ipv4
+	 * dstIp.setSrcIp(srcIp.getSrcIpAddress());
+	 * dstIp.setSrcIpMask("FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF"); }else {//all
+	 * dstIp.setSrcIp(srcIp.getSrcIpAddress());
+	 * dstIp.setSrcIpMask("255.255.255.255"); } }
+	 * if(srcIp.getDestIpAddress()!=null){
+	 * if(srcIp.getDestIpAddress().indexOf("/")!=-1){ if(srcIp.getIpType()==4||
+	 * srcIp.getIpType()==64){//64表示源ip为ipv6，目的ip为ipv4 Integer dstMaskNum =
+	 * Integer.parseInt(srcIp.getDestIpAddress().split("/")[1]); if(dstMaskNum==0){
+	 * dstIp.setDstIpMask("0.0.0.0"); }else{
+	 * dstIp.setDstIpMask(IpUtil.convertMask(dstMaskNum));; }
+	 * dstIp.setDstIp(srcIp.getDestIpAddress().split("/")[0]); }else
+	 * if(srcIp.getIpType()==6|| srcIp.getIpType()==46){//46表示源ip为ipv4，目的ip为ipv6
+	 * IPv6Network strangeNetwork =
+	 * IPv6Network.fromString(srcIp.getDestIpAddress());
+	 * dstIp.setDstIp(srcIp.getDestIpAddress().split("/")[0]);
+	 * dstIp.setDstIpMask(strangeNetwork.getNetmask().asAddress().toString()); }else
+	 * { Pattern patternV4Subnet=Pattern.compile(Constants.IPV4_IP_SUBNET_REGEXP);
+	 * Pattern patternV6Subnet=Pattern.compile(Constants.IPV6_IP_SUBNET_REGEXP);
+	 * Matcher matchernV4Subnet=patternV4Subnet.matcher(srcIp.getDestIpAddress());
+	 * Matcher matcherV6Subnet=patternV6Subnet.matcher(srcIp.getDestIpAddress());
+	 * if(matchernV4Subnet.matches()) { Integer dstMaskNum =
+	 * Integer.parseInt(srcIp.getDestIpAddress().split("/")[1]); if(dstMaskNum==0){
+	 * dstIp.setDstIpMask("0.0.0.0"); }else{
+	 * dstIp.setDstIpMask(IpUtil.convertMask(dstMaskNum));; }
+	 * dstIp.setDstIp(srcIp.getDestIpAddress().split("/")[0]); }else
+	 * if(matcherV6Subnet.matches()){ IPv6Network strangeNetwork =
+	 * IPv6Network.fromString(srcIp.getDestIpAddress());
+	 * dstIp.setDstIp(srcIp.getDestIpAddress().split("/")[0]);
+	 * dstIp.setDstIpMask(strangeNetwork.getNetmask().asAddress().toString()); }else
+	 * { throw new RuntimeException("Invalid IP/subnet mask format"); } }
+	 * 
+	 * }else if(srcIp.getDestIpAddress().indexOf("-")!=-1){
+	 * if(srcIp.getIpType()==4|| srcIp.getIpType()==64){//64表示源ip为ipv6，目的ip为ipv4
+	 * dstIp.setDstIp(srcIp.getDestIpAddress().split("-")[0]);
+	 * dstIp.setDstIpMask(IpUtil.getMask(srcIp.getDestIpAddress().split("-")[0],
+	 * srcIp.getDestIpAddress().split("-")[1])); }else if(srcIp.getIpType()==6||
+	 * srcIp.getIpType()==46){//46表示源ip为ipv4，目的ip为ipv6 IPv6Address address1 =
+	 * IPv6Address.fromString(srcIp.getDestIpAddress().split("-")[0]); IPv6Address
+	 * address2 = IPv6Address.fromString(srcIp.getDestIpAddress().split("-")[1]);
+	 * IPv6Network network = IPv6Network.fromTwoAddresses(address1,address2);
+	 * dstIp.setDstIp(address1.toString());
+	 * dstIp.setDstIpMask(network.getNetmask().asAddress().toString()); }else {
+	 * Pattern patternV4Range=Pattern.compile(Constants.IPV4_IP_RANGE_REGEXP);
+	 * Pattern patternV6Range=Pattern.compile(Constants.IPV6_IP_RANGE_REGEXP);
+	 * Matcher matcherV4Range=patternV4Range.matcher(srcIp.getDestIpAddress());
+	 * Matcher matcherV6Range=patternV6Range.matcher(srcIp.getDestIpAddress());
+	 * if(matcherV4Range.matches()) {
+	 * dstIp.setDstIp(srcIp.getDestIpAddress().split("-")[0]);
+	 * dstIp.setDstIpMask(IpUtil.getMask(srcIp.getDestIpAddress().split("-")[0],
+	 * srcIp.getDestIpAddress().split("-")[1])); }else if(matcherV6Range.matches())
+	 * { IPv6Address address1 =
+	 * IPv6Address.fromString(srcIp.getDestIpAddress().split("-")[0]); IPv6Address
+	 * address2 = IPv6Address.fromString(srcIp.getDestIpAddress().split("-")[1]);
+	 * IPv6Network network = IPv6Network.fromTwoAddresses(address1,address2);
+	 * dstIp.setDstIp(address1.toString());
+	 * dstIp.setDstIpMask(network.getNetmask().asAddress().toString()); }else {
+	 * throw new RuntimeException("Invalid IP range format"); } }
+	 * 
+	 * }else{ if(srcIp.getIpType()==4||
+	 * srcIp.getIpType()==64){//64表示源ip为ipv6，目的ip为ipv4
+	 * dstIp.setDstIp(srcIp.getDestIpAddress());
+	 * dstIp.setDstIpMask("255.255.255.255"); }else if(srcIp.getIpType()==6||
+	 * srcIp.getIpType()==46){//46表示源ip为ipv4，目的ip为ipv6
+	 * dstIp.setDstIp(srcIp.getDestIpAddress());
+	 * dstIp.setDstIpMask("FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF"); }else {//all
+	 * Pattern patternV4=Pattern.compile(Constants.IPV4_IP_REGEXP); Pattern
+	 * patternV6=Pattern.compile(Constants.IPV6_IP_REGEXP); Matcher
+	 * matcherV4=patternV4.matcher(srcIp.getDestIpAddress()); Matcher
+	 * matcherV6=patternV6.matcher(srcIp.getDestIpAddress());
+	 * if(matcherV4.matches()) { dstIp.setDstIp(srcIp.getDestIpAddress());
+	 * dstIp.setDstIpMask("255.255.255.255"); }else if(matcherV6.matches()) {
+	 * dstIp.setDstIp(srcIp.getDestIpAddress());
+	 * dstIp.setDstIpMask("FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF"); }else { throw
+	 * new RuntimeException("invalid ip format"); } }
+	 * 
+	 * } }else{ if(srcIp.getIpType()==4||
+	 * srcIp.getIpType()==64){//64表示源ip为ipv6，目的ip为ipv4
+	 * dstIp.setDstIp(srcIp.getDestIpAddress());
+	 * dstIp.setDstIpMask("255.255.255.255"); }else if(srcIp.getIpType()==6||
+	 * srcIp.getIpType()==46){//46表示源ip为ipv4，目的ip为ipv6
+	 * dstIp.setDstIp(srcIp.getDestIpAddress());
+	 * dstIp.setDstIpMask("FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF"); }else {//all
+	 * dstIp.setDstIp(srcIp.getDestIpAddress());
+	 * dstIp.setDstIpMask("255.255.255.255"); } } if(srcIp.getSrcPort()!=null){
+	 * if(srcIp.getSrcPort().indexOf("/")!=-1){ String srcMaskNum =
+	 * srcIp.getSrcPort().split("/")[1]; dstIp.setSrcPortMask(srcMaskNum);
+	 * dstIp.setSrcPort(srcIp.getSrcPort().split("/")[0]); }else{
+	 * dstIp.setSrcPort(srcIp.getSrcPort()); dstIp.setSrcPortMask("65535"); } }else{
+	 * dstIp.setSrcPort("0"); dstIp.setSrcPortMask("65535"); }
+	 * if(srcIp.getDestPort()!=null){ if(srcIp.getDestPort().indexOf("/")!=-1){
+	 * String dstMaskNum = srcIp.getDestPort().split("/")[1];
+	 * dstIp.setDstPortMask(dstMaskNum);
+	 * dstIp.setDstPort(srcIp.getDestPort().split("/")[0]); }else{
+	 * dstIp.setDstPort(srcIp.getDestPort()); dstIp.setDstPortMask("65535"); }
+	 * }else{ dstIp.setDstPort("0"); dstIp.setDstPortMask("65535"); } return dstIp;
+	 * }
+	 */
+	/**
+	 * 界面IP配置转换为MAAT类或者回调类IP配置
+	 * 
+	 * @param dstIp
+	 * @param srcIp
+	 * @return
+	 */
+	public static List<IpCfg> ipConvert(IpCfg dstIp, BaseIpCfg srcIp) {
+		List<IpCfg> ipConvertList = Lists.newArrayList();
+		boolean isRange = ((srcIp.getIpPattern() != null && srcIp.getIpPattern() == 2)
+				|| (srcIp.getSrcIpAddress() != null && srcIp.getSrcIpAddress().indexOf("-") > -1)
+				|| (srcIp.getDestIpAddress() != null && srcIp.getDestIpAddress().indexOf("-") > -1));
+		if (isRange) {
+			List<IpCfg> tempList = Lists.newArrayList();
+			List<IpCfg> tempList1 = Lists.newArrayList();
+			if (srcIp.getIpType().intValue() == 4) {
+				if (srcIp.getSrcIpAddress() != null) {
+					String startIpPart = srcIp.getSrcIpAddress().split("-")[0];
+					String endIpPart = srcIp.getSrcIpAddress().split("-")[1];
+					Integer startNum = Integer.parseInt(startIpPart.split("\\.")[3]);
+					Integer endNum = Integer.parseInt(endIpPart.split("\\.")[3]);
+					for (int i = startNum; i <= endNum; i++) {
+						IpCfg tempIp = new IpCfg();
 						BeanUtils.copyProperties(dstIp, tempIp);
-						tempIp.setSrcIp(startIpPart.substring(0, startIpPart.lastIndexOf(".")+1)+i);
+						tempIp.setSrcIp(startIpPart.substring(0, startIpPart.lastIndexOf(".") + 1) + i);
 						tempIp.setSrcIpMask("255.255.255.255");
 						tempList.add(tempIp);
 					}
-				}else {
+				} else {
 					dstIp.setSrcIp("0.0.0.0");
 					dstIp.setSrcIpMask("255.255.255.255");
 					tempList.add(dstIp);
 				}
-				if(srcIp.getDestIpAddress()!=null){
-					String startIpPart=srcIp.getDestIpAddress().split("-")[0];
-					String endIpPart=srcIp.getDestIpAddress().split("-")[1];
-					Integer startNum=Integer.parseInt(startIpPart.split("\\.")[3]);
-					Integer endNum=Integer.parseInt(endIpPart.split("\\.")[3]);
-					for(IpCfg _cfg:tempList) {
-						for(int i=startNum;i<=endNum;i++) {
-							IpCfg tempIp=new IpCfg();
+				if (srcIp.getDestIpAddress() != null) {
+					String startIpPart = srcIp.getDestIpAddress().split("-")[0];
+					String endIpPart = srcIp.getDestIpAddress().split("-")[1];
+					Integer startNum = Integer.parseInt(startIpPart.split("\\.")[3]);
+					Integer endNum = Integer.parseInt(endIpPart.split("\\.")[3]);
+					for (IpCfg _cfg : tempList) {
+						for (int i = startNum; i <= endNum; i++) {
+							IpCfg tempIp = new IpCfg();
 							BeanUtils.copyProperties(_cfg, tempIp);
-							tempIp.setDstIp(startIpPart.substring(0, startIpPart.lastIndexOf(".")+1)+i);
+							tempIp.setDstIp(startIpPart.substring(0, startIpPart.lastIndexOf(".") + 1) + i);
 							tempIp.setDstIpMask("255.255.255.255");
-							//处理
-							convertPortValues(tempIp,srcIp);
-							if(!tempIp.getSrcIp().equals(tempIp.getDstIp())) {
+							// 处理
+							convertPortValues(tempIp, srcIp);
+							if (!tempIp.getSrcIp().equals(tempIp.getDstIp())) {
 								tempList1.add(tempIp);
 							}
-							
+
 						}
 					}
 					tempList.clear();
-				}else {
-					for(IpCfg _cfg:tempList) {
+				} else {
+					for (IpCfg _cfg : tempList) {
 						_cfg.setDstIp("0.0.0.0");
 						_cfg.setSrcIpMask("255.255.255.255");
-						convertPortValues(_cfg,srcIp);
+						convertPortValues(_cfg, srcIp);
 					}
 				}
-				if(tempList1.size()>0) {
+				if (tempList1.size() > 0) {
 					ipConvertList.addAll(tempList1);
-				}else {
+				} else {
 					ipConvertList.addAll(tempList);
 				}
-			}else if(srcIp.getIpType().intValue()==6){
-				if(srcIp.getSrcIpAddress()!=null){
+			} else if (srcIp.getIpType().intValue() == 6) {
+				if (srcIp.getSrcIpAddress() != null) {
 					IPv6Address address1 = IPv6Address.fromString(srcIp.getSrcIpAddress().split("-")[0]);
 					IPv6Address address2 = IPv6Address.fromString(srcIp.getSrcIpAddress().split("-")[1]);
-					IPv6Network network = IPv6Network.fromTwoAddresses(address1,address2);
+					IPv6Network network = IPv6Network.fromTwoAddresses(address1, address2);
 					dstIp.setSrcIp(address1.toString());
 					dstIp.setSrcIpMask(network.getNetmask().asAddress().toString());
-				}else {
+				} else {
 					dstIp.setSrcIp("::");
 					dstIp.setSrcIpMask("FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF");
 				}
-				if(srcIp.getDestIpAddress()!=null) {
+				if (srcIp.getDestIpAddress() != null) {
 					IPv6Address address1 = IPv6Address.fromString(srcIp.getDestIpAddress().split("-")[0]);
 					IPv6Address address2 = IPv6Address.fromString(srcIp.getDestIpAddress().split("-")[1]);
-					IPv6Network network = IPv6Network.fromTwoAddresses(address1,address2);
+					IPv6Network network = IPv6Network.fromTwoAddresses(address1, address2);
 					dstIp.setDstIp(address1.toString());
 					dstIp.setDstIpMask(network.getNetmask().asAddress().toString());
-				}else {
+				} else {
 					dstIp.setDstIp("::");
 					dstIp.setDstIpMask("FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF");
 				}
-				
+
 				ipConvertList.add(dstIp);
-			}else {
-				throw new RuntimeException("Unsupported IP type "+srcIp.getIpType());
+			} else {
+				throw new RuntimeException("Unsupported IP type " + srcIp.getIpType());
 			}
-		}else {
-			if(srcIp.getSrcIpAddress()!=null){
-				if(srcIp.getSrcIpAddress().indexOf("/")!=-1){
-					if(srcIp.getIpType()==4 /*|| srcIp.getIpType()==46*/){//46表示源ip为ipv4，目的ip为ipv6
+		} else {
+			if (srcIp.getSrcIpAddress() != null) {
+				if (srcIp.getSrcIpAddress().indexOf("/") != -1) {
+					if (srcIp.getIpType() == 4 /* || srcIp.getIpType()==46 */) {// 46表示源ip为ipv4，目的ip为ipv6
 						Integer srcMaskNum = Integer.parseInt(srcIp.getSrcIpAddress().split("/")[1]);
-						if(srcMaskNum==0){
+						if (srcMaskNum == 0) {
 							dstIp.setSrcIpMask("0.0.0.0");
-						}else{
+						} else {
 							dstIp.setSrcIpMask(IpUtil.convertMask(srcMaskNum));
 						}
-						
+
 						dstIp.setSrcIp(srcIp.getSrcIpAddress().split("/")[0]);
-					}else if(srcIp.getIpType()==6/*|| srcIp.getIpType()==64*/){//64表示源ip为ipv6，目的ip为ipv4
+					} else if (srcIp.getIpType() == 6/* || srcIp.getIpType()==64 */) {// 64表示源ip为ipv6，目的ip为ipv4
 						IPv6Network strangeNetwork = IPv6Network.fromString(srcIp.getSrcIpAddress());
 						dstIp.setSrcIp(srcIp.getSrcIpAddress().split("/")[0]);
 						dstIp.setSrcIpMask(strangeNetwork.getNetmask().asAddress().toString());
-					}/*else {
-						Pattern patternV4Subnet=Pattern.compile(Constants.IPV4_IP_SUBNET_REGEXP);
-						Pattern patternV6Subnet=Pattern.compile(Constants.IPV6_IP_SUBNET_REGEXP);
-						Matcher matchernV4Subnet=patternV4Subnet.matcher(srcIp.getSrcIpAddress());
-						Matcher matcherV6Subnet=patternV6Subnet.matcher(srcIp.getSrcIpAddress());
-						if(matchernV4Subnet.matches()) {
-							Integer srcMaskNum = Integer.parseInt(srcIp.getSrcIpAddress().split("/")[1]);
-							if(srcMaskNum==0){
-								dstIp.setSrcIpMask("0.0.0.0");
-							}else{
-								dstIp.setSrcIpMask(IpUtil.convertMask(srcMaskNum));
-							}
-							dstIp.setSrcIp(srcIp.getSrcIpAddress().split("/")[0]);
-						}else if(matcherV6Subnet.matches()){
-							IPv6Network strangeNetwork = IPv6Network.fromString(srcIp.getSrcIpAddress());
-							dstIp.setSrcIp(srcIp.getSrcIpAddress().split("/")[0]);
-							dstIp.setSrcIpMask(strangeNetwork.getNetmask().asAddress().toString());
-						}else {
-							throw new RuntimeException("Invalid IP/subnet mask format");
-						}
-					}*/
+					} /*
+						 * else { Pattern
+						 * patternV4Subnet=Pattern.compile(Constants.IPV4_IP_SUBNET_REGEXP); Pattern
+						 * patternV6Subnet=Pattern.compile(Constants.IPV6_IP_SUBNET_REGEXP); Matcher
+						 * matchernV4Subnet=patternV4Subnet.matcher(srcIp.getSrcIpAddress()); Matcher
+						 * matcherV6Subnet=patternV6Subnet.matcher(srcIp.getSrcIpAddress());
+						 * if(matchernV4Subnet.matches()) { Integer srcMaskNum =
+						 * Integer.parseInt(srcIp.getSrcIpAddress().split("/")[1]); if(srcMaskNum==0){
+						 * dstIp.setSrcIpMask("0.0.0.0"); }else{
+						 * dstIp.setSrcIpMask(IpUtil.convertMask(srcMaskNum)); }
+						 * dstIp.setSrcIp(srcIp.getSrcIpAddress().split("/")[0]); }else
+						 * if(matcherV6Subnet.matches()){ IPv6Network strangeNetwork =
+						 * IPv6Network.fromString(srcIp.getSrcIpAddress());
+						 * dstIp.setSrcIp(srcIp.getSrcIpAddress().split("/")[0]);
+						 * dstIp.setSrcIpMask(strangeNetwork.getNetmask().asAddress().toString()); }else
+						 * { throw new RuntimeException("Invalid IP/subnet mask format"); } }
+						 */
 					else {
-						throw new RuntimeException("Unsupported IP type "+srcIp.getIpType());
+						throw new RuntimeException("Unsupported IP type " + srcIp.getIpType());
 					}
-				}else{
-					if(srcIp.getIpType()==4/*|| srcIp.getIpType()==46*/){//46表示源ip为ipv4，目的ip为ipv6
+				} else {
+					if (srcIp.getIpType() == 4/* || srcIp.getIpType()==46 */) {// 46表示源ip为ipv4，目的ip为ipv6
 						dstIp.setSrcIp(srcIp.getSrcIpAddress());
 						dstIp.setSrcIpMask("255.255.255.255");
-					}else if(srcIp.getIpType()==6/*|| srcIp.getIpType()==64*/){//64表示源ip为ipv6，目的ip为ipv4
+					} else if (srcIp.getIpType() == 6/* || srcIp.getIpType()==64 */) {// 64表示源ip为ipv6，目的ip为ipv4
 						dstIp.setSrcIp(srcIp.getSrcIpAddress());
 						dstIp.setSrcIpMask("FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF");
-					}/*else {//all
-						Pattern patternV4=Pattern.compile(Constants.IPV4_IP_REGEXP);
-						Pattern patternV6=Pattern.compile(Constants.IPV6_IP_REGEXP);
-						Matcher matcherV4=patternV4.matcher(srcIp.getSrcIpAddress());
-						Matcher matcherV6=patternV6.matcher(srcIp.getSrcIpAddress());
-						if(matcherV4.matches()) {
-							dstIp.setSrcIp(srcIp.getSrcIpAddress());
-							dstIp.setSrcIpMask("255.255.255.255");
-						}else if(matcherV6.matches()) {
-							dstIp.setSrcIp(srcIp.getSrcIpAddress());
-							dstIp.setSrcIpMask("FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF");
-						}else {
-							throw new RuntimeException("Invalid IP format");
-						}
-					}*/
+					} /*
+						 * else {//all Pattern patternV4=Pattern.compile(Constants.IPV4_IP_REGEXP);
+						 * Pattern patternV6=Pattern.compile(Constants.IPV6_IP_REGEXP); Matcher
+						 * matcherV4=patternV4.matcher(srcIp.getSrcIpAddress()); Matcher
+						 * matcherV6=patternV6.matcher(srcIp.getSrcIpAddress()); if(matcherV4.matches())
+						 * { dstIp.setSrcIp(srcIp.getSrcIpAddress());
+						 * dstIp.setSrcIpMask("255.255.255.255"); }else if(matcherV6.matches()) {
+						 * dstIp.setSrcIp(srcIp.getSrcIpAddress());
+						 * dstIp.setSrcIpMask("FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF"); }else { throw
+						 * new RuntimeException("Invalid IP format"); } }
+						 */
 					else {
-						throw new RuntimeException("Unsupported IP type "+srcIp.getIpType());
+						throw new RuntimeException("Unsupported IP type " + srcIp.getIpType());
 					}
 				}
-			}else{
-				if(srcIp.getIpType()==4/*|| srcIp.getIpType()==46*/){//46表示源ip为ipv4，目的ip为ipv6
+			} else {
+				if (srcIp.getIpType() == 4/* || srcIp.getIpType()==46 */) {// 46表示源ip为ipv4，目的ip为ipv6
 					dstIp.setSrcIp(srcIp.getSrcIpAddress());
 					dstIp.setSrcIpMask("255.255.255.255");
-				}else if(srcIp.getIpType()==6/*|| srcIp.getIpType()==64*/){//64表示源ip为ipv6，目的ip为ipv4
+				} else if (srcIp.getIpType() == 6/* || srcIp.getIpType()==64 */) {// 64表示源ip为ipv6，目的ip为ipv4
 					dstIp.setSrcIp(srcIp.getSrcIpAddress());
 					dstIp.setSrcIpMask("FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF");
-				}/*else {//all
-					dstIp.setSrcIp(srcIp.getSrcIpAddress());
-					dstIp.setSrcIpMask("255.255.255.255");
-				}*/
+				} /*
+					 * else {//all dstIp.setSrcIp(srcIp.getSrcIpAddress());
+					 * dstIp.setSrcIpMask("255.255.255.255"); }
+					 */
 				else {
-					throw new RuntimeException("Unsupported IP type "+srcIp.getIpType());
+					throw new RuntimeException("Unsupported IP type " + srcIp.getIpType());
 				}
 			}
-			if(srcIp.getDestIpAddress()!=null){
-				if(srcIp.getDestIpAddress().indexOf("/")!=-1){
-					if(srcIp.getIpType()==4/*|| srcIp.getIpType()==64*/){//64表示源ip为ipv6，目的ip为ipv4
+			if (srcIp.getDestIpAddress() != null) {
+				if (srcIp.getDestIpAddress().indexOf("/") != -1) {
+					if (srcIp.getIpType() == 4/* || srcIp.getIpType()==64 */) {// 64表示源ip为ipv6，目的ip为ipv4
 						Integer dstMaskNum = Integer.parseInt(srcIp.getDestIpAddress().split("/")[1]);
-						if(dstMaskNum==0){
+						if (dstMaskNum == 0) {
 							dstIp.setDstIpMask("0.0.0.0");
-						}else{
-							dstIp.setDstIpMask(IpUtil.convertMask(dstMaskNum));;
+						} else {
+							dstIp.setDstIpMask(IpUtil.convertMask(dstMaskNum));
+							;
 						}
 						dstIp.setDstIp(srcIp.getDestIpAddress().split("/")[0]);
-					}else if(srcIp.getIpType()==6/*|| srcIp.getIpType()==46*/){//46表示源ip为ipv4，目的ip为ipv6
+					} else if (srcIp.getIpType() == 6/* || srcIp.getIpType()==46 */) {// 46表示源ip为ipv4，目的ip为ipv6
 						IPv6Network strangeNetwork = IPv6Network.fromString(srcIp.getDestIpAddress());
 						dstIp.setDstIp(srcIp.getDestIpAddress().split("/")[0]);
 						dstIp.setDstIpMask(strangeNetwork.getNetmask().asAddress().toString());
-					}/*else {
-						Pattern patternV4Subnet=Pattern.compile(Constants.IPV4_IP_SUBNET_REGEXP);
-						Pattern patternV6Subnet=Pattern.compile(Constants.IPV6_IP_SUBNET_REGEXP);
-						Matcher matchernV4Subnet=patternV4Subnet.matcher(srcIp.getDestIpAddress());
-						Matcher matcherV6Subnet=patternV6Subnet.matcher(srcIp.getDestIpAddress());
-						if(matchernV4Subnet.matches()) {
-							Integer dstMaskNum = Integer.parseInt(srcIp.getDestIpAddress().split("/")[1]);
-							if(dstMaskNum==0){
-								dstIp.setDstIpMask("0.0.0.0");
-							}else{
-								dstIp.setDstIpMask(IpUtil.convertMask(dstMaskNum));;
-							}
-							dstIp.setDstIp(srcIp.getDestIpAddress().split("/")[0]);
-						}else if(matcherV6Subnet.matches()){
-							IPv6Network strangeNetwork = IPv6Network.fromString(srcIp.getDestIpAddress());
-							dstIp.setDstIp(srcIp.getDestIpAddress().split("/")[0]);
-							dstIp.setDstIpMask(strangeNetwork.getNetmask().asAddress().toString());
-						}else {
-							throw new RuntimeException("Invalid IP/subnet mask format");
-						}
-					}*/
+					} /*
+						 * else { Pattern
+						 * patternV4Subnet=Pattern.compile(Constants.IPV4_IP_SUBNET_REGEXP); Pattern
+						 * patternV6Subnet=Pattern.compile(Constants.IPV6_IP_SUBNET_REGEXP); Matcher
+						 * matchernV4Subnet=patternV4Subnet.matcher(srcIp.getDestIpAddress()); Matcher
+						 * matcherV6Subnet=patternV6Subnet.matcher(srcIp.getDestIpAddress());
+						 * if(matchernV4Subnet.matches()) { Integer dstMaskNum =
+						 * Integer.parseInt(srcIp.getDestIpAddress().split("/")[1]); if(dstMaskNum==0){
+						 * dstIp.setDstIpMask("0.0.0.0"); }else{
+						 * dstIp.setDstIpMask(IpUtil.convertMask(dstMaskNum));; }
+						 * dstIp.setDstIp(srcIp.getDestIpAddress().split("/")[0]); }else
+						 * if(matcherV6Subnet.matches()){ IPv6Network strangeNetwork =
+						 * IPv6Network.fromString(srcIp.getDestIpAddress());
+						 * dstIp.setDstIp(srcIp.getDestIpAddress().split("/")[0]);
+						 * dstIp.setDstIpMask(strangeNetwork.getNetmask().asAddress().toString()); }else
+						 * { throw new RuntimeException("Invalid IP/subnet mask format"); } }
+						 */
 					else {
-						throw new RuntimeException("Unsupported IP type "+srcIp.getIpType());
+						throw new RuntimeException("Unsupported IP type " + srcIp.getIpType());
 					}
-					
-				}else{
-					if(srcIp.getIpType()==4/*|| srcIp.getIpType()==64*/){//64表示源ip为ipv6，目的ip为ipv4
+
+				} else {
+					if (srcIp.getIpType() == 4/* || srcIp.getIpType()==64 */) {// 64表示源ip为ipv6，目的ip为ipv4
 						dstIp.setDstIp(srcIp.getDestIpAddress());
 						dstIp.setDstIpMask("255.255.255.255");
-					}else if(srcIp.getIpType()==6/*|| srcIp.getIpType()==46*/){//46表示源ip为ipv4，目的ip为ipv6
+					} else if (srcIp.getIpType() == 6/* || srcIp.getIpType()==46 */) {// 46表示源ip为ipv4，目的ip为ipv6
 						dstIp.setDstIp(srcIp.getDestIpAddress());
 						dstIp.setDstIpMask("FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF");
-					}/*else {//all
-						Pattern patternV4=Pattern.compile(Constants.IPV4_IP_REGEXP);
-						Pattern patternV6=Pattern.compile(Constants.IPV6_IP_REGEXP);
-						Matcher matcherV4=patternV4.matcher(srcIp.getDestIpAddress());
-						Matcher matcherV6=patternV6.matcher(srcIp.getDestIpAddress());
-						if(matcherV4.matches()) {
-							dstIp.setDstIp(srcIp.getDestIpAddress());
-							dstIp.setDstIpMask("255.255.255.255");
-						}else if(matcherV6.matches()) {
-							dstIp.setDstIp(srcIp.getDestIpAddress());
-							dstIp.setDstIpMask("FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF");
-						}else {
-							throw new RuntimeException("invalid ip format");
-						}
-					}*/
+					} /*
+						 * else {//all Pattern patternV4=Pattern.compile(Constants.IPV4_IP_REGEXP);
+						 * Pattern patternV6=Pattern.compile(Constants.IPV6_IP_REGEXP); Matcher
+						 * matcherV4=patternV4.matcher(srcIp.getDestIpAddress()); Matcher
+						 * matcherV6=patternV6.matcher(srcIp.getDestIpAddress());
+						 * if(matcherV4.matches()) { dstIp.setDstIp(srcIp.getDestIpAddress());
+						 * dstIp.setDstIpMask("255.255.255.255"); }else if(matcherV6.matches()) {
+						 * dstIp.setDstIp(srcIp.getDestIpAddress());
+						 * dstIp.setDstIpMask("FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF"); }else { throw
+						 * new RuntimeException("invalid ip format"); } }
+						 */
 					else {
-						throw new RuntimeException("Unsupported IP type "+srcIp.getIpType());
+						throw new RuntimeException("Unsupported IP type " + srcIp.getIpType());
 					}
 				}
-			}else{
-				if(srcIp.getIpType()==4/*|| srcIp.getIpType()==64*/){//64表示源ip为ipv6，目的ip为ipv4
+			} else {
+				if (srcIp.getIpType() == 4/* || srcIp.getIpType()==64 */) {// 64表示源ip为ipv6，目的ip为ipv4
 					dstIp.setDstIp(srcIp.getDestIpAddress());
 					dstIp.setDstIpMask("255.255.255.255");
-				}else if(srcIp.getIpType()==6/*|| srcIp.getIpType()==46*/){//46表示源ip为ipv4，目的ip为ipv6
+				} else if (srcIp.getIpType() == 6/* || srcIp.getIpType()==46 */) {// 46表示源ip为ipv4，目的ip为ipv6
 					dstIp.setDstIp(srcIp.getDestIpAddress());
 					dstIp.setDstIpMask("FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF");
-				}/*else {//all
-					dstIp.setDstIp(srcIp.getDestIpAddress());
-					dstIp.setDstIpMask("255.255.255.255");
-				}*/
+				} /*
+					 * else {//all dstIp.setDstIp(srcIp.getDestIpAddress());
+					 * dstIp.setDstIpMask("255.255.255.255"); }
+					 */
 				else {
-					throw new RuntimeException("Unsupported IP type "+srcIp.getIpType());
+					throw new RuntimeException("Unsupported IP type " + srcIp.getIpType());
 				}
 			}
-			if(srcIp.getSrcPort()!=null){
-				if(srcIp.getSrcPort().indexOf("/")!=-1){
+			if (srcIp.getSrcPort() != null) {
+				if (srcIp.getSrcPort().indexOf("/") != -1) {
 					String srcMaskNum = srcIp.getSrcPort().split("/")[1];
 					dstIp.setSrcPortMask(srcMaskNum);
 					dstIp.setSrcPort(srcIp.getSrcPort().split("/")[0]);
-				}else{
+				} else {
 					dstIp.setSrcPort(srcIp.getSrcPort());
 					dstIp.setSrcPortMask("65535");
 				}
-			}else{
+			} else {
 				dstIp.setSrcPort("0");
 				dstIp.setSrcPortMask("65535");
 			}
-			if(srcIp.getDestPort()!=null){
-				if(srcIp.getDestPort().indexOf("/")!=-1){
+			if (srcIp.getDestPort() != null) {
+				if (srcIp.getDestPort().indexOf("/") != -1) {
 					String dstMaskNum = srcIp.getDestPort().split("/")[1];
 					dstIp.setDstPortMask(dstMaskNum);
 					dstIp.setDstPort(srcIp.getDestPort().split("/")[0]);
-				}else{
+				} else {
 					dstIp.setDstPort(srcIp.getDestPort());
 					dstIp.setDstPortMask("65535");
 				}
-			}else{
+			} else {
 				dstIp.setDstPort("0");
 				dstIp.setDstPortMask("65535");
 			}
@@ -1015,42 +1122,45 @@ public abstract class BaseService {
 		}
 		return ipConvertList;
 	}
+
 	/**
 	 * 设置端口值
+	 * 
 	 * @param dstIp
 	 * @param srcIp
 	 */
-	public static void convertPortValues(IpCfg dstIp,BaseIpCfg srcIp) {
-		if(srcIp.getSrcPort()!=null){
-			if(srcIp.getSrcPort().indexOf("/")!=-1){
+	public static void convertPortValues(IpCfg dstIp, BaseIpCfg srcIp) {
+		if (srcIp.getSrcPort() != null) {
+			if (srcIp.getSrcPort().indexOf("/") != -1) {
 				String srcMaskNum = srcIp.getSrcPort().split("/")[1];
 				dstIp.setSrcPortMask(srcMaskNum);
 				dstIp.setSrcPort(srcIp.getSrcPort().split("/")[0]);
-			}else{
+			} else {
 				dstIp.setSrcPort(srcIp.getSrcPort());
 				dstIp.setSrcPortMask("65535");
 			}
-		}else{
+		} else {
 			dstIp.setSrcPort("0");
 			dstIp.setSrcPortMask("65535");
 		}
-		if(srcIp.getDestPort()!=null){
-			if(srcIp.getDestPort().indexOf("/")!=-1){
+		if (srcIp.getDestPort() != null) {
+			if (srcIp.getDestPort().indexOf("/") != -1) {
 				String dstMaskNum = srcIp.getDestPort().split("/")[1];
 				dstIp.setDstPortMask(dstMaskNum);
 				dstIp.setDstPort(srcIp.getDestPort().split("/")[0]);
-			}else{
+			} else {
 				dstIp.setDstPort(srcIp.getDestPort());
 				dstIp.setDstPortMask("65535");
 			}
-		}else{
+		} else {
 			dstIp.setDstPort("0");
 			dstIp.setDstPortMask("65535");
 		}
 	}
-	//拦截策略
-	public ProxyObjKeyring convertCallBackProxyObjKeyring(PxyObjKeyring cfg){
-		ProxyObjKeyring proxyObjKeyring=new ProxyObjKeyring();
+
+	// 拦截策略
+	public ProxyObjKeyring convertCallBackProxyObjKeyring(PxyObjKeyring cfg) {
+		ProxyObjKeyring proxyObjKeyring = new ProxyObjKeyring();
 		proxyObjKeyring.setId(Long.valueOf(cfg.getCompileId()));
 		proxyObjKeyring.setCfgId(cfg.getCompileId());
 		proxyObjKeyring.setCrl(cfg.getCrl());
@@ -1066,11 +1176,13 @@ public abstract class BaseService {
 		proxyObjKeyring.setOpTime(cfg.getAuditTime());
 		return proxyObjKeyring;
 	}
-	//可信证书
-	public List<ProxyObjTrustedCa> convertCallBackProxyObjTrustedCa(PxyObjTrustedCaCert cfgCert,PxyObjTrustedCaCrl cfgCrl){
-		List<ProxyObjTrustedCa> proxyObjTrustedCas=new ArrayList<>();
-		if(cfgCert != null && !StringUtil.isEmpty(cfgCert.getCompileId())){
-			ProxyObjTrustedCa proxyObjTrustedCaCert=new ProxyObjTrustedCa();
+
+	// 可信证书
+	public List<ProxyObjTrustedCa> convertCallBackProxyObjTrustedCa(PxyObjTrustedCaCert cfgCert,
+			PxyObjTrustedCaCrl cfgCrl) {
+		List<ProxyObjTrustedCa> proxyObjTrustedCas = new ArrayList<>();
+		if (cfgCert != null && !StringUtil.isEmpty(cfgCert.getCompileId())) {
+			ProxyObjTrustedCa proxyObjTrustedCaCert = new ProxyObjTrustedCa();
 			proxyObjTrustedCaCert.setId(Long.valueOf(cfgCert.getCompileId()));
 			proxyObjTrustedCaCert.setCfgId(cfgCert.getCompileId());
 			proxyObjTrustedCaCert.setCertId(cfgCert.getCompileId());
@@ -1081,8 +1193,8 @@ public abstract class BaseService {
 			proxyObjTrustedCaCert.setOpTime(cfgCert.getAuditTime());
 			proxyObjTrustedCas.add(proxyObjTrustedCaCert);
 		}
-		if(cfgCrl != null && !StringUtil.isEmpty(cfgCrl.getCompileId())){
-			ProxyObjTrustedCa proxyObjTrustedCaCert=new ProxyObjTrustedCa();
+		if (cfgCrl != null && !StringUtil.isEmpty(cfgCrl.getCompileId())) {
+			ProxyObjTrustedCa proxyObjTrustedCaCert = new ProxyObjTrustedCa();
 			proxyObjTrustedCaCert.setId(Long.valueOf(cfgCrl.getCompileId()));
 			proxyObjTrustedCaCert.setCfgId(cfgCrl.getCompileId());
 			proxyObjTrustedCaCert.setCertId(cfgCrl.getCertId());
@@ -1093,13 +1205,14 @@ public abstract class BaseService {
 			proxyObjTrustedCaCert.setCrlFile(cfgCrl.getCrlFile());
 			proxyObjTrustedCas.add(proxyObjTrustedCaCert);
 		}
-		
+
 		return proxyObjTrustedCas;
 	}
-	//ip转换为callback用ip 
-	public NtcDnsResStrategy convertCallBackDnsResStrategy(DnsResStrategy cfg){
-		NtcDnsResStrategy resStrategy=new NtcDnsResStrategy();
-		resStrategy.init(); 
+
+	// ip转换为callback用ip
+	public NtcDnsResStrategy convertCallBackDnsResStrategy(DnsResStrategy cfg) {
+		NtcDnsResStrategy resStrategy = new NtcDnsResStrategy();
+		resStrategy.init();
 		resStrategy.setId(Long.valueOf(cfg.getCompileId()));
 		resStrategy.setCfgId(cfg.getCompileId());
 		resStrategy.setReqStrateId(cfg.getCfgId());
@@ -1114,14 +1227,15 @@ public abstract class BaseService {
 		resStrategy.setOpTime(cfg.getAuditTime());
 		return resStrategy;
 	}
-	//ip转换为callback用ip
-	public InlineIp convertCallBackIp(BaseIpCfg cfg,Integer policyGroup){
-		List<IpCfg> cfgs = ipConvert(new IpCfg(),cfg);
-		if(cfgs.size()>1) {
+
+	// ip转换为callback用ip
+	public static InlineIp convertCallBackIp(BaseIpCfg cfg, Integer policyGroup) {
+		List<IpCfg> cfgs = ipConvert(new IpCfg(), cfg);
+		if (cfgs.size() > 1) {
 			throw new RuntimeException("CallBack IP did not support IP range!");
 		}
-		IpCfg c=cfgs.get(0);
-		InlineIp ip=new InlineIp();
+		IpCfg c = cfgs.get(0);
+		InlineIp ip = new InlineIp();
 		ip.setId(cfg.getCompileId());
 		ip.setCfgId(cfg.getCompileId());
 		ip.setAction(cfg.getAction());
@@ -1142,69 +1256,76 @@ public abstract class BaseService {
 		ip.setPolicyGroup(policyGroup);
 		return ip;
 	}
-	//区域IPsetAreaEffectiveIds设置
-	public void setAreaEffectiveIds(BaseCfg<?> entity){
-				List<AreaIpCfg> areaCfg=entity.getAreaCfg();
-				List<AreaBean> areaIsps=entity.getAreaIsp();
-				if(Constants.IS_AREA_EFFECTIVE_NO==entity.getIsAreaEffective()){
-					entity.setAreaEffectiveIds("");
-					entity.setAreaType(null);
-				}else if(Constants.IS_AREA_EFFECTIVE_YES==entity.getIsAreaEffective()){
-					if(Constants.AREA_EFFECTIVE_TYPE_AREA_ISP==entity.getAreaType()&&areaIsps!=null&&areaIsps.size()>0){
-						StringBuffer areaEffectiveIds=new StringBuffer();
-						for(int i=0;i<areaIsps.size();i++){
-							if(StringUtils.isBlank(areaIsps.get(i).getArea())){
-								areaEffectiveIds.append(areaIsps.get(i).getIsp());
-							}else if(StringUtils.isBlank(areaIsps.get(i).getIsp())){
-								areaEffectiveIds.append(areaIsps.get(i).getArea());
-							}else{
-								areaEffectiveIds.append(areaIsps.get(i).getArea()+":"+areaIsps.get(i).getIsp());
-							}
-							if(i!=areaIsps.size()-1){
-								areaEffectiveIds.append(",");
-							}
-						}
-						entity.setAreaEffectiveIds(areaEffectiveIds.toString());
-					}else if(Constants.AREA_EFFECTIVE_TYPE_AREA_IP==entity.getAreaType()&&areaCfg!=null&&areaCfg.size()>0){
-						entity.setAreaEffectiveIds("");
+
+	// 区域IPsetAreaEffectiveIds设置
+	public void setAreaEffectiveIds(BaseCfg<?> entity) {
+		List<AreaIpCfg> areaCfg = entity.getAreaCfg();
+		List<AreaBean> areaIsps = entity.getAreaIsp();
+		if (Constants.IS_AREA_EFFECTIVE_NO == entity.getIsAreaEffective()) {
+			entity.setAreaEffectiveIds("");
+			entity.setAreaType(null);
+		} else if (Constants.IS_AREA_EFFECTIVE_YES == entity.getIsAreaEffective()) {
+			if (Constants.AREA_EFFECTIVE_TYPE_AREA_ISP == entity.getAreaType() && areaIsps != null
+					&& areaIsps.size() > 0) {
+				StringBuffer areaEffectiveIds = new StringBuffer();
+				for (int i = 0; i < areaIsps.size(); i++) {
+					if (StringUtils.isBlank(areaIsps.get(i).getArea())) {
+						areaEffectiveIds.append(areaIsps.get(i).getIsp());
+					} else if (StringUtils.isBlank(areaIsps.get(i).getIsp())) {
+						areaEffectiveIds.append(areaIsps.get(i).getArea());
+					} else {
+						areaEffectiveIds.append(areaIsps.get(i).getArea() + ":" + areaIsps.get(i).getIsp());
+					}
+					if (i != areaIsps.size() - 1) {
+						areaEffectiveIds.append(",");
 					}
 				}
+				entity.setAreaEffectiveIds(areaEffectiveIds.toString());
+			} else if (Constants.AREA_EFFECTIVE_TYPE_AREA_IP == entity.getAreaType() && areaCfg != null
+					&& areaCfg.size() > 0) {
+				entity.setAreaEffectiveIds("");
+			}
+		}
 	}
-	public static String keywordsEscape(String cfgKeywords){
-		if(StringUtils.isNotEmpty(cfgKeywords)){
-			//不转译特殊字符
-			cfgKeywords = cfgKeywords.trim();//首先去掉首尾空格
+
+	public static String keywordsEscape(String cfgKeywords) {
+		if (StringUtils.isNotEmpty(cfgKeywords)) {
+			// 不转译特殊字符
+			cfgKeywords = cfgKeywords.trim();// 首先去掉首尾空格
 			cfgKeywords = StringEscapeUtils.unescapeHtml4(cfgKeywords);
-			cfgKeywords=cfgKeywords.replace("\\", "\\\\");
-			cfgKeywords=cfgKeywords.replace("&", "\\&");
-			cfgKeywords=cfgKeywords.replace(" ", "\\b");
-			//***and***在界面表示多个关键字的与表达式，此特殊字符串在common.js中使用定义，maat端以&表示
-			cfgKeywords=cfgKeywords.replace(Constants.KEYWORD_EXPR, "&");
-			
+			cfgKeywords = cfgKeywords.replace("\\", "\\\\");
+			cfgKeywords = cfgKeywords.replace("&", "\\&");
+			cfgKeywords = cfgKeywords.replace(" ", "\\b");
+			// ***and***在界面表示多个关键字的与表达式，此特殊字符串在common.js中使用定义，maat端以&表示
+			cfgKeywords = cfgKeywords.replace(Constants.KEYWORD_EXPR, "&");
+
 		}
 		return cfgKeywords;
 	}
-	public static String replaceContentEscape(String replaceContent){
-		if(StringUtils.isNotEmpty(replaceContent)){
-			//不转译特殊字符
-			replaceContent = replaceContent.trim();//首先去掉首尾空格
-			replaceContent=replaceContent.replace("/", "\\/");//首先转意斜杠“/”
+
+	public static String replaceContentEscape(String replaceContent) {
+		if (StringUtils.isNotEmpty(replaceContent)) {
+			// 不转译特殊字符
+			replaceContent = replaceContent.trim();// 首先去掉首尾空格
+			replaceContent = replaceContent.replace("/", "\\/");// 首先转意斜杠“/”
 		}
 		return replaceContent;
 	}
-	//asn IP 复用转换
-	public List<IpCfg> groupReuseCfgAddRemoveConvert(List<? extends BaseCfg<?>> ipCfgList,Integer isValid,Integer groupId) {
+
+	// asn IP 复用转换
+	public List<IpCfg> groupReuseCfgAddRemoveConvert(List<? extends BaseCfg<?>> ipCfgList, Integer isValid,
+			Integer groupId) {
 		logger.warn("convert data start");
-		long start=System.currentTimeMillis();
-		Date opTime=new Date();
-		List<IpCfg> maatIpList=new ArrayList<>();
-		if(ipCfgList.size()>0) {
-			//只用一次instanceof,取代循环中每次都用一次instanceof
-			if(ipCfgList.get(0) instanceof AsnIpCfg) {
-				for(BaseCfg<?> _cfg:ipCfgList) {
+		long start = System.currentTimeMillis();
+		Date opTime = new Date();
+		List<IpCfg> maatIpList = new ArrayList<>();
+		if (ipCfgList.size() > 0) {
+			// 只用一次instanceof,取代循环中每次都用一次instanceof
+			if (ipCfgList.get(0) instanceof AsnIpCfg) {
+				for (BaseCfg<?> _cfg : ipCfgList) {
 					IpCfg cfg = new IpCfg();
 					BaseIpCfg baseIpCfg = new BaseIpCfg();
-					AsnIpCfg asnIpCfg=(AsnIpCfg)_cfg;
+					AsnIpCfg asnIpCfg = (AsnIpCfg) _cfg;
 					BeanUtils.copyProperties(asnIpCfg, baseIpCfg);
 					BeanUtils.copyProperties(baseIpCfg, cfg);
 					cfg.setGroupId(asnIpCfg.getAsnIpGroup());
@@ -1213,14 +1334,14 @@ public abstract class BaseService {
 					cfg.setUserRegion(userRegion);
 					cfg.setIsValid(isValid);
 					cfg.setAuditTime(opTime);
-					List<IpCfg> cfgs = ipConvert(cfg,baseIpCfg);
+					List<IpCfg> cfgs = ipConvert(cfg, baseIpCfg);
 					maatIpList.addAll(cfgs);
 				}
-			}else if(ipCfgList.get(0) instanceof AppIpCfg) {
-				for(BaseCfg<?> _cfg:ipCfgList) {
+			} else if (ipCfgList.get(0) instanceof AppIpCfg) {
+				for (BaseCfg<?> _cfg : ipCfgList) {
 					IpCfg cfg = new IpCfg();
 					BaseIpCfg baseIpCfg = new BaseIpCfg();
-					AppIpCfg appIpCfg=(AppIpCfg)_cfg;
+					AppIpCfg appIpCfg = (AppIpCfg) _cfg;
 					BeanUtils.copyProperties(appIpCfg, baseIpCfg);
 					BeanUtils.copyProperties(baseIpCfg, cfg);
 					cfg.setGroupId(groupId);
@@ -1229,38 +1350,196 @@ public abstract class BaseService {
 					cfg.setUserRegion(userRegion);
 					cfg.setIsValid(isValid);
 					cfg.setAuditTime(opTime);
-					List<IpCfg> cfgs = ipConvert(cfg,baseIpCfg);
+					List<IpCfg> cfgs = ipConvert(cfg, baseIpCfg);
 					maatIpList.addAll(cfgs);
 				}
 			}
 		}
-		long end=System.currentTimeMillis();
-		logger.warn("convert data finish,cost:"+(end-start));
+		long end = System.currentTimeMillis();
+		logger.warn("convert data finish,cost:" + (end - start));
 		return maatIpList;
 	}
-	
+	public MaatCfg convertMaatCfg(BaseCfg _cfg,Integer cfgType) {
+		MaatCfg maatCfg = new MaatCfg();
+		maatCfg.initDefaultValue();
+		BeanUtils.copyProperties(_cfg, maatCfg);
+		maatCfg.setAction(_cfg.getAction());
+		maatCfg.setAuditTime(_cfg.getAuditTime());
+		Map<String,List> regions=cfgConvert(_cfg, cfgType);
+		if(regions.get("ipRegionList")!=null) {
+			maatCfg.setIpRegionList(regions.get("ipRegionList"));
+		}else {
+			maatCfg.setIpRegionList(new ArrayList<IpCfg>());
+		}
+		if(regions.get("strRegionList")!=null) {
+			maatCfg.setStrRegionList(regions.get("strRegionList"));
+		}else {
+			maatCfg.setStrRegionList(new ArrayList<StringCfg>());
+		}
+		if(regions.get("numRegionList")!=null) {
+			maatCfg.setNumRegionList(regions.get("numRegionList"));
+		}else {
+			maatCfg.setNumRegionList(new ArrayList<NumBoundaryCfg>());
+		}
+		if(regions.get("digestRegionList")!=null) {
+			maatCfg.setDigestRegionList(regions.get("digestRegionList"));
+		}else {
+			maatCfg.setDigestRegionList(new ArrayList<DigestCfg>());
+		}
+		if(regions.get("groupRelationList")!=null) {
+			maatCfg.setGroupRelationList(regions.get("groupRelationList"));
+			maatCfg.setGroupNum(regions.get("groupRelationList").size());
+		}else {
+			maatCfg.setGroupRelationList(new ArrayList<GroupCfg>());
+			maatCfg.setGroupNum(0);
+		}
+		
+		maatCfg.setAreaIpRegionList(new ArrayList<IpCfg>());
+		maatCfg.setIsValid(_cfg.getIsValid());
+		return maatCfg;
+	}
 	/**
-	 * 导入配置时数据批量入库（字符串配置）
+	 * 导入配置时数据批量入库（IP配置）
+	 * 
 	 * @param data
 	 * @param tableName
 	 */
-	@Transactional(readOnly=false,rollbackFor=RuntimeException.class)
-	public void saveStringCfgBatch(List<BaseStringCfg<?>> data, String tableName) {
-		SqlSessionFactory sqlSessionFactory=SpringContextHolder.getBean(SqlSessionFactory.class);
-		SqlSession batchSqlSession = null;
-		try{
-			batchSqlSession = sqlSessionFactory.openSession(ExecutorType.BATCH, false);
-			for(int index = 0; index < data.size();index++){
-				BaseStringCfg<?> cfg = data.get(index);
-                cfg.setTableName(tableName);
-				((StringCfgDao) batchSqlSession.getMapper(StringCfgDao.class)).saveStringCfgBatch(cfg);
-			}
-			batchSqlSession.commit();
-		}finally {
-			if(batchSqlSession != null){
-				batchSqlSession.close();
+	@Transactional(readOnly = false, rollbackFor = RuntimeException.class)
+	public void saveIpBatch(FunctionRegionDict regionDict, FunctionServiceDict serviceDict,List<BaseIpCfg> cfgs, boolean send) {
+		if (regionDict != null) {
+			Integer regionType = regionDict.getRegionType();
+			if (1 == regionType.intValue()) {
+				SqlSessionFactory sqlSessionFactory=SpringContextHolder.getBean(SqlSessionFactory.class);
+		        SqlSession batchSqlSession = null;
+		        List<MaatCfg> configCompileList = new ArrayList();
+		        List<InlineIp> callbackIpList = new ArrayList();
+		        try{
+		            batchSqlSession = sqlSessionFactory.openSession(ExecutorType.BATCH, false);
+		            for(int index = 0; index < cfgs.size();index++){
+		            	BaseIpCfg _cfg = cfgs.get(index);
+		                batchSqlSession.getMapper(IpCfgDao.class).insertForBatch(_cfg);
+		                if(send) {
+		                	if(regionDict.getIsMaat().intValue()==1) {
+			                	MaatCfg maatCfg=convertMaatCfg(_cfg,1);
+			                	//userregion处理
+								//限速需要发Droprate=0.001 ，暂不支持Bandwidth=200kbps
+								if(_cfg.getAction().equals(Constants.RATELIMIT_ACTION)){
+									if(_cfg.getUserRegion1().equals("0")){//丢包率
+										_cfg.setUserRegion2(StringUtil.isEmpty(_cfg.getUserRegion2()) ? "":_cfg.getUserRegion2());
+										maatCfg.setUserRegion(Constants.INTERCEPT_IP_RATELIMIT_DROPRATE_USER_REGION_KEY+"="+_cfg.getUserRegion2());
+									}else if(_cfg.getUserRegion1().equals("1")){//带宽
+										_cfg.setUserRegion3(StringUtil.isEmpty(_cfg.getUserRegion3()) ? "":_cfg.getUserRegion3());
+										maatCfg.setUserRegion(Constants.INTERCEPT_IP_RATELIMIT_BANDWITH_USER_REGION_KEY+"="+_cfg.getUserRegion3());
+									}
+								}
+			                	configCompileList.add(maatCfg);
+		                	}else {
+		                		//根据具体情况判断
+		                		callbackIpList.add(this.convertCallBackIp(_cfg,_cfg.getDnsStrategyId()));
+		                	}
+		                }
+		            }
+		            if (send) {
+			        	if(configCompileList.size() > 0) {
+			        		ToMaatBean maatBean = new ToMaatBean();
+							maatBean.setConfigCompileList(configCompileList);
+							maatBean.setAuditTime(new Date());
+							maatBean.setCreatorName(UserUtils.getUser().getName());
+							maatBean.setVersion(Constants.MAAT_VERSION);
+							maatBean.setOpAction(Constants.INSERT_ACTION);
+							// 调用服务接口下发配置数据
+							String json = BaseService.gsonToJson(maatBean);
+							if(configCompileList.size()>100) {
+								logger.info("IP 配置下发配置条数：" + configCompileList.size());
+							}else {
+								logger.info("IP 配置下发配置参数：" + json);
+							}
+							// 调用服务接口下发配置
+							ToMaatResult result = ConfigServiceUtil.postMaatCfg(json);
+							logger.info("IP 配置下发响应信息：" + result.getMsg());
+			        	}else {
+			        		//调用服务接口下发配置数据
+							String json=gsonToJson(callbackIpList);
+							logger.info("IP配置下发配置参数："+json);
+							//调用服务接口下发配置
+							try {
+								ToMaatResult result = ConfigServiceUtil.put(json, 2);
+								if(result!=null){
+									logger.info("IP配置配置下发响应信息："+result.getMsg());
+								}
+							} catch (Exception e) {
+								logger.error("IP配置配置下发失败",e);
+								throw e;
+							}
+			        	}
+					}
+		            batchSqlSession.commit();
+		        }finally {
+		            if(batchSqlSession != null){
+		                batchSqlSession.close();
+		            }
+		        }
+			}
+		}
+        
+    }
+	/**
+	 * 导入配置时数据批量入库（字符串配置）
+	 * 
+	 * @param data
+	 * @param tableName
+	 */
+	@Transactional(readOnly = false, rollbackFor = RuntimeException.class)
+	public void saveStringCfgBatch(FunctionRegionDict regionDict, FunctionServiceDict serviceDict,
+			List<BaseStringCfg<?>> data, String tableName, boolean send) {
+		if (regionDict != null) {
+			Integer regionType = regionDict.getRegionType();
+			if (2 == regionType.intValue()) {
+				SqlSessionFactory sqlSessionFactory = SpringContextHolder.getBean(SqlSessionFactory.class);
+				List<MaatCfg> configCompileList = new ArrayList();
+				SqlSession batchSqlSession = null;
+				try {
+					batchSqlSession = sqlSessionFactory.openSession(ExecutorType.BATCH, false);
+					for (int index = 0; index < data.size(); index++) {
+						BaseStringCfg<?> _cfg = data.get(index);
+						_cfg.setTableName(tableName);
+						((StringCfgDao) batchSqlSession.getMapper(StringCfgDao.class)).saveStringCfgBatch(_cfg);
+						if (send) {
+							if(regionDict.getIsMaat().intValue()==1) {
+								configCompileList.add(convertMaatCfg(_cfg,2));
+								//userregion处理
+							}
+							
+						}
+					}
+					if (send && configCompileList.size() > 0) {
+						ToMaatBean maatBean = new ToMaatBean();
+						maatBean.setConfigCompileList(configCompileList);
+						maatBean.setAuditTime(new Date());
+						maatBean.setCreatorName(UserUtils.getUser().getName());
+						maatBean.setVersion(Constants.MAAT_VERSION);
+						maatBean.setOpAction(Constants.INSERT_ACTION);
+						// 调用服务接口下发配置数据
+						String json = BaseService.gsonToJson(maatBean);
+						if(configCompileList.size()>100) {
+							logger.info("字符串配置下发配置条数：" + configCompileList.size());
+						}else {
+							logger.info("字符串配置下发配置参数：" + json);
+						}
+						// 调用服务接口下发配置
+						ToMaatResult result = ConfigServiceUtil.postMaatCfg(json);
+						logger.info("字符串配置下发响应信息：" + result.getMsg());
+
+					}
+					batchSqlSession.commit();
+				} finally {
+					if (batchSqlSession != null) {
+						batchSqlSession.close();
+					}
+				}
+			} else {
+				throw new RuntimeException("Region type must be 2!");
 			}
 		}
-		
 	}
 }
diff --git a/src/main/resources/sql/20181120/update_menu_help_url b/src/main/resources/sql/20181120/update_menu_help_url
new file mode 100644
index 000000000..cacf0b199
--- /dev/null
+++ b/src/main/resources/sql/20181120/update_menu_help_url
@@ -0,0 +1,12 @@
+UPDATE `sys_menu` SET `parent_id` = 724, `parent_ids` = '0,1,86,719,724,', `code` = 'http_block', `name` = 'HTTP管控', `sort` = 2, `href` = '/proxy/control/httpRedirect/httpBlockList', `target` = '', `icon` = '', `is_show` = 1, `permission` = 'control:httpBlock:config', `create_by` = '1', `create_date` = '2018-07-24 11:06:03', `update_by` = '1', `update_date` = '2018-07-25 10:42:57', `remarks` = '', `del_flag` = 1, `menu_bg` = null, `quick_action` = 0, `is_top` = 0, `function_id` = 207 WHERE `id` = 911;
+UPDATE `sys_menu` SET `parent_id` = 724, `parent_ids` = '0,1,86,719,724,', `code` = 'http_monit', `name` = 'HTTP监测', `sort` = 1, `href` = '/proxy/control/httpRedirect/httpMonitList', `target` = '', `icon` = '', `is_show` = 1, `permission` = 'control:httpMonit:config', `create_by` = '1', `create_date` = '2018-07-24 11:08:59', `update_by` = '1', `update_date` = '2018-07-25 10:43:52', `remarks` = '', `del_flag` = 1, `menu_bg` =null, `quick_action` = 0, `is_top` = 0, `function_id` = 210 WHERE `id` = 914;
+UPDATE `sys_menu` SET `parent_id` = 724, `parent_ids` = '0,1,86,719,724,', `code` = 'http_redirect', `name` = 'HTTP重定向', `sort` = 3, `href` = '/proxy/control/httpRedirect/httpRedirectList', `target` = '', `icon` = '', `is_show` = 1, `permission` = 'control:httpRedirect:config', `create_by` = '1', `create_date` = '2018-07-24 11:06:49', `update_by` = '1', `update_date` = '2018-07-24 11:15:35', `remarks` = '', `del_flag` = 1, `menu_bg` = null, `quick_action` = 0, `is_top` = 0, `function_id` = 208 WHERE `id` = 912;
+UPDATE `sys_menu` SET `parent_id` = 724, `parent_ids` = '0,1,86,719,724,', `code` = 'ip_redirect', `name` = 'IP控制', `sort` = 30, `href` = '/proxy/control/ip/list?cfgName=ip_control', `target` = '', `icon` = '', `is_show` = 0, `permission` = 'control:ip:config', `create_by` = '1', `create_date` = '2018-06-19 17:40:46', `update_by` = '1', `update_date` = '2018-07-24 11:11:32', `remarks` = '', `del_flag` = 0, `menu_bg` = null, `quick_action` = 0, `is_top` = 0, `function_id` = 202 WHERE `id` = 725;
+UPDATE `sys_menu` SET `parent_id` = 724, `parent_ids` = '0,1,86,719,724,', `code` = 'http_replace', `name` = 'HTTP替换', `sort` = 4, `href` = '/proxy/control/httpRedirect/httpReplaceList', `target` = '', `icon` = '', `is_show` = 1, `permission` = 'control:httpReplace:config', `create_by` = '1', `create_date` = '2018-07-24 11:08:34', `update_by` = '1', `update_date` = '2018-07-25 10:43:28', `remarks` = '', `del_flag` = 1, `menu_bg` = null, `quick_action` = 0, `is_top` = 0, `function_id` = 209 WHERE `id` = 913;
+UPDATE `sys_menu` SET `parent_id` = 724, `parent_ids` = '0,1,86,719,724,', `code` = 'http_whitelist', `name` = 'HTTP白名单', `sort` = 300, `href` = '/proxy/control/httpRedirect/httpWhitelistList', `target` = '', `icon` = '', `is_show` = 1, `permission` = 'control:httpWhitelist:config', `create_by` = '1', `create_date` = '2018-07-24 11:09:35', `update_by` = '1', `update_date` = '2018-07-25 10:44:13', `remarks` = '', `del_flag` = 1, `menu_bg` = null, `quick_action` = 0, `is_top` = 0, `function_id` = 211 WHERE `id` = 915;
+UPDATE `sys_menu` SET `parent_id` = 1096, `parent_ids` = '0,1,86,1096,', `code` = 'ip_payload', `name` = 'IP Payload', `sort` = 2, `href` = '/proxy/intercept/ippayload/list', `target` = '', `icon` = '', `is_show` = 1, `permission` = 'intercept:ippayload:config', `create_by` = '1', `create_date` = '2018-09-26 14:23:23', `update_by` = '1', `update_date` = '2018-10-25 15:53:29', `remarks` = '', `del_flag` = 1, `menu_bg` = null, `quick_action` = 0, `is_top` = 0, `function_id` = 212 WHERE `id` = 1099;
+
+UPDATE `sys_menu` SET menu_bg='/online-help/proxy/control_policy' where id=719;
+UPDATE `sys_menu` SET menu_bg='/online-help/proxy/intercept_policy' where id=724;
+UPDATE `sys_menu` SET menu_bg='/online-help/proxy/cache_policy' where id=1161;
+UPDATE `sys_menu` SET menu_bg='/online-help/proxy/proxy_policy_object' where id=1121;
\ No newline at end of file
diff --git a/src/main/webapp/WEB-INF/include/excel/importModal.jsp b/src/main/webapp/WEB-INF/include/excel/importModal.jsp
index 2ffed7570..1424d1955 100644
--- a/src/main/webapp/WEB-INF/include/excel/importModal.jsp
+++ b/src/main/webapp/WEB-INF/include/excel/importModal.jsp
@@ -174,6 +174,20 @@
 								</div>
 						</br>
 						</c:if>
+						<c:if test="${cfg.functionId eq 5 or cfg.functionId eq 34 or cfg.functionId eq 6}">
+						<div class="row">
+							 <label class="control-label col-md-3"><font color="red">*</font><spring:message code="examine"/></label>
+							  <div class="col-md-6">
+							  		<label class="radio-inline"> 
+										<input type="radio" name="isSend" value="0" checked><spring:message code="no"/>
+									</label>
+							  		<label class="radio-inline"> 
+										<input type="radio" name="isSend" value="1"><spring:message code="yes"/>
+									</label>
+							  </div>
+						</div>
+						</br>
+						</c:if>
 						<div class="col-md-12">
 							<div class="form-group">
 								<label class="col-md-2 control-label" style="margin-top:5px;"><spring:message
diff --git a/src/main/webapp/online-help/proxy/cache_policy.html b/src/main/webapp/online-help/proxy/cache_policy.html
new file mode 100644
index 000000000..c120732b8
--- /dev/null
+++ b/src/main/webapp/online-help/proxy/cache_policy.html
@@ -0,0 +1,296 @@
+<!DOCTYPE html>
+<!-- 
+Template Name: Metronic - Responsive Admin Dashboard Template build with Twitter Bootstrap 3.3.0
+Version: 3.5
+Author: KeenThemes
+Website: http://www.keenthemes.com/
+Contact: support@keenthemes.com
+Follow: www.twitter.com/keenthemes
+Like: www.facebook.com/keenthemes
+Purchase: http://themeforest.net/item/metronic-responsive-admin-dashboard-template/4021469?ref=keenthemes
+License: You must have a valid license purchased only from themeforest(the above link) in order to legally use the theme for your project.
+-->
+<!--[if IE 8]> <html lang="en" class="ie8 no-js"> <![endif]-->
+<!--[if IE 9]> <html lang="en" class="ie9 no-js"> <![endif]-->
+<!--[if !IE]><!-->
+<html lang="en">
+<!--<![endif]-->
+<!-- BEGIN HEAD -->
+<head>
+<meta charset="utf-8"/>
+<title>online help</title>
+<meta http-equiv="X-UA-Compatible" content="IE=edge">
+<meta content="width=device-width, initial-scale=1.0" name="viewport"/>
+<meta http-equiv="Content-type" content="text/html; charset=utf-8">
+<meta content="" name="description"/>
+<meta content="" name="author"/>
+<!-- BEGIN GLOBAL MANDATORY STYLES -->
+<link href="http://fonts.googleapis.com/css?family=Open+Sans:400,300,600,700&subset=all" rel="stylesheet" type="text/css"/>
+<link href="../../static/global/plugins/font-awesome/css/font-awesome.css" rel="stylesheet" type="text/css" />
+<link href="../../static/global/plugins/simple-line-icons/simple-line-icons.css" rel="stylesheet" type="text/css" />
+<link href="../../static/global/plugins/bootstrap/css/bootstrap.css" rel="stylesheet" type="text/css" />
+<!-- <link href="../../static/global/plugins/uniform/css/uniform.default.css" rel="stylesheet" type="text/css"/> -->
+<link href="../../static/global/plugins/bootstrap-switch/css/bootstrap-switch.css" rel="stylesheet" type="text/css" />
+<!-- END GLOBAL MANDATORY STYLES -->
+<!-- BEGIN THEME STYLES -->
+<link href="../../static/global/css/components.css" rel="stylesheet" id="style_components" type="text/css" />
+<link href="../../static/global/css/plugins.css" rel="stylesheet" type="text/css" />
+<link href="../../static/layouts/layout/css/layout.css" rel="stylesheet" type="text/css" />
+<link href="../../static/layouts/layout/css/themes/default.css" rel="stylesheet" type="text/css" id="style_color" />
+<link href="../../static/layouts/layout/css/custom.css" rel="stylesheet" type="text/css" />
+<!-- END THEME STYLES -->
+<link rel="shortcut icon" href="favicon.ico"/>
+</head>
+<!-- END HEAD -->
+<!-- BEGIN BODY -->
+<!-- DOC: Apply "page-header-fixed-mobile" and "page-footer-fixed-mobile" class to body element to force fixed header or footer in mobile devices -->
+<!-- DOC: Apply "page-sidebar-closed" class to the body and "page-sidebar-menu-closed" class to the sidebar menu element to hide the sidebar by default -->
+<!-- DOC: Apply "page-sidebar-hide" class to the body to make the sidebar completely hidden on toggle -->
+<!-- DOC: Apply "page-sidebar-closed-hide-logo" class to the body element to make the logo hidden on sidebar toggle -->
+<!-- DOC: Apply "page-sidebar-hide" class to body element to completely hide the sidebar on sidebar toggle -->
+<!-- DOC: Apply "page-sidebar-fixed" class to have fixed sidebar -->
+<!-- DOC: Apply "page-footer-fixed" class to the body element to have fixed footer -->
+<!-- DOC: Apply "page-sidebar-reversed" class to put the sidebar on the right side -->
+<!-- DOC: Apply "page-full-width" class to the body element to have full width page without the sidebar menu -->
+<body class="page-header-fixed page-quick-sidebar-over-content ">
+<div class="page-content" style="margin:15px 20px 0 15px">
+	<div class="row">
+				<div id="accordion1" class="panel-group">
+					<div class="panel panel-success">
+						<div class="panel-heading">
+							<h4 class="panel-title">
+							<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_1">
+							1.功能简介</a>
+							</h4>
+						</div>
+						<div id="accordion1_1" class="panel-collapse collapse in">
+							<div class="panel-body">
+								On National Proxy System, Individual Cache policy rules determine whether to cache or not based on traffic attributes, such as URL and Cookies. 
+							</div>
+						</div>
+					</div>
+					<!-- <div class="panel panel-warning">
+						<div class="panel-heading">
+							<h4 class="panel-title">
+							<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_2">
+							2.基础配置信息 </a>
+							</h4>
+						</div>
+						<div id="accordion1_2" class="panel-collapse collapse">
+							<div class="panel-body">
+								<ul>
+								 	<li>IP：同“IP拦截”</li>
+								 	<li>HTTP URL:“同域名拦截”</li>
+								 	<li>HTTP 请求头域：同“HTTP(s)监测”</li>
+								 	<li>HTTP 应答头域：同“HTTP(s)监测”</li>
+								 	<li>HTTP 请求内容：同“HTTP(s)监测”</li>		
+								 	<li>HTTP 应答内容：同“HTTP(s)监测”</li>
+								 	<li>账号：同“HTTP(s)监测”</li>
+								 </ul>
+																
+							</div>
+						</div>
+					</div> -->
+					<div class="panel panel-warning">
+						<div class="panel-heading">
+							<h4 class="panel-title">
+							<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_2">
+							2.动作参数</a>
+							</h4>
+						</div>
+						<div id="accordion1_2" class="panel-collapse collapse">
+							<div class="panel-body">
+								For cache action, the optimization parameters are:
+								<ul>
+								 	<li>
+								 		A Cache key:is a unique string that lets the National Proxy System look for web content when requests hit them. It’s made up of a hostname, path, and cookie parts. By default, the Proxy use the entire URL as the cache key. Selecting the correct cache key will ensure maximum cache footprint and increase cache hits.</li>
+								 	<li>
+								 		Ignore Query String in URL:in case the query strings doesn’t actually indicate that the object need to be different then you could EXCLUDE them from the cache key. For example, after ignoring “sqp” and “rs” of URL: “https://example.com/pic.jpg?sqp=UAAI&rs=AOn4”.
+								 	</li>
+								 	<li>
+								 		Include Cookie Values:in case the server send different content for the same URL based on the cookie value, you can include that cookie value as a part of cache key. For example, the server may set a cookie at the client called "prefLang=ru" to record user preferred language, you could add "prefLang" to distinguish different web content.
+								 	</li>
+								 	<li>
+								 		Disable Revalidate:is an ON-OFF switch. The pragma-no-cache header in a client’s request causes the proxy to re-fetch the entire object from the original server, even if the cached copy of the object is fresh. By default this option is switch OFF, which means a client’s non-conditional request results in a conditional GET request sent to the original server if the object is already in cache. The conditional request allows the original server to return the 304 Not Modified response, if the content in cache is still fresh. Thereby, the server-side bandwidth and latency consumed are lesser as the full content is not retrieved again from the original server.
+								 	</li>
+								 	<li>
+								 		Cache Dynamic Content:is an ON-OFF switch. A URL is considered dynamic if it ends in “.asp(x)” or contains a question mark (?), a semicolon (;), or “cgi”. Ignore Query String overrides this option (switch on).
+								 	</li>		
+								 	<li>
+								 		Cache Cookied Content:is an ON-OFF switch. By default, the Proxy does NOT cache cookied content of any type. If this option is switch on, the system cache all Cookeid content except HTML.
+								 	</li>
+								 	<li>
+								 		Ignore Request no-cache Headers:is an ON-OFF switch. By default, the proxy strictly observes client Cache-Control: no-cache directives. As known as:
+								 			<ul>
+								 				<li>
+								 					i.	Authorization
+								 				</li>
+								 				<li>
+								 					ii.	WWW-Authenticate
+								 				</li>
+								 				<li>
+								 					iii.	Cache-Control: no-store
+								 				</li>
+								 				<li>
+								 					iv.	Cache-Control: no-cache
+								 				</li>
+								 			</ul>
+								 	</li>
+								 	<li>
+								 		If a requested object contains a no-cache header, then proxy forwards the request to the origin server even if it has a fresh copy in cache. You can configure proxy to ignore client no-cache directives such that it ignores no-cache headers from client requests and serves the object from its cache.
+Ignore Response no-cache Headers — is an ON-OFF switch. By default, a response from an origin server with a no-cache header is not stored in the cache. As known as:
+										<ul>
+											<li>
+								 				i.	Cache-Control: no-store
+							 				</li>
+							 				<li>
+							 					ii.	Cache-Control: private
+							 				</li>
+							 				<li>
+							 					iii.	Set-Cookie
+							 				</li>
+							 				<li>
+							 					iv.	Cache-Control: no-cache
+							 				</li>
+							 				<li>
+							 					v.	WWW-Authenticate
+							 				</li>
+							 				<li>
+							 					vi.	Expires header with a value of 0 (zero) or a past date.
+							 				</li>
+										</ul>
+										If you configure proxy to ignore no-cache headers, then proxy also ignores no-store headers. The default behavior of observing no-cache directives is appropriate in most cases.
+								 	</li>
+								 	<li>
+								 		Forcing Object Caching:
+								 		is an ON-OFF switch. You can force Proxy to cache specific URLs (including dynamic URLs) for a specified duration, regardless of Cache-Control response headers.
+								 	</li>
+								 	<li>
+								 		Minimum Use:
+								 		sets the number of times an item must be requested by clients before Proxy caches it. This is useful if the cache is constantly filling up, as it ensures that only the most frequently accessed items are added to the cache. By default, Proxy cache object at its first appearance. The Counter resets in every 30 minutes. Note that the requests is counted in computing unit independently.
+								 	</li>
+								 	<li>
+								 		Max Cache Object Size:
+								 		sets the upper limit of an object size, larger object will not be cached. By default, Proxy does not cache object larger than 1 GB.
+								 	</li>
+								 	<li>
+								 		Cache Pinning Time:
+								 		configures Proxy to keep certain objects in the cache for a specified time. You can use this option to ensure that the most popular objects are in cache when needed and to prevent cache manager from deleting important objects. Proxy observes Cache-Control headers and pins an object in the cache only if it is indeed cacheable.
+								 	</li>
+								 	<li>
+								 		Max Cache Size:
+								 		sets the upper limit of the size of storage for a policy. By default, Proxy uses all available disk space. When the cache size reaches the limit, the cache manager removes the files that were least recently used to bring the cache size back under the limit.
+								 	</li>
+								 	<li>
+								 		Inactive Time:
+								 		specifies how long an item can remain in the cache without being accessed. A file that has not been requested for this time is automatically deleted from the cache by the cache manager, regardless of whether or not it has expired.
+								 	</li>
+								 </ul>
+																
+							</div>
+						</div>
+					</div>
+					<!-- <div class="panel panel-danger">
+						<div class="panel-heading">
+							<h4 class="panel-title">
+							<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_4">
+							4.配置约束条件 </a>
+							</h4>
+						</div>
+						<div id="accordion1_4" class="panel-collapse collapse">
+							<div class="panel-body">
+								 <ul>
+								 	<li>IP：同“IP拦截”</li>
+									<li>URL：同“域名拦截”</li>
+									<li>HTTP 请求头：同“HTTP(s)监测”</li>	
+									<li>HTTP 应答头：同“HTTP(s)监测”</li>		
+									<li>HTTP 请求内容：同“HTTP(s)监测”</li>
+									<li>HTTP 应答内容：同“HTTP(s)监测”</li>
+									<li>账号：同“HTTP(s)监测”</li>
+								 </ul>
+							</div>
+						</div>
+					</div>
+					<div class="panel panel-warning">
+						<div class="panel-heading">
+							<h4 class="panel-title">
+							<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_5">
+							5.预期效果 </a>
+							</h4>
+						</div>
+						<div id="accordion1_5" class="panel-collapse collapse">
+							<div class="panel-body">
+								 <ul>
+								 	<li>阻断效果：浏览器无法访问页面</li>
+									<li>日志检查：生成日志</li>
+								 </ul>
+							</div>
+						</div>
+					</div>
+					<div class="panel panel-success">
+						<div class="panel-heading">
+							<h4 class="panel-title">
+							<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_6">
+							6.配置生效区域 </a>
+							</h4>
+						</div>
+						<div id="accordion1_6" class="panel-collapse collapse">
+							<div class="panel-body">
+								配置的生效区域，生效区域包括地区，以及ISP，地区和ISP可组合，即某个地区的某个运营商流量生效，
+								或者某个地区的所有流量生效，或者某个运营商的所有流量生效，也可全域生效
+							</div>
+						</div>
+					</div>
+					<div class="panel panel-success">
+						<div class="panel-heading">
+							<h4 class="panel-title">
+							<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_7">
+							7.配置标签 </a>
+							</h4>
+						</div>
+						<div id="accordion1_7" class="panel-collapse collapse">
+							<div class="panel-body">
+								 <ul>
+								 	<li>来函：必选项，官方或其他组织下达的配置流量管控依据。</li>
+									<li>分类：非必选项，配置分类，例如内容安全、网络攻击等。</li>
+									<li>性质：非必选项，配置性质，例如政治、暴力、宗教等。</li>
+									<li>标签：非必选项，自定义标签。</li>			
+								 </ul>
+							</div>
+						</div>
+					</div> -->
+				<!--	<div class="panel panel-success">
+						<div class="panel-heading">
+							<h4 class="panel-title">
+							<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_7">
+							7.其他</a>
+							</h4>
+						</div>
+						<div id="accordion1_7" class="panel-collapse collapse">
+							<div class="panel-body">
+								 
+							</div>
+						</div>
+					</div>-->
+				</div>
+</div>
+</div>
+
+<!-- END FOOTER -->
+<!-- BEGIN JAVASCRIPTS(Load javascripts at bottom, this will reduce page load time) -->
+<!-- BEGIN CORE PLUGINS -->
+<!--[if lt IE 9]>
+<script src="../../static/global/plugins/respond.min.js"></script>
+<script src="../../static/global/plugins/excanvas.min.js"></script> 
+<![endif]-->
+<script src="../../static/global/plugins/jquery.min.js" type="text/javascript"></script>
+<script src="../../static/global/plugins/bootstrap/js/bootstrap.min.js" type="text/javascript"></script>
+<script>
+jQuery(document).ready(function() {    
+   
+});
+</script>
+<!-- END JAVASCRIPTS -->
+</body>
+<!-- END BODY -->
+</html>
\ No newline at end of file
diff --git a/src/main/webapp/online-help/proxy/control_policy.html b/src/main/webapp/online-help/proxy/control_policy.html
new file mode 100644
index 000000000..4785f3998
--- /dev/null
+++ b/src/main/webapp/online-help/proxy/control_policy.html
@@ -0,0 +1,251 @@
+<!DOCTYPE html>
+<!-- 
+Template Name: Metronic - Responsive Admin Dashboard Template build with Twitter Bootstrap 3.3.0
+Version: 3.5
+Author: KeenThemes
+Website: http://www.keenthemes.com/
+Contact: support@keenthemes.com
+Follow: www.twitter.com/keenthemes
+Like: www.facebook.com/keenthemes
+Purchase: http://themeforest.net/item/metronic-responsive-admin-dashboard-template/4021469?ref=keenthemes
+License: You must have a valid license purchased only from themeforest(the above link) in order to legally use the theme for your project.
+-->
+<!--[if IE 8]> <html lang="en" class="ie8 no-js"> <![endif]-->
+<!--[if IE 9]> <html lang="en" class="ie9 no-js"> <![endif]-->
+<!--[if !IE]><!-->
+<html lang="en">
+<!--<![endif]-->
+<!-- BEGIN HEAD -->
+<head>
+<meta charset="utf-8"/>
+<title>online help</title>
+<meta http-equiv="X-UA-Compatible" content="IE=edge">
+<meta content="width=device-width, initial-scale=1.0" name="viewport"/>
+<meta http-equiv="Content-type" content="text/html; charset=utf-8">
+<meta content="" name="description"/>
+<meta content="" name="author"/>
+<!-- BEGIN GLOBAL MANDATORY STYLES -->
+<link href="http://fonts.googleapis.com/css?family=Open+Sans:400,300,600,700&subset=all" rel="stylesheet" type="text/css"/>
+<link href="../../static/global/plugins/font-awesome/css/font-awesome.css" rel="stylesheet" type="text/css" />
+<link href="../../static/global/plugins/simple-line-icons/simple-line-icons.css" rel="stylesheet" type="text/css" />
+<link href="../../static/global/plugins/bootstrap/css/bootstrap.css" rel="stylesheet" type="text/css" />
+<!-- <link href="../../static/global/plugins/uniform/css/uniform.default.css" rel="stylesheet" type="text/css"/> -->
+<link href="../../static/global/plugins/bootstrap-switch/css/bootstrap-switch.css" rel="stylesheet" type="text/css" />
+<!-- END GLOBAL MANDATORY STYLES -->
+<!-- BEGIN THEME STYLES -->
+<link href="../../static/global/css/components.css" rel="stylesheet" id="style_components" type="text/css" />
+<link href="../../static/global/css/plugins.css" rel="stylesheet" type="text/css" />
+<link href="../../static/layouts/layout/css/layout.css" rel="stylesheet" type="text/css" />
+<link href="../../static/layouts/layout/css/themes/default.css" rel="stylesheet" type="text/css" id="style_color" />
+<link href="../../static/layouts/layout/css/custom.css" rel="stylesheet" type="text/css" />
+<!-- END THEME STYLES -->
+<link rel="shortcut icon" href="favicon.ico"/>
+</head>
+<!-- END HEAD -->
+<!-- BEGIN BODY -->
+<!-- DOC: Apply "page-header-fixed-mobile" and "page-footer-fixed-mobile" class to body element to force fixed header or footer in mobile devices -->
+<!-- DOC: Apply "page-sidebar-closed" class to the body and "page-sidebar-menu-closed" class to the sidebar menu element to hide the sidebar by default -->
+<!-- DOC: Apply "page-sidebar-hide" class to the body to make the sidebar completely hidden on toggle -->
+<!-- DOC: Apply "page-sidebar-closed-hide-logo" class to the body element to make the logo hidden on sidebar toggle -->
+<!-- DOC: Apply "page-sidebar-hide" class to body element to completely hide the sidebar on sidebar toggle -->
+<!-- DOC: Apply "page-sidebar-fixed" class to have fixed sidebar -->
+<!-- DOC: Apply "page-footer-fixed" class to the body element to have fixed footer -->
+<!-- DOC: Apply "page-sidebar-reversed" class to put the sidebar on the right side -->
+<!-- DOC: Apply "page-full-width" class to the body element to have full width page without the sidebar menu -->
+<body class="page-header-fixed page-quick-sidebar-over-content ">
+<div class="page-content" style="margin:15px 20px 0 15px">
+	<div class="row">
+				<div id="accordion1" class="panel-group">
+					<div class="panel panel-success">
+						<div class="panel-heading">
+							<h4 class="panel-title">
+							<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_1">
+							1.功能简介</a>
+							</h4>
+						</div>
+						<div id="accordion1_1" class="panel-collapse collapse in">
+							<div class="panel-body">
+								On National Proxy System, Individual Control policy rules determine whether to allow, 
+								block, redirect or replace a session based on traffic attributes, such as URL, request header fields, 
+								request body keywords, response header fields, response body keywords, IP address, Subscribe ID and 
+								their combination. You could specify these attributes in the submenu of Control Policy.
+							</div>
+						</div>
+					</div>
+					<div class="panel panel-warning">
+						<div class="panel-heading">
+							<h4 class="panel-title">
+							<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_2">
+							2.执行动作 </a>
+							</h4>
+						</div>
+						<div id="accordion1_2" class="panel-collapse collapse">
+							<div class="panel-body">
+								You could select one of the five actions for above attributes, as known as:
+								<ul>
+								 	<li>
+								 		Monitor：the Proxy produce a log to record matched HTTP session information.
+									</li>
+								 	<li>
+								 		Block:the Proxy terminate matched HTTP session with an error page and produce a log. You MUST specify a Response Code and a Response Content to generate an error page.
+								 	</li>
+								 	<li>
+								 		Redirect: the Proxy redirect matched HTTP session to a predefined URL. Since redirection need to be performed before delivering response to client, condition of response body is not applicable in this action. You MUST configure the redirect response via Response Code and Response URL. The Response URL MUST start with a scheme (http:// or https://). You SHOULD NOT select 301 as Response Code unless you exactly know what you are doing. This action produces a log.
+								 	</li>
+								 	<li>
+								 		Replace:the Proxy Searches in a given HTTP part to Find a given string, and Replace any matches with another given string. If no match was found, the session remained untouched. For performance concerns, condition of request body and response body is not available in this action. For example, you can configure the Proxy to search in the response body of URL “www.example.com/index.html”, find every “string1” and replace with “string2”. This action produces a log.
+								 	</li>
+								 	<li>
+								 		Whitelist:the Proxy pass-through the matched sessions and produce no log.
+								 	</li>	
+								 	<li>
+								 		In case of HTTP session matches one more policies, the priority order is Whitelist > Reject > Redirect > Replace > Monitor, action with higher priority overrides others.
+								 	</li>	
+								 </ul>
+																
+							</div>
+						</div>
+					</div>
+					<div class="panel panel-warning">
+						<div class="panel-heading">
+							<h4 class="panel-title">
+							<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_3">
+							3.业务配置属性 </a>
+							</h4>
+						</div>
+						<div id="accordion1_3" class="panel-collapse collapse">
+							<div class="panel-body">
+								The attributes are detailed in following context:
+								<ul>
+								 	<li>URL：From proxy’s perspective, a HTTP URL consists of a hierarchical sequence of three components: 
+								 	URL = hostname/path[?query] . The URL path name can also be specified by the user in the local writing system.
+								 	 If not already encoded, it is converted to UTF-8, and any characters not part of the basic URL character set are
+								 	  escaped as hexadecimal using percent-encoding; for example, search keywords “русский” 
+								 	  in Google produces URL：
+										https://www.google.com/search?q=%D1%80%D1%83%D1%81%D1%81%D0%BA%D0%B8%D0%B9 
+										To perform policy action on above URL, you could input the whole URL in the input box. Or,
+										 you could input original keywords and let the Proxy do the decoding, e.g. 
+										 “google.com/search” & “русский”. Note that the scheme string MUST be excluded from the URL,
+										  it’s “https://” in this case.
+									</li>
+								 	<li>
+								 		Request Header: is used to set conditions on request header fields. Header fields are colon-separated key-value pairs in clear-text string format, terminated by a carriage return (CR) and line feed (LF) character sequence. For example, “user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)“ is a header filed in request header. The Matching District is used to configure the field’s key, if the key was presented, the Proxy will search in the value for Keywords.
+								 	</li>
+								 	<li>
+								 		Response Header： is used to set conditions on response header fields. Its configuration is similar to Request Header.
+								 	</li>
+								 	<li>
+								 		Request Body：is used to set conditions on request’s body message. The Proxy searches the pre-configured Keywords in it. You can configure non-ASCII or non-utf8 keywords by turn on HEX.
+								 	</li>
+								 	<li>
+								 		Response Body：is used to set conditions on response’s body message. Its configuration is similar to Request Body.
+								 	</li>		
+								 </ul>
+																
+							</div>
+						</div>
+					</div>
+					<!-- <div class="panel panel-danger">
+						<div class="panel-heading">
+							<h4 class="panel-title">
+							<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_4">
+							4.配置约束条件 </a>
+							</h4>
+						</div>
+						<div id="accordion1_4" class="panel-collapse collapse">
+							<div class="panel-body">
+								 <ul>
+								 	<li>IP：同“IP拦截”</li>
+									<li>URL：同“域名拦截”</li>
+									<li>HTTP 请求头：同“HTTP(s)监测”</li>	
+									<li>HTTP 应答头：同“HTTP(s)监测”</li>		
+									<li>HTTP 请求内容：同“HTTP(s)监测”</li>
+									<li>HTTP 应答内容：同“HTTP(s)监测”</li>
+									<li>账号：同“HTTP(s)监测”</li>
+								 </ul>
+							</div>
+						</div>
+					</div>
+					<div class="panel panel-warning">
+						<div class="panel-heading">
+							<h4 class="panel-title">
+							<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_5">
+							5.预期效果 </a>
+							</h4>
+						</div>
+						<div id="accordion1_5" class="panel-collapse collapse">
+							<div class="panel-body">
+								 <ul>
+								 	<li>阻断效果：浏览器无法访问页面</li>
+									<li>日志检查：生成日志</li>
+								 </ul>
+							</div>
+						</div>
+					</div>
+					<div class="panel panel-success">
+						<div class="panel-heading">
+							<h4 class="panel-title">
+							<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_6">
+							6.配置生效区域 </a>
+							</h4>
+						</div>
+						<div id="accordion1_6" class="panel-collapse collapse">
+							<div class="panel-body">
+								配置的生效区域，生效区域包括地区，以及ISP，地区和ISP可组合，即某个地区的某个运营商流量生效，
+								或者某个地区的所有流量生效，或者某个运营商的所有流量生效，也可全域生效
+							</div>
+						</div>
+					</div>
+					<div class="panel panel-success">
+						<div class="panel-heading">
+							<h4 class="panel-title">
+							<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_7">
+							7.配置标签 </a>
+							</h4>
+						</div>
+						<div id="accordion1_7" class="panel-collapse collapse">
+							<div class="panel-body">
+								 <ul>
+								 	<li>来函：必选项，官方或其他组织下达的配置流量管控依据。</li>
+									<li>分类：非必选项，配置分类，例如内容安全、网络攻击等。</li>
+									<li>性质：非必选项，配置性质，例如政治、暴力、宗教等。</li>
+									<li>标签：非必选项，自定义标签。</li>			
+								 </ul>
+							</div>
+						</div>
+					</div> -->
+				<!--	<div class="panel panel-success">
+						<div class="panel-heading">
+							<h4 class="panel-title">
+							<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_7">
+							7.其他</a>
+							</h4>
+						</div>
+						<div id="accordion1_7" class="panel-collapse collapse">
+							<div class="panel-body">
+								 
+							</div>
+						</div>
+					</div>-->
+				</div>
+</div>
+</div>
+
+<!-- END FOOTER -->
+<!-- BEGIN JAVASCRIPTS(Load javascripts at bottom, this will reduce page load time) -->
+<!-- BEGIN CORE PLUGINS -->
+<!--[if lt IE 9]>
+<script src="../../static/global/plugins/respond.min.js"></script>
+<script src="../../static/global/plugins/excanvas.min.js"></script> 
+<![endif]-->
+<script src="../../static/global/plugins/jquery.min.js" type="text/javascript"></script>
+<script src="../../static/global/plugins/bootstrap/js/bootstrap.min.js" type="text/javascript"></script>
+<script>
+jQuery(document).ready(function() {    
+   
+});
+</script>
+<!-- END JAVASCRIPTS -->
+</body>
+<!-- END BODY -->
+</html>
\ No newline at end of file
diff --git a/src/main/webapp/online-help/proxy/intercept_policy.html b/src/main/webapp/online-help/proxy/intercept_policy.html
new file mode 100644
index 000000000..03f6184b0
--- /dev/null
+++ b/src/main/webapp/online-help/proxy/intercept_policy.html
@@ -0,0 +1,224 @@
+<!DOCTYPE html>
+<!-- 
+Template Name: Metronic - Responsive Admin Dashboard Template build with Twitter Bootstrap 3.3.0
+Version: 3.5
+Author: KeenThemes
+Website: http://www.keenthemes.com/
+Contact: support@keenthemes.com
+Follow: www.twitter.com/keenthemes
+Like: www.facebook.com/keenthemes
+Purchase: http://themeforest.net/item/metronic-responsive-admin-dashboard-template/4021469?ref=keenthemes
+License: You must have a valid license purchased only from themeforest(the above link) in order to legally use the theme for your project.
+-->
+<!--[if IE 8]> <html lang="en" class="ie8 no-js"> <![endif]-->
+<!--[if IE 9]> <html lang="en" class="ie9 no-js"> <![endif]-->
+<!--[if !IE]><!-->
+<html lang="en">
+<!--<![endif]-->
+<!-- BEGIN HEAD -->
+<head>
+<meta charset="utf-8"/>
+<title>online help</title>
+<meta http-equiv="X-UA-Compatible" content="IE=edge">
+<meta content="width=device-width, initial-scale=1.0" name="viewport"/>
+<meta http-equiv="Content-type" content="text/html; charset=utf-8">
+<meta content="" name="description"/>
+<meta content="" name="author"/>
+<!-- BEGIN GLOBAL MANDATORY STYLES -->
+<link href="http://fonts.googleapis.com/css?family=Open+Sans:400,300,600,700&subset=all" rel="stylesheet" type="text/css"/>
+<link href="../../static/global/plugins/font-awesome/css/font-awesome.css" rel="stylesheet" type="text/css" />
+<link href="../../static/global/plugins/simple-line-icons/simple-line-icons.css" rel="stylesheet" type="text/css" />
+<link href="../../static/global/plugins/bootstrap/css/bootstrap.css" rel="stylesheet" type="text/css" />
+<!-- <link href="../../static/global/plugins/uniform/css/uniform.default.css" rel="stylesheet" type="text/css"/> -->
+<link href="../../static/global/plugins/bootstrap-switch/css/bootstrap-switch.css" rel="stylesheet" type="text/css" />
+<!-- END GLOBAL MANDATORY STYLES -->
+<!-- BEGIN THEME STYLES -->
+<link href="../../static/global/css/components.css" rel="stylesheet" id="style_components" type="text/css" />
+<link href="../../static/global/css/plugins.css" rel="stylesheet" type="text/css" />
+<link href="../../static/layouts/layout/css/layout.css" rel="stylesheet" type="text/css" />
+<link href="../../static/layouts/layout/css/themes/default.css" rel="stylesheet" type="text/css" id="style_color" />
+<link href="../../static/layouts/layout/css/custom.css" rel="stylesheet" type="text/css" />
+<!-- END THEME STYLES -->
+<link rel="shortcut icon" href="favicon.ico"/>
+</head>
+<!-- END HEAD -->
+<!-- BEGIN BODY -->
+<!-- DOC: Apply "page-header-fixed-mobile" and "page-footer-fixed-mobile" class to body element to force fixed header or footer in mobile devices -->
+<!-- DOC: Apply "page-sidebar-closed" class to the body and "page-sidebar-menu-closed" class to the sidebar menu element to hide the sidebar by default -->
+<!-- DOC: Apply "page-sidebar-hide" class to the body to make the sidebar completely hidden on toggle -->
+<!-- DOC: Apply "page-sidebar-closed-hide-logo" class to the body element to make the logo hidden on sidebar toggle -->
+<!-- DOC: Apply "page-sidebar-hide" class to body element to completely hide the sidebar on sidebar toggle -->
+<!-- DOC: Apply "page-sidebar-fixed" class to have fixed sidebar -->
+<!-- DOC: Apply "page-footer-fixed" class to the body element to have fixed footer -->
+<!-- DOC: Apply "page-sidebar-reversed" class to put the sidebar on the right side -->
+<!-- DOC: Apply "page-full-width" class to the body element to have full width page without the sidebar menu -->
+<body class="page-header-fixed page-quick-sidebar-over-content ">
+<div class="page-content" style="margin:15px 20px 0 15px">
+	<div class="row">
+				<div id="accordion1" class="panel-group">
+					<div class="panel panel-success">
+						<div class="panel-heading">
+							<h4 class="panel-title">
+							<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_1">
+							1.功能简介</a>
+							</h4>
+						</div>
+						<div id="accordion1_1" class="panel-collapse collapse in">
+							<div class="panel-body">
+								On National Proxy System, Individual Intercept policy rules determines whether to intercept/optimize a connection based on traffic attributes, such as IP address, domain name and Subscribe ID. You could specify these attributes in IP Intercept and Domain Intercept.
+							</div>
+						</div>
+					</div>
+					<div class="panel panel-warning">
+						<div class="panel-heading">
+							<h4 class="panel-title">
+							<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_2">
+							2.执行动作 </a>
+							</h4>
+						</div>
+						<div id="accordion1_2" class="panel-collapse collapse">
+							<div class="panel-body">
+								Both IP intercept and Domain Intercept are subject two actions:
+								<ul>
+								 	<li>Bypass:
+								 		the Proxy passes through the network connection without apply an optimization or policy checking. It’s could be used to bypass SSL pinning applications, such as Apple Store and WhatsApp, or a of a VIP’s IP address. In case of traffic matches one more policies, bypass overrides intercept.
+								 	</li>
+								 	<li>Intercept:
+								 		the National Proxy System intercepts network traffic for further control policy and cache policy checking. When a connection is set to intercept, the proxy terminates the connection and initiates a new connection between client and server. If the connection is SSL encrypted, the original certificate is replaced with a substitute one.
+								 		<p>When Intercept Related Domains is enabled, domains that share one certificates with the specified domain are considered as the same. For example, if the intercept facebook.com with Intercept Related Domain option, then *.xx.fbcdn.net, fb.com, .messenger.com and etc. are also intercepted. There may be side effects that intercept many different websites when they were hosted in a same CDN provider (Content Delivery Network). </p>
+								 		<p>Key ring determines which certificate will be used to generate substitute certificate. You could configure key ring through Proxy Policy Object page. If no key ring is specified, proxy will use the default one.</p>
+								 		<p>Intercept policy produces no log. You can find out if the interception is successful by checking if the certificate is issued by your pre-configured Root CA. You need a PC which traffic has already directed to the Proxy, and a web browser to test the policy. For Chrome and Microsoft Internet Explorer, you could click the lock icon on the address bar to view certificate. For Firefox, after you clicking the lock icon, click “>” button to show connection details, click “more information”, and then click “view certificate”. If the browser warning that the connection is not secure, one possible reason is you haven’t install/trust the root certificate yet.</p>
+								 	</li>
+								 </ul>
+								<h3 class="text-danger ">
+									Note: You should exercise caution because web applications may not cooperate with SSL interception, such as SSL pinning, mutual authentication or non-standard SSL implementation.
+								</h3>								
+							</div>
+						</div>
+					</div>
+					<!-- <div class="panel panel-warning">
+						<div class="panel-heading">
+							<h4 class="panel-title">
+							<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_3">
+							3.业务配置属性 </a>
+							</h4>
+						</div>
+						<div id="accordion1_3" class="panel-collapse collapse">
+							<div class="panel-body">
+								<ul>
+								 	<li>IP：同“HTTP(s)监测”</li>
+								 	<li>HTTP URL:同“HTTP(s)监测”</li>
+								 	<li>HTTP 请求头域：同“HTTP(s)监测”</li>
+								 	<li>HTTP 应答头域：同“HTTP(s)监测”</li>
+								 	<li>HTTP 请求内容：同“HTTP(s)监测”</li>		
+								 	<li>HTTP 应答内容：同“HTTP(s)监测”</li>
+								 	<li>账号：同“HTTP(s)监测”</li>
+								 </ul>
+																
+							</div>
+						</div>
+					</div>
+					<div class="panel panel-danger">
+						<div class="panel-heading">
+							<h4 class="panel-title">
+							<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_4">
+							4.配置约束条件 </a>
+							</h4>
+						</div>
+						<div id="accordion1_4" class="panel-collapse collapse">
+							<div class="panel-body">
+								 <ul>
+								 	<li>IP：同“IP拦截”</li>
+									<li>URL：同“域名拦截”</li>
+									<li>HTTP 请求头：同“HTTP(s)监测”</li>	
+									<li>HTTP 应答头：同“HTTP(s)监测”</li>		
+									<li>HTTP 请求内容：同“HTTP(s)监测”</li>
+									<li>HTTP 应答内容：同“HTTP(s)监测”</li>
+									<li>账号：同“HTTP(s)监测”</li>
+								 </ul>
+							</div>
+						</div>
+					</div>
+					<div class="panel panel-warning">
+						<div class="panel-heading">
+							<h4 class="panel-title">
+							<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_5">
+							5.预期效果 </a>
+							</h4>
+						</div>
+						<div id="accordion1_5" class="panel-collapse collapse">
+							<div class="panel-body">
+								 <ul>
+								 	<li>阻断效果：浏览器无法访问页面</li>
+									<li>日志检查：生成日志</li>
+								 </ul>
+							</div>
+						</div>
+					</div>
+					<div class="panel panel-success">
+						<div class="panel-heading">
+							<h4 class="panel-title">
+							<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_6">
+							6.配置生效区域 </a>
+							</h4>
+						</div>
+						<div id="accordion1_6" class="panel-collapse collapse">
+							<div class="panel-body">
+								配置的生效区域，生效区域包括地区，以及ISP，地区和ISP可组合，即某个地区的某个运营商流量生效，
+								或者某个地区的所有流量生效，或者某个运营商的所有流量生效，也可全域生效
+							</div>
+						</div>
+					</div>
+					<div class="panel panel-success">
+						<div class="panel-heading">
+							<h4 class="panel-title">
+							<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_7">
+							7.配置标签 </a>
+							</h4>
+						</div>
+						<div id="accordion1_7" class="panel-collapse collapse">
+							<div class="panel-body">
+								 <ul>
+								 	<li>来函：必选项，官方或其他组织下达的配置流量管控依据。</li>
+									<li>分类：非必选项，配置分类，例如内容安全、网络攻击等。</li>
+									<li>性质：非必选项，配置性质，例如政治、暴力、宗教等。</li>
+									<li>标签：非必选项，自定义标签。</li>			
+								 </ul>
+							</div>
+						</div>
+					</div> -->
+				<!--	<div class="panel panel-success">
+						<div class="panel-heading">
+							<h4 class="panel-title">
+							<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_7">
+							7.其他</a>
+							</h4>
+						</div>
+						<div id="accordion1_7" class="panel-collapse collapse">
+							<div class="panel-body">
+								 
+							</div>
+						</div>
+					</div>-->
+				</div>
+</div>
+</div>
+
+<!-- END FOOTER -->
+<!-- BEGIN JAVASCRIPTS(Load javascripts at bottom, this will reduce page load time) -->
+<!-- BEGIN CORE PLUGINS -->
+<!--[if lt IE 9]>
+<script src="../../static/global/plugins/respond.min.js"></script>
+<script src="../../static/global/plugins/excanvas.min.js"></script> 
+<![endif]-->
+<script src="../../static/global/plugins/jquery.min.js" type="text/javascript"></script>
+<script src="../../static/global/plugins/bootstrap/js/bootstrap.min.js" type="text/javascript"></script>
+<script>
+jQuery(document).ready(function() {    
+   
+});
+</script>
+<!-- END JAVASCRIPTS -->
+</body>
+<!-- END BODY -->
+</html>
\ No newline at end of file
diff --git a/src/main/webapp/online-help/proxy/proxy_policy_object.html b/src/main/webapp/online-help/proxy/proxy_policy_object.html
new file mode 100644
index 000000000..efc20c84e
--- /dev/null
+++ b/src/main/webapp/online-help/proxy/proxy_policy_object.html
@@ -0,0 +1,365 @@
+<!DOCTYPE html>
+<!-- 
+Template Name: Metronic - Responsive Admin Dashboard Template build with Twitter Bootstrap 3.3.0
+Version: 3.5
+Author: KeenThemes
+Website: http://www.keenthemes.com/
+Contact: support@keenthemes.com
+Follow: www.twitter.com/keenthemes
+Like: www.facebook.com/keenthemes
+Purchase: http://themeforest.net/item/metronic-responsive-admin-dashboard-template/4021469?ref=keenthemes
+License: You must have a valid license purchased only from themeforest(the above link) in order to legally use the theme for your project.
+-->
+<!--[if IE 8]> <html lang="en" class="ie8 no-js"> <![endif]-->
+<!--[if IE 9]> <html lang="en" class="ie9 no-js"> <![endif]-->
+<!--[if !IE]><!-->
+<html lang="en">
+<!--<![endif]-->
+<!-- BEGIN HEAD -->
+<head>
+<meta charset="utf-8"/>
+<title>online help</title>
+<meta http-equiv="X-UA-Compatible" content="IE=edge">
+<meta content="width=device-width, initial-scale=1.0" name="viewport"/>
+<meta http-equiv="Content-type" content="text/html; charset=utf-8">
+<meta content="" name="description"/>
+<meta content="" name="author"/>
+<!-- BEGIN GLOBAL MANDATORY STYLES -->
+<link href="http://fonts.googleapis.com/css?family=Open+Sans:400,300,600,700&subset=all" rel="stylesheet" type="text/css"/>
+<link href="../../static/global/plugins/font-awesome/css/font-awesome.css" rel="stylesheet" type="text/css" />
+<link href="../../static/global/plugins/simple-line-icons/simple-line-icons.css" rel="stylesheet" type="text/css" />
+<link href="../../static/global/plugins/bootstrap/css/bootstrap.css" rel="stylesheet" type="text/css" />
+<!-- <link href="../../static/global/plugins/uniform/css/uniform.default.css" rel="stylesheet" type="text/css"/> -->
+<link href="../../static/global/plugins/bootstrap-switch/css/bootstrap-switch.css" rel="stylesheet" type="text/css" />
+<!-- END GLOBAL MANDATORY STYLES -->
+<!-- BEGIN THEME STYLES -->
+<link href="../../static/global/css/components.css" rel="stylesheet" id="style_components" type="text/css" />
+<link href="../../static/global/css/plugins.css" rel="stylesheet" type="text/css" />
+<link href="../../static/layouts/layout/css/layout.css" rel="stylesheet" type="text/css" />
+<link href="../../static/layouts/layout/css/themes/default.css" rel="stylesheet" type="text/css" id="style_color" />
+<link href="../../static/layouts/layout/css/custom.css" rel="stylesheet" type="text/css" />
+<!-- END THEME STYLES -->
+<link rel="shortcut icon" href="favicon.ico"/>
+</head>
+<!-- END HEAD -->
+<!-- BEGIN BODY -->
+<!-- DOC: Apply "page-header-fixed-mobile" and "page-footer-fixed-mobile" class to body element to force fixed header or footer in mobile devices -->
+<!-- DOC: Apply "page-sidebar-closed" class to the body and "page-sidebar-menu-closed" class to the sidebar menu element to hide the sidebar by default -->
+<!-- DOC: Apply "page-sidebar-hide" class to the body to make the sidebar completely hidden on toggle -->
+<!-- DOC: Apply "page-sidebar-closed-hide-logo" class to the body element to make the logo hidden on sidebar toggle -->
+<!-- DOC: Apply "page-sidebar-hide" class to body element to completely hide the sidebar on sidebar toggle -->
+<!-- DOC: Apply "page-sidebar-fixed" class to have fixed sidebar -->
+<!-- DOC: Apply "page-footer-fixed" class to the body element to have fixed footer -->
+<!-- DOC: Apply "page-sidebar-reversed" class to put the sidebar on the right side -->
+<!-- DOC: Apply "page-full-width" class to the body element to have full width page without the sidebar menu -->
+<body class="page-header-fixed page-quick-sidebar-over-content ">
+<div class="page-content" style="margin:15px 20px 0 15px">
+	<div class="row">
+				<div id="accordion1" class="panel-group">
+					<div class="panel panel-success">
+						<div class="panel-heading">
+							<h4 class="panel-title">
+							<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_1">
+							1.功能简介</a>
+							</h4>
+						</div>
+						<div id="accordion1_1" class="panel-collapse collapse in">
+							<div class="panel-body">
+								A policy object is a single object or a collective unit that groups discrete identities such as IP addresses, URLs, applications, or users. With policy objects that are a collective unit, you can reference the object in policy instead of manually selecting multiple objects one at a time. Typically, when creating a policy object, you group objects that require similar permissions in policy.
+							</div>
+						</div>
+					</div>
+					<div class="panel panel-warning">
+						<div class="panel-heading">
+							<h4 class="panel-title">
+							<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_2">
+							2.Key Ring </a>
+							</h4>
+						</div>
+						<div id="accordion1_2" class="panel-collapse collapse">
+							<div class="panel-body">
+								On National Proxy System, Key Ring is a pair of private key and public certificate. You can also import a certificate chain containing multiple certificates. Key Ring is a policy object, you can reference it in Intercept Policy.
+There are three Certificate Type:
+								<ul>
+								 	<li>End-entity Certificate:
+								 		is used for web servers to identify themselves. The Public Key File MUST be .p12 format that contains entire certificate chain. The Private Key File could be .pem, .key or .p12 format. This certificate type is not applicable to Domain Intercept for it cannot be used to sign other certificates. Expire After parameter is also not applicable to end-entity certificate for the same reason.
+								 	</li>
+								 	<li>Intermedia Certificate:
+								 		is used to sign other certificates. An intermediate certificate must be signed by another intermediate certificate, or a root certificate. The Public Key File MUST be .p12 format that contains entire certificate chain. The Expire After parameter indicates the expiration of the substitute certificate that was issued by this intermedia certificate.
+								 	</li>
+								 	<li>Root Certificate:
+								 	is used to sign other certificates. The Public Key File could be .der, .cer, .crt or .pem format. The Expire After parameter has the same meaning as Intermedia Certificate.
+Specification of certificate formats:
+										<ul>
+											<li>
+												.pem- (Privacy-enhanced Electronic Mail) Base64 encoded DER certificate, enclosed between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----"
+											</li>
+											<li>
+												.cer, .crt, .der – usually in binary DER form, but Base64-encoded certificates are common too (see .pem above)
+											</li>
+											<li>
+												.p12 – PKCS#12, may contain certificate(s) (public) and private keys (without password protected)
+											</li>
+										</ul>
+										
+									</li>
+								 </ul>
+																
+							</div>
+						</div>
+					</div>
+					<div class="panel panel-warning">
+						<div class="panel-heading">
+							<h4 class="panel-title">
+							<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_3">
+							3.Trusted Certificate </a>
+							</h4>
+						</div>
+						<div id="accordion1_3" class="panel-collapse collapse">
+							<div class="panel-body">
+								National Proxy System has a build-in trusted certificate authorities list. When the original certificate is issued by a certificate authority that not in the list, the proxy will issued the substitute certificate with an untrusted root certificate, and so consequently, the browser could identify unsecure connections.
+								<p>
+								You can add a custom certificate authority to the trusted certificate authorities of the system.
+								<p>
+								The certificate MUST be PEM format.
+								<p>
+								Following are the National Proxy System’s default trusted certificate authorities:
+								<ul>
+								 	<li>ACCVRAIZ1</li>
+								 	<li>Actalis Authentication Root CA</li>
+								 	<li>AddTrust External CA Root</li>
+								 	<li>AffirmTrust Commercial</li>
+								 	<li>AffirmTrust Networking</li>		
+								 	<li>AffirmTrust Premium</li>
+								 	<li>AffirmTrust Premium ECC</li>
+								 	<li>Amazon Root CA 1</li>
+									<li>Amazon Root CA 2</li>
+									<li>Amazon Root CA 3</li>
+									<li>Amazon Root CA 4</li>
+									<li>Atos TrustedRoot 2011</li>
+									<li>Autoridad de Certificacion Firmaprofesional CIF A62634068</li>
+									<li>Baltimore CyberTrust Root</li>
+									<li>Buypass Class 2 Root CA</li>
+									<li>Buypass Class 3 Root CA</li>
+									<li>CA Disig Root R2</li>
+									<li>CFCA EV ROOT</li>
+									<li>COMODO Certification Authority</li>
+									<li>COMODO ECC Certification Authority</li>
+									<li>COMODO RSA Certification Authority</li>
+									<li>Certigna</li>
+									<li>Certinomis - Root CA</li>
+									<li>Class 2 Primary CA</li>
+									<li>Certplus Root CA G1</li>
+									<li>Certplus Root CA G2</li>
+									<li>Certum Trusted Network CA</li>
+									<li>Certum Trusted Network CA 2</li>
+									<li>Chambers of Commerce Root - 2008</li>
+									<li>AAA Certificate Services</li>
+									<li>Cybertrust Global Root</li>
+									<li>D-TRUST Root Class 3 CA 2 2009</li>
+									<li>D-TRUST Root Class 3 CA 2 EV 2009</li>
+									<li>DST Root CA X3</li>
+									<li>Deutsche Telekom Root CA 2</li>
+									<li>DigiCert Assured ID Root CA</li>
+									<li>DigiCert Assured ID Root G2</li>
+									<li>DigiCert Assured ID Root G3</li>
+									<li>DigiCert Global Root CA</li>
+									<li>DigiCert Global Root G2</li>
+									<li>DigiCert Global Root G3</li>
+									<li>DigiCert High Assurance EV Root CA</li>
+									<li>DigiCert Trusted Root G4</li>
+									<li>E-Tugra Certification Authority</li>
+									<li>EC-ACC</li>
+									<li>EE Certification Centre Root CA</li>
+									<li>Entrust.net Certification Authority (2048)</li>
+									<li>Entrust Root Certification Authority</li>
+									<li>Entrust Root Certification Authority - EC1</li>
+									<li>Entrust Root Certification Authority - G2</li>
+									<li>GDCA TrustAUTH R5 ROOT</li>
+									<li>GeoTrust Global CA</li>
+									<li>GeoTrust Primary Certification Authority</li>
+									<li>GeoTrust Primary Certification Authority - G2</li>
+									<li>GeoTrust Primary Certification Authority - G3</li>
+									<li>GeoTrust Universal CA</li>
+									<li>GeoTrust Universal CA 2</li>
+									<li>GlobalSign</li>
+									<li>GlobalSign</li>
+									<li>GlobalSign Root CA</li>
+									<li>GlobalSign</li>
+									<li>GlobalSign</li>
+									<li>Global Chambersign Root - 2008</li>
+									<li>Go Daddy Root Certificate Authority - G2</li>
+									<li>Hellenic Academic and Research Institutions ECC RootCA 2015</li>
+									<li>Hellenic Academic and Research Institutions RootCA 2011</li>
+									<li>Hellenic Academic and Research Institutions RootCA 2015</li>
+									<li>Hongkong Post Root CA 1</li>
+									<li>ISRG Root X1</li>
+									<li>IdenTrust Commercial Root CA 1</li>
+									<li>IdenTrust Public Sector Root CA 1</li>
+									<li>Izenpe.com</li>
+									<li>LuxTrust Global Root 2</li>
+									<li>Microsec e-Szigno Root CA 2009</li>
+									<li>NetLock Arany (Class Gold) Főtanúsítvány</li>
+									<li>Network Solutions Certificate Authority</li>
+									<li>OISTE WISeKey Global Root GA CA</li>
+									<li>OISTE WISeKey Global Root GB CA</li>
+									<li>OpenTrust Root CA G1</li>
+									<li>OpenTrust Root CA G2</li>
+									<li>OpenTrust Root CA G3</li>
+									<li>QuoVadis Root Certification Authority</li>
+									<li>QuoVadis Root CA 1 G3</li>
+									<li>QuoVadis Root CA 2</li>
+									<li>QuoVadis Root CA 2 G3</li>
+									<li>QuoVadis Root CA 3</li>
+									<li>QuoVadis Root CA 3 G3</li>
+									<li>SSL.com EV Root Certification Authority ECC</li>
+									<li>SSL.com EV Root Certification Authority RSA R2</li>
+									<li>SSL.com Root Certification Authority ECC</li>
+									<li>SSL.com Root Certification Authority RSA</li>
+									<li>SZAFIR ROOT CA2</li>
+									<li>SecureSign RootCA11</li>
+									<li>SecureTrust CA</li>
+									<li>Secure Global CA</li>
+									<li>Sonera Class2 CA</li>
+									<li>Staat der Nederlanden EV Root CA</li>
+									<li>Staat der Nederlanden Root CA - G2</li>
+									<li>Staat der Nederlanden Root CA - G3</li>
+									<li>Starfield Root Certificate Authority - G2</li>
+									<li>Starfield Services Root Certificate Authority - G2</li>
+									<li>SwissSign Gold CA - G2</li>
+									<li>SwissSign Silver CA - G2</li>
+									<li>T-TeleSec GlobalRoot Class 2</li>
+									<li>T-TeleSec GlobalRoot Class 3</li>
+									<li>TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1</li>
+									<li>TWCA Global Root CA</li>
+									<li>TWCA Root Certification Authority</li>
+									<li>TeliaSonera Root CA v1</li>
+									<li>TrustCor ECA-1</li>
+									<li>TrustCor RootCert CA-1</li>
+									<li>TrustCor RootCert CA-2</li>
+									<li>TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5</li>
+									<li>USERTrust ECC Certification Authority</li>
+									<li>USERTrust RSA Certification Authority</li>
+									<li>VeriSign Class 3 Public Primary Certification Authority - G4</li>
+									<li>VeriSign Class 3 Public Primary Certification Authority - G5</li>
+									<li>VeriSign Universal Root Certification Authority</li>
+									<li>VeriSign Class 3 Public Primary Certification Authority - G3</li>
+									<li>Visa eCommerce Root</li>
+									<li>XRamp Global Certification Authority</li>
+									<li>thawte Primary Root CA</li>
+									<li>thawte Primary Root CA - G2</li>
+									<li>thawte Primary Root CA - G3</li>
+									<li>Microsoft Root Authority</li>
+									<li>Microsoft Root Certificate Authority</li>
+									<li>Microsoft Root Certificate Authority 2010</li>
+									<li>Microsoft Root Certificate Authority 2011</li>
+									<li>Baltimore CyberTrust Root</li>
+								 </ul>
+																
+							</div>
+						</div>
+					</div>
+					<!-- <div class="panel panel-danger">
+						<div class="panel-heading">
+							<h4 class="panel-title">
+							<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_4">
+							4.配置约束条件 </a>
+							</h4>
+						</div>
+						<div id="accordion1_4" class="panel-collapse collapse">
+							<div class="panel-body">
+								 <ul>
+								 	<li>IP：同“IP拦截”</li>
+									<li>URL：同“域名拦截”</li>
+									<li>HTTP 请求头：同“HTTP(s)监测”</li>	
+									<li>HTTP 应答头：同“HTTP(s)监测”</li>		
+									<li>HTTP 请求内容：同“HTTP(s)监测”</li>
+									<li>HTTP 应答内容：同“HTTP(s)监测”</li>
+									<li>账号：同“HTTP(s)监测”</li>
+								 </ul>
+							</div>
+						</div>
+					</div>
+					<div class="panel panel-warning">
+						<div class="panel-heading">
+							<h4 class="panel-title">
+							<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_5">
+							5.预期效果 </a>
+							</h4>
+						</div>
+						<div id="accordion1_5" class="panel-collapse collapse">
+							<div class="panel-body">
+								 <ul>
+								 	<li>阻断效果：浏览器无法访问页面</li>
+									<li>日志检查：生成日志</li>
+								 </ul>
+							</div>
+						</div>
+					</div>
+					<div class="panel panel-success">
+						<div class="panel-heading">
+							<h4 class="panel-title">
+							<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_6">
+							6.配置生效区域 </a>
+							</h4>
+						</div>
+						<div id="accordion1_6" class="panel-collapse collapse">
+							<div class="panel-body">
+								配置的生效区域，生效区域包括地区，以及ISP，地区和ISP可组合，即某个地区的某个运营商流量生效，
+								或者某个地区的所有流量生效，或者某个运营商的所有流量生效，也可全域生效
+							</div>
+						</div>
+					</div>
+					<div class="panel panel-success">
+						<div class="panel-heading">
+							<h4 class="panel-title">
+							<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_7">
+							7.配置标签 </a>
+							</h4>
+						</div>
+						<div id="accordion1_7" class="panel-collapse collapse">
+							<div class="panel-body">
+								 <ul>
+								 	<li>来函：必选项，官方或其他组织下达的配置流量管控依据。</li>
+									<li>分类：非必选项，配置分类，例如内容安全、网络攻击等。</li>
+									<li>性质：非必选项，配置性质，例如政治、暴力、宗教等。</li>
+									<li>标签：非必选项，自定义标签。</li>			
+								 </ul>
+							</div>
+						</div>
+					</div> -->
+				<!--	<div class="panel panel-success">
+						<div class="panel-heading">
+							<h4 class="panel-title">
+							<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_7">
+							7.其他</a>
+							</h4>
+						</div>
+						<div id="accordion1_7" class="panel-collapse collapse">
+							<div class="panel-body">
+								 
+							</div>
+						</div>
+					</div>-->
+				</div>
+</div>
+</div>
+
+<!-- END FOOTER -->
+<!-- BEGIN JAVASCRIPTS(Load javascripts at bottom, this will reduce page load time) -->
+<!-- BEGIN CORE PLUGINS -->
+<!--[if lt IE 9]>
+<script src="../../static/global/plugins/respond.min.js"></script>
+<script src="../../static/global/plugins/excanvas.min.js"></script> 
+<![endif]-->
+<script src="../../static/global/plugins/jquery.min.js" type="text/javascript"></script>
+<script src="../../static/global/plugins/bootstrap/js/bootstrap.min.js" type="text/javascript"></script>
+<script>
+jQuery(document).ready(function() {    
+   
+});
+</script>
+<!-- END JAVASCRIPTS -->
+</body>
+<!-- END BODY -->
+</html>
\ No newline at end of file