gfwleak/k18-ntcs-web-ntc
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'develop' of http://192.168.10.125/k18_web/NFS.git into develop

Browse Source
This commit is contained in:
DuanDongmei
2018-11-21 09:32:57 +08:00
parent eceaf613be 9767a03882
commit 750b9da257
15 changed files with 2642 additions and 690 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/main/java/com/nis/domain/configuration/BaseStringCfg.java
View File

@@ -44,7 +44,6 @@ public class BaseStringCfg<T> extends BaseCfg<T> {
protected Integer behavCode;//仅用于copy属性使用
protected Integer specServiceId;//仅用于copy属性使用
protected String domain;//仅用于copy属性使用
public String getDomain() {
return domain;
}
@@ -251,4 +250,17 @@ public class BaseStringCfg<T> extends BaseCfg<T> {
public void setIndex(Integer index) {
this.index = index;
}
public Integer getGroupId() {
return groupId;
}
public void setGroupId(Integer groupId) {
this.groupId = groupId;
}
public Integer getRegionId() {
return regionId;
}
public void setRegionId(Integer regionId) {
this.regionId = regionId;
}
}

2
src/main/java/com/nis/util/excel/ImportBigExcel.java
View File

@@ -494,7 +494,7 @@ public class ImportBigExcel extends XLSXCovertCSVReader{
log.debug("Read success: ["+i+"] "+sb.toString());
}
long end=System.currentTimeMillis();
log.warn(" load data finish,cost:"+(end-start));
log.warn(" load data finish,size:"+_dataList.size()+",cost:"+(end-start));
return _dataList;
}
public File getUploadFile() {

390
src/main/java/com/nis/util/excel/thread/SaveStringCfgThread.java Normal file
View File

@@ -0,0 +1,390 @@
package com.nis.util.excel.thread;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import java.util.concurrent.BlockingQueue;
import java.util.concurrent.Callable;
import org.apache.commons.lang3.StringUtils;
import org.apache.ibatis.session.ExecutorType;
import org.apache.ibatis.session.SqlSession;
import org.apache.ibatis.session.SqlSessionFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeanUtils;
import org.springframework.jdbc.datasource.DataSourceTransactionManager;
import org.springframework.transaction.TransactionDefinition;
import org.springframework.transaction.TransactionStatus;
import org.springframework.transaction.support.DefaultTransactionDefinition;
import com.beust.jcommander.internal.Lists;
import com.nis.domain.FunctionRegionDict;
import com.nis.domain.FunctionServiceDict;
import com.nis.domain.configuration.AppDomainCfg;
import com.nis.domain.configuration.AppPolicyCfg;
import com.nis.domain.configuration.BaseStringCfg;
import com.nis.domain.configuration.CfgIndexInfo;
import com.nis.domain.maat.MaatCfg;
import com.nis.domain.maat.MaatCfg.DigestCfg;
import com.nis.domain.maat.MaatCfg.GroupCfg;
import com.nis.domain.maat.MaatCfg.IpCfg;
import com.nis.domain.maat.MaatCfg.NumBoundaryCfg;
import com.nis.domain.maat.MaatCfg.StringCfg;
import com.nis.domain.maat.ToMaatBean;
import com.nis.domain.maat.ToMaatResult;
import com.nis.domain.specific.SpecificServiceCfg;
import com.nis.exceptions.MaatConvertException;
import com.nis.util.ConfigServiceUtil;
import com.nis.util.Constants;
import com.nis.util.DictUtils;
import com.nis.util.StringUtil;
import com.nis.web.dao.configuration.AppCfgDao;
import com.nis.web.dao.configuration.IpCfgDao;
import com.nis.web.dao.configuration.StringCfgDao;
import com.nis.web.security.UserUtils;
import com.nis.web.service.BaseService;
import com.nis.web.service.SpringContextHolder;
public class SaveStringCfgThread implements Callable<Throwable>{
private Logger logger=LoggerFactory.getLogger(getClass());
private BlockingQueue<BaseStringCfg<?>> stringCfgs;
private FunctionServiceDict serviceDict;
private FunctionRegionDict regionDict;
private Integer requestId;
private SpecificServiceCfg specificServiceCfg;
private String specServiceId;
private String behaviorId;
private String asnIpGroup;
private boolean audit;//是否下发
private static final SqlSessionFactory sqlSessionFactory=SpringContextHolder.getBean(SqlSessionFactory.class);
public SaveStringCfgThread(FunctionServiceDict serviceDict,FunctionRegionDict regionDict,Integer requestId,BlockingQueue<BaseStringCfg<?>> stringCfgs,boolean audit) {
this.serviceDict=serviceDict;
this.regionDict=regionDict;
this.stringCfgs=stringCfgs;
this.requestId=requestId;
this.audit=audit;
}
@Override
public Throwable call() {
// TODO Auto-generated method stub
try {
FunctionRegionDict appRegion = null;
if(serviceDict!=null) {
String regionCode = serviceDict.getRegionCode();
for (String code : regionCode.split(",")) {
if (StringUtils.isNotBlank(code)) {
FunctionRegionDict d = DictUtils.getFunctionRegionDictByRegionCode(serviceDict.getFunctionId(),
Integer.parseInt(code));
if (d != null && d.getConfigServiceType() != null
&& d.getConfigServiceType().equals("app_policy")) {
appRegion = d;
break;
}
}
}
}
DataSourceTransactionManager transactionManager=(DataSourceTransactionManager)SpringContextHolder.getBean("transactionManager");
List<BaseStringCfg> _stringCfgs=Lists.newArrayList(Constants.MAAT_JSON_SEND_SIZE);
List<AppPolicyCfg> appPolicyCfgs = new ArrayList<AppPolicyCfg>();
List<CfgIndexInfo> cfgIndexInfos = new ArrayList<CfgIndexInfo>();
while(!stringCfgs.isEmpty()) {
//开启一个新事物
DefaultTransactionDefinition def = new DefaultTransactionDefinition();
def.setPropagationBehavior(TransactionDefinition.PROPAGATION_REQUIRES_NEW); // 事物隔离级别,开启新事务,这样会比较安全些。
TransactionStatus status = transactionManager.getTransaction(def); // 获得事务状态
try {
stringCfgs.drainTo(_stringCfgs, Constants.MAAT_JSON_SEND_SIZE);
if(_stringCfgs.size()>0) {
List<Integer> compileIds=Lists.newArrayList();
List<Integer> groupIds=Lists.newArrayList();
List<Integer> regionIds=Lists.newArrayList();
try {
compileIds = ConfigServiceUtil.getId(1,_stringCfgs.size());
if(audit) {
groupIds = ConfigServiceUtil.getId(2,_stringCfgs.size());
regionIds = ConfigServiceUtil.getId(3,_stringCfgs.size());
}
} catch (Exception e) {
e.printStackTrace();
logger.info("获取编译ID出错");
throw new MaatConvertException("<spring:message code=\"request_service_failed\"/>:"+e.getMessage());
}
int ind=0;
Date date=new Date();
for (BaseStringCfg cfg : _stringCfgs) {
cfg.setAction(serviceDict.getAction());
cfg.setCfgRegionCode(regionDict.getConfigRegionCode());
cfg.setCfgType(regionDict.getConfigRegionValue());
cfg.setCreateTime(date);
cfg.setCreatorId(UserUtils.getUser().getId());
cfg.setDoLog(1);
cfg.setFunctionId(regionDict.getFunctionId());
if(audit){
cfg.setIsAudit(Constants.AUDIT_YES);
cfg.setIsValid(Constants.VALID_YES);
cfg.setAuditorId(UserUtils.getUser().getId());
cfg.setAuditTime(date);
if(groupIds!=null&&groupIds.size()==_stringCfgs.size()) {
cfg.setGroupId(groupIds.get(ind));
}
if(regionIds!=null&&regionIds.size()==_stringCfgs.size()) {
cfg.setRegionId(regionIds.get(ind));
}
}else {
cfg.setIsAudit(Constants.AUDIT_NOT_YET);
cfg.setIsValid(Constants.VALID_NO);
}
cfg.setIsAreaEffective(0);
cfg.setAttribute("0");
cfg.setClassify("0");
cfg.setLable("0");
cfg.setRequestId(StringUtil.isEmpty(requestId) ? 0 : requestId);
cfg.setServiceId(serviceDict.getServiceId());
if(compileIds!=null&&compileIds.size()==_stringCfgs.size()) {
cfg.setCompileId(compileIds.get(ind));
}
if(specificServiceCfg!=null) {
cfg.setAppCode(specificServiceCfg.getSpecServiceCode());
cfg.setSpecServiceId(specificServiceCfg.getSpecServiceId());
if(StringUtils.isNotBlank(behaviorId))
cfg.setBehavCode(Integer.parseInt(behaviorId));
}
if (serviceDict.getServiceId().intValue() == 33
|| serviceDict.getServiceId().intValue() == 145
|| serviceDict.getServiceId().intValue() == 35
|| serviceDict.getServiceId().intValue() == 147
|| serviceDict.getServiceId().intValue() == 36
|| serviceDict.getServiceId().intValue() == 148) {
if (appRegion != null) {
AppPolicyCfg appPolicyCfg = new AppPolicyCfg();
BeanUtils.copyProperties(cfg, appPolicyCfg,new String[] {"cfgId"});
appPolicyCfg.setMatchMethod(0);
appPolicyCfg.setIsHexbin(0);
appPolicyCfg.setCfgType(appRegion.getConfigRegionValue());
appPolicyCfg.setCfgRegionCode(appRegion.getConfigRegionCode());
if (StringUtils.isNotBlank(behaviorId)) {
appPolicyCfg.setExprType(1);
} else {
appPolicyCfg.setExprType(0);
}
appPolicyCfgs.add(appPolicyCfg);
}
} else {
if(!regionDict.getFunctionId().equals(403)) {
CfgIndexInfo cfgIndexInfo = new CfgIndexInfo();
BeanUtils.copyProperties(cfg, cfgIndexInfo, new String[] {"cfgId"});
cfgIndexInfos.add(cfgIndexInfo);
}
}
ind++;
}
this.saveAndSend(_stringCfgs, cfgIndexInfos, appPolicyCfgs);
cfgIndexInfos.clear();
appPolicyCfgs.clear();
_stringCfgs.clear();
transactionManager.commit(status);
}
}catch (Throwable e) {
transactionManager.rollback(status);
// TODO: handle exception
return e;
}
}
}catch (Throwable e) {
// TODO: handle exception
return e;
}
return null;
}
public String getBehaviorId() {
return behaviorId;
}
public void setBehaviorId(String behaviorId) {
this.behaviorId = behaviorId;
}
public String getAsnIpGroup() {
return asnIpGroup;
}
public void setAsnIpGroup(String asnIpGroup) {
this.asnIpGroup = asnIpGroup;
}
public SpecificServiceCfg getSpecificServiceCfg() {
return specificServiceCfg;
}
public void setSpecificServiceCfg(SpecificServiceCfg specificServiceCfg) {
this.specificServiceCfg = specificServiceCfg;
}
public FunctionServiceDict getServiceDict() {
return serviceDict;
}
public void setServiceDict(FunctionServiceDict serviceDict) {
this.serviceDict = serviceDict;
}
public Integer getRequestId() {
return requestId;
}
public void setRequestId(Integer requestId) {
this.requestId = requestId;
}
public String getSpecServiceId() {
return specServiceId;
}
public void setSpecServiceId(String specServiceId) {
this.specServiceId = specServiceId;
}
public void saveAndSend(List<BaseStringCfg> _stringCfgs,List<CfgIndexInfo> cfgIndexInfos, List<AppPolicyCfg> appPolicyCfgs) {
logger.warn("saveAndSend start");
long start=System.currentTimeMillis();
if(_stringCfgs.size()>0) {
SqlSession batchSqlSession = null;
List<MaatCfg> configCompileList = new ArrayList();
try{
batchSqlSession = sqlSessionFactory.openSession(ExecutorType.BATCH, false);
for(int index = 0; index < _stringCfgs.size();index++){
if (regionDict.getDictId().intValue() == 167) {
BaseStringCfg<?> cfg = _stringCfgs.get(index);
cfg.setTableName("intercept_pkt_bin");
((StringCfgDao) batchSqlSession.getMapper(StringCfgDao.class)).saveStringCfgBatch(cfg);
}else
// http url
if (regionDict.getDictId().intValue() == 9||regionDict.getDictId().intValue() == 15 || regionDict.getDictId().intValue() == 596) {
BaseStringCfg<?> cfg = _stringCfgs.get(index);
cfg.setTableName("http_url_cfg");
((StringCfgDao) batchSqlSession.getMapper(StringCfgDao.class)).saveStringCfgBatch(cfg);
}else
// FTP url/content
if (regionDict.getDictId().intValue() == 36||regionDict.getDictId().intValue() == 37) {
BaseStringCfg<?> cfg = _stringCfgs.get(index);
cfg.setTableName("ftp_keyword_cfg");
((StringCfgDao) batchSqlSession.getMapper(StringCfgDao.class)).saveStringCfgBatch(cfg);
}else
// P2P eMule Keyword
if(regionDict.getDictId().intValue() == 158){
BaseStringCfg<?> cfg = _stringCfgs.get(index);
cfg.setTableName("p2p_keyword_cfg");
((StringCfgDao) batchSqlSession.getMapper(StringCfgDao.class)).saveStringCfgBatch(cfg);
}else
// P2P File Marking
if(regionDict.getDictId().intValue() == 159){
BaseStringCfg<?> cfg = _stringCfgs.get(index);
cfg.setTableName("p2p_hash_cfg");
((StringCfgDao) batchSqlSession.getMapper(StringCfgDao.class)).saveStringCfgBatch(cfg);
}else
// BGP AS
if (regionDict.getFunctionId().equals(61)) {
BaseStringCfg<?> cfg = _stringCfgs.get(index);
cfg.setTableName("ntc_bgp_as_cfg");
((StringCfgDao) batchSqlSession.getMapper(StringCfgDao.class)).saveStringCfgBatch(cfg);
}else
// SSL SNI/SAN/CN
if (regionDict.getFunctionId().intValue() == 34) {
BaseStringCfg<?> cfg = _stringCfgs.get(index);
cfg.setTableName("ssl_keyword_cfg");
((StringCfgDao) batchSqlSession.getMapper(StringCfgDao.class)).saveStringCfgBatch(cfg);
}else
// HTTP 请求/应答内容
if(regionDict.getDictId().intValue()==12||regionDict.getDictId().intValue()==13||regionDict.getDictId().intValue()==601||regionDict.getDictId().intValue()==602) {
BaseStringCfg<?> cfg = _stringCfgs.get(index);
cfg.setTableName("http_body_cfg");
((StringCfgDao) batchSqlSession.getMapper(StringCfgDao.class)).saveStringCfgBatch(cfg);
}else
// 流媒体协议
if(regionDict.getDictId().intValue()==25){
BaseStringCfg<?> cfg = _stringCfgs.get(index);
cfg.setTableName("av_cont_url_cfg");
((StringCfgDao) batchSqlSession.getMapper(StringCfgDao.class)).saveStringCfgBatch(cfg);
}else
// Voip Account
if(regionDict.getDictId().intValue()==16){
BaseStringCfg<?> cfg = _stringCfgs.get(index);
cfg.setTableName("av_voip_account_cfg");
((StringCfgDao) batchSqlSession.getMapper(StringCfgDao.class)).saveStringCfgBatch(cfg);
}else
// APP域名特征
if(regionDict.getDictId().intValue()==64){
AppDomainCfg cfg=new AppDomainCfg();
BeanUtils.copyProperties(_stringCfgs.get(index), cfg);
((AppCfgDao) batchSqlSession.getMapper(AppCfgDao.class)).insertAppDomainCfgBatch(cfg);
}
if (cfgIndexInfos != null && cfgIndexInfos.size() > 0) {
CfgIndexInfo cfgIndexInfo = cfgIndexInfos.get(index);
((IpCfgDao) batchSqlSession.getMapper(IpCfgDao.class)).saveCfgIndexForBatch(cfgIndexInfo);
}
if (appPolicyCfgs != null && appPolicyCfgs.size() > 0) {
SpringContextHolder.getBean(AppCfgDao.class).insertAppPolicyCfgForBatch(appPolicyCfgs.get(index));
}
if(audit) {
List<GroupCfg> groupRelationList = new ArrayList();
List<IpCfg> ipRegionList = new ArrayList();
List<StringCfg> strRegionList = new ArrayList();
List<NumBoundaryCfg> numRegionList = new ArrayList();
List<DigestCfg> digestRegionList = new ArrayList();
List<IpCfg> areaIpRegionList = new ArrayList();
GroupCfg group = new GroupCfg();
StringCfg cfg = new StringCfg();
BeanUtils.copyProperties(_stringCfgs.get(index), cfg);
group.setGroupId(_stringCfgs.get(index).getGroupId());
group.setCompileId(_stringCfgs.get(index).getCompileId());
group.setAuditTime(_stringCfgs.get(index).getAuditTime());
group.setIsValid(_stringCfgs.get(index).getIsValid());
groupRelationList.add(group);
cfg.setGroupId(group.getGroupId());
//处理配置关键字转译
cfg.setCfgKeywords(BaseService.keywordsEscape(cfg.getCfgKeywords()));
//增强字符串转换
cfg.setDistrict(BaseService.keywordsEscape(cfg.getDistrict()));
strRegionList.add(cfg);
MaatCfg maatCfg = new MaatCfg();
maatCfg.initDefaultValue();
BeanUtils.copyProperties(_stringCfgs.get(index), maatCfg);
maatCfg.setAction(_stringCfgs.get(index).getAction());
maatCfg.setAuditTime(_stringCfgs.get(index).getAuditTime());
maatCfg.setIpRegionList(ipRegionList);
maatCfg.setStrRegionList(strRegionList);
maatCfg.setNumRegionList(numRegionList);
maatCfg.setDigestRegionList(digestRegionList);
maatCfg.setGroupRelationList(groupRelationList);
maatCfg.setGroupNum(groupRelationList.size());
maatCfg.setAreaIpRegionList(areaIpRegionList);
maatCfg.setIsValid(_stringCfgs.get(index).getIsValid());
configCompileList.add(maatCfg);
}
}
batchSqlSession.commit();
}finally {
if(batchSqlSession != null){
batchSqlSession.close();
}
}
if(audit&&configCompileList.size()>0) {
ToMaatBean maatBean = new ToMaatBean();
maatBean.setConfigCompileList(configCompileList);
maatBean.setAuditTime(new Date());
maatBean.setCreatorName(UserUtils.getUser().getName());
maatBean.setVersion(Constants.MAAT_VERSION);
maatBean.setOpAction(Constants.INSERT_ACTION);
//调用服务接口下发配置数据
String json=BaseService.gsonToJson(maatBean);
logger.info("http配置下发配置参数"+json);
//调用服务接口下发配置
ToMaatResult result = ConfigServiceUtil.postMaatCfg(json);
logger.info("http配置下发响应信息"+result.getMsg());
}
}
long end=System.currentTimeMillis();
logger.warn("saveAndSend finish,cost:"+(end-start));
}
}

134
src/main/java/com/nis/web/controller/BaseController.java
View File

@@ -91,7 +91,6 @@ import com.nis.util.excel.thread.CheckComplexStringFormatThread;
import com.nis.util.excel.thread.CheckDnsResStrategyFormatThread;
import com.nis.util.excel.thread.CheckIpFormatThread;
import com.nis.util.excel.thread.CheckStringFormatThread;
import com.nis.web.dao.configuration.IpCfgDao;
import com.nis.web.security.UserUtils;
import com.nis.web.service.ArchiveServcie;
import com.nis.web.service.AreaService;
@@ -1249,6 +1248,7 @@ public class BaseController {
String specServiceId = request.getParameter("appId");
String behaviorId = request.getParameter("behaviorId");
String asnIpGroup = request.getParameter("asnGroupId");
String isSend = request.getParameter("isSend");
SpecificServiceCfg specificServiceCfg = null;
if (serviceDict!=null&&(serviceDict.getServiceId().intValue() == 33 || serviceDict.getServiceId().intValue() == 145
|| serviceDict.getServiceId().intValue() == 35
@@ -1403,7 +1403,7 @@ public class BaseController {
asnIpCfgs.add(_cfg);
ind++;
}
this.splitAndSave(regionDict, serviceDict, specificServiceCfg, asnIpCfgs, cfgIndexInfos, appPolicyCfgs);
this.splitAndSave(regionDict, serviceDict, specificServiceCfg, asnIpCfgs, cfgIndexInfos, appPolicyCfgs,isSend.equals("1"));
cfgIndexInfos.clear();
appPolicyCfgs.clear();
_ipPortCfgs.clear();
@@ -1415,9 +1415,21 @@ public class BaseController {
ipPortCfgs.drainTo(_ipPortCfgs, Constants.MAAT_JSON_SEND_SIZE);
List<Integer> compileIds=Lists.newArrayList();
List<Integer> regionIds=Lists.newArrayList();
List<Integer> groupIds=Lists.newArrayList();
List<Integer> numRegionGroupIds=Lists.newArrayList();
List<Integer> numRegionRegionIds=Lists.newArrayList();
if(!regionDict.getFunctionId().equals(405)) {//app ip compileId 从config_group_info中取
try {
compileIds = ConfigServiceUtil.getId(1,_ipPortCfgs.size());
if(isSend.equals("1")) {
groupIds = ConfigServiceUtil.getId(2,_ipPortCfgs.size());
regionIds = ConfigServiceUtil.getId(3,_ipPortCfgs.size());
}
//需要获取数值域的id
if(serviceDict!=null&&serviceDict.getProtocolId()!=null) {
numRegionGroupIds = ConfigServiceUtil.getId(2,_ipPortCfgs.size());
numRegionRegionIds = ConfigServiceUtil.getId(3,_ipPortCfgs.size());
}
} catch (Exception e) {
e.printStackTrace();
logger.info("获取编译ID出错");
@@ -1443,8 +1455,29 @@ public class BaseController {
cfg.setCreatorId(UserUtils.getUser().getId());
cfg.setDoLog(1);
cfg.setFunctionId(regionDict.getFunctionId());
cfg.setIsAudit(0);
cfg.setIsValid(0);
if(isSend.equals("1")) {
cfg.setIsAudit(Constants.AUDIT_YES);
cfg.setIsValid(Constants.VALID_YES);
cfg.setAuditorId(UserUtils.getUser().getId());
cfg.setAuditTime(date);
if(groupIds!=null&&groupIds.size()==_ipPortCfgs.size()) {
cfg.setGroupId(groupIds.get(ind));
}
if(regionIds!=null&&regionIds.size()==_ipPortCfgs.size()) {
cfg.setRegionId(regionIds.get(ind));
}
if(serviceDict!=null&&serviceDict.getProtocolId()!=null) {
if(numRegionGroupIds!=null&&numRegionGroupIds.size()==_ipPortCfgs.size()) {
cfg.setNumberRegionGroupId(numRegionGroupIds.get(ind));
}
if(numRegionRegionIds!=null&&numRegionRegionIds.size()==_ipPortCfgs.size()) {
cfg.setNumberRegionRegionId(numRegionRegionIds.get(ind));
}
}
}else {
cfg.setIsAudit(Constants.AUDIT_NOT_YET);
cfg.setIsValid(Constants.VALID_NO);
}
cfg.setIsAreaEffective(0);
cfg.setAttribute("0");
cfg.setClassify("0");
@@ -1499,7 +1532,7 @@ public class BaseController {
}
ind++;
}
this.splitAndSave(regionDict, serviceDict, specificServiceCfg, _ipPortCfgs, cfgIndexInfos, appPolicyCfgs);
this.splitAndSave(regionDict, serviceDict, specificServiceCfg, _ipPortCfgs, cfgIndexInfos, appPolicyCfgs,isSend.equals("1"));
cfgIndexInfos.clear();
appPolicyCfgs.clear();
_ipPortCfgs.clear();
@@ -1507,12 +1540,42 @@ public class BaseController {
}
} else if (regionDict.getRegionType().equals(2)) {
// List<Future<Throwable>> list=Lists.newArrayList();
// ExecutorService service=Executors.newFixedThreadPool(Constants.SAVE_AND_DEL_THREAD_SIZE);
// for(int j=0;j<Constants.SAVE_AND_DEL_THREAD_SIZE;j++) {
// SaveStringCfgThread t=new SaveStringCfgThread(serviceDict, regionDict, requestId, stringCfgs,isSend.equals("1"));
// t.setSpecificServiceCfg(specificServiceCfg);
// t.setAsnIpGroup(asnIpGroup);
// t.setBehaviorId(behaviorId);
// t.setSpecServiceId(specServiceId);
// list.add(service.submit(t));
// }
// service.shutdown();
// while(!service.isTerminated()) {
// Thread.sleep(10);
// }
// for(Future<Throwable> e:list) {
// if(e.get()!=null) {
// try {
// throw e.get();
// } catch (Throwable e1) {
// // TODO Auto-generated catch block
// e1.printStackTrace();
// }
// }
// }
List<BaseStringCfg> _stringCfgs=Lists.newArrayList(Constants.MAAT_JSON_SEND_SIZE);
while(!stringCfgs.isEmpty()) {
stringCfgs.drainTo(_stringCfgs, Constants.MAAT_JSON_SEND_SIZE);
List<Integer> compileIds=Lists.newArrayList();
List<Integer> groupIds=Lists.newArrayList();
List<Integer> regionIds=Lists.newArrayList();
try {
compileIds = ConfigServiceUtil.getId(1,_stringCfgs.size());
if(isSend.equals("1")) {
groupIds = ConfigServiceUtil.getId(2,_stringCfgs.size());
regionIds = ConfigServiceUtil.getId(3,_stringCfgs.size());
}
} catch (Exception e) {
e.printStackTrace();
logger.info("获取编译ID出错");
@@ -1521,16 +1584,27 @@ public class BaseController {
int ind=0;
for (BaseStringCfg cfg : _stringCfgs) {
cfg.setAction(serviceDict.getAction());
/*cfg.setAuditorId(UserUtils.getUser().getId());
cfg.setAuditTime(date);*/
cfg.setCfgRegionCode(regionDict.getConfigRegionCode());
cfg.setCfgType(regionDict.getConfigRegionValue());
cfg.setCreateTime(date);
cfg.setCreatorId(UserUtils.getUser().getId());
cfg.setDoLog(1);
cfg.setFunctionId(regionDict.getFunctionId());
cfg.setIsAudit(0);
cfg.setIsValid(0);
if(isSend.equals("1")) {
cfg.setIsAudit(Constants.AUDIT_YES);
cfg.setIsValid(Constants.VALID_YES);
cfg.setAuditorId(UserUtils.getUser().getId());
cfg.setAuditTime(date);
if(groupIds!=null&&groupIds.size()==_stringCfgs.size()) {
cfg.setGroupId(groupIds.get(ind));
}
if(regionIds!=null&&regionIds.size()==_stringCfgs.size()) {
cfg.setRegionId(regionIds.get(ind));
}
}else {
cfg.setIsAudit(Constants.AUDIT_NOT_YET);
cfg.setIsValid(Constants.VALID_NO);
}
cfg.setIsAreaEffective(0);
cfg.setAttribute("0");
cfg.setClassify("0");
@@ -1579,7 +1653,7 @@ public class BaseController {
}
ind++;
}
this.splitAndSave(regionDict, serviceDict, specificServiceCfg, _stringCfgs, cfgIndexInfos, appPolicyCfgs);
this.splitAndSave(regionDict, serviceDict, specificServiceCfg, _stringCfgs, cfgIndexInfos, appPolicyCfgs,isSend.equals("1"));
cfgIndexInfos.clear();
appPolicyCfgs.clear();
_stringCfgs.clear();
@@ -1657,7 +1731,7 @@ public class BaseController {
}
ind++;
}
this.splitAndSave(regionDict, serviceDict, specificServiceCfg, _complexkeywordCfgs, cfgIndexInfos, appPolicyCfgs);
this.splitAndSave(regionDict, serviceDict, specificServiceCfg, _complexkeywordCfgs, cfgIndexInfos, appPolicyCfgs,isSend.equals("1"));
cfgIndexInfos.clear();
appPolicyCfgs.clear();
_complexkeywordCfgs.clear();
@@ -1697,7 +1771,7 @@ public class BaseController {
cfg.setCompileId(compileIds.get(ind));
ind++;
}
this.splitAndSave(regionDict, serviceDict, specificServiceCfg, _dnsResStrategies, cfgIndexInfos, appPolicyCfgs);
this.splitAndSave(regionDict, serviceDict, specificServiceCfg, _dnsResStrategies, cfgIndexInfos, appPolicyCfgs,isSend.equals("1"));
_dnsResStrategies.clear();
cfgIndexInfos.clear();
appPolicyCfgs.clear();
@@ -1789,7 +1863,7 @@ public class BaseController {
public void splitAndSave(FunctionRegionDict regionDict,FunctionServiceDict serviceDict,
SpecificServiceCfg specificServiceCfg,
List<? extends BaseCfg> list,List<CfgIndexInfo> cfgIndexInfos,
List<AppPolicyCfg> appPolicyCfgs){
List<AppPolicyCfg> appPolicyCfgs,boolean send){
if(list!=null&&list.size()>0) {
String type=null;
if (list.get(0) instanceof BaseIpCfg) {
@@ -1803,6 +1877,12 @@ public class BaseController {
}else if(list.get(0) instanceof AsnIpCfg) {
type="AsnIpCfg";
}
if (cfgIndexInfos != null && cfgIndexInfos.size() > 0) {
ipCfgService.saveCfgIndexOf(cfgIndexInfos);
}
if (appPolicyCfgs != null && appPolicyCfgs.size() > 0) {
appCfgService.savePolicyList(appPolicyCfgs);
}
if("BaseIpCfg".equals(type)) {
List<BaseIpCfg> listPage = (List<BaseIpCfg>) list;
if (regionDict.getFunctionId().equals(301)) {
@@ -1812,7 +1892,7 @@ public class BaseController {
}else if (specificServiceCfg!=null&&regionDict.getFunctionId().equals(405)) {
appCfgService.saveAppIpCfg((List<BaseIpCfg>)listPage,specificServiceCfg);
}else {
ipCfgService.saveBatch((List<BaseIpCfg>)listPage, IpCfgDao.class);
ipCfgService.saveIpBatch(regionDict,serviceDict,(List<BaseIpCfg>)listPage,send);
}
}else if("AsnIpCfg".equals(type)) {
List<AsnIpCfg> listPage = (List<AsnIpCfg>) list;
@@ -1823,51 +1903,51 @@ public class BaseController {
// ip_payload
if (regionDict.getDictId().intValue() == 167) {
// interceptCfgService.saveInterceptCfg(listPage);
interceptCfgService.saveStringCfgBatch(listPage, "intercept_pkt_bin");
interceptCfgService.saveStringCfgBatch(regionDict,serviceDict,listPage, "intercept_pkt_bin",send);
}
// http url
if (regionDict.getDictId().intValue() == 9||regionDict.getDictId().intValue() == 15 || regionDict.getDictId().intValue() == 596) {
// websiteCfgService.saveHttpUrlCfg(listPage);
websiteCfgService.saveStringCfgBatch(listPage, "http_url_cfg");
websiteCfgService.saveStringCfgBatch(regionDict,serviceDict,listPage, "http_url_cfg",send);
}
// FTP url/content
if (regionDict.getDictId().intValue() == 36||regionDict.getDictId().intValue() == 37) {
// fileTransferCfgService.saveFtpCfg(listPage);
fileTransferCfgService.saveStringCfgBatch(listPage, "ftp_keyword_cfg");
fileTransferCfgService.saveStringCfgBatch(regionDict,serviceDict,listPage, "ftp_keyword_cfg",send);
}
// P2P eMule Keyword
if(regionDict.getDictId().intValue() == 158){
fileTransferCfgService.saveStringCfgBatch(listPage, "p2p_keyword_cfg");
fileTransferCfgService.saveStringCfgBatch(regionDict,serviceDict,listPage, "p2p_keyword_cfg",send);
}
// P2P File Marking
if(regionDict.getDictId().intValue() == 159){
// fileTransferCfgService.saveP2pCfg(listPage);
fileTransferCfgService.saveStringCfgBatch(listPage, "p2p_hash_cfg");
fileTransferCfgService.saveStringCfgBatch(regionDict,serviceDict,listPage, "p2p_hash_cfg",send);
}
// BGP AS
if (regionDict.getFunctionId().equals(61)) {
// bgpCfgService.saveBgpAsCfg(listPage);
bgpCfgService.saveStringCfgBatch(listPage, "ntc_bgp_as_cfg");
bgpCfgService.saveStringCfgBatch(regionDict,serviceDict,listPage, "ntc_bgp_as_cfg",send);
}
// SSL SNI/SAN/CN
if (regionDict.getFunctionId().intValue() == 34) {
// websiteCfgService.saveSslCfg(listPage);
websiteCfgService.saveStringCfgBatch(listPage, "ssl_keyword_cfg");
websiteCfgService.saveStringCfgBatch(regionDict,serviceDict,listPage, "ssl_keyword_cfg",send);
}
// HTTP 请求/应答内容
if(regionDict.getDictId().intValue()==12||regionDict.getDictId().intValue()==13||regionDict.getDictId().intValue()==601||regionDict.getDictId().intValue()==602) {
// websiteCfgService.saveHttpBodyCfg(listPage);
websiteCfgService.saveStringCfgBatch(listPage, "http_body_cfg");
websiteCfgService.saveStringCfgBatch(regionDict,serviceDict,listPage, "http_body_cfg",send);
}
// 流媒体协议
if(regionDict.getDictId().intValue()==25){
// avContentCfgService.saveContUrlCfg(listPage);
avContentCfgService.saveStringCfgBatch(listPage, "av_cont_url_cfg");
avContentCfgService.saveStringCfgBatch(regionDict,serviceDict,listPage, "av_cont_url_cfg",send);
}
// Voip Account
if(regionDict.getDictId().intValue()==16){
// avContentCfgService.saveVoIpAccountCfg(listPage);
avContentCfgService.saveStringCfgBatch(listPage, "av_voip_account_cfg");
avContentCfgService.saveStringCfgBatch(regionDict,serviceDict,listPage, "av_voip_account_cfg",send);
}
// APP域名特征
if(regionDict.getDictId().intValue()==64){
@@ -1907,12 +1987,6 @@ public class BaseController {
dnsResStrategyService.saveDnsResStrategyCfgBatch(listPage);
}
}
if (cfgIndexInfos != null && cfgIndexInfos.size() > 0) {
ipCfgService.saveCfgIndexOf(cfgIndexInfos);
}
if (appPolicyCfgs != null && appPolicyCfgs.size() > 0) {
appCfgService.savePolicyList(appPolicyCfgs);
}
}
/**
* 多域配置导出

38
src/main/java/com/nis/web/controller/SystemController.java
View File

@@ -32,26 +32,32 @@ public class SystemController extends BaseController{
boolean topShow = false;
for(SysMenu second:menu.getChildren()){
boolean secondShow = false;
if(!StringUtil.isEmpty(second.getChildren())&&second.getIsShow()==1){
for(SysMenu third:second.getChildren()){
boolean thirdShow = false;
if(!StringUtil.isEmpty(third.getChildren())&&third.getIsShow()==1){
for(SysMenu fourth:third.getChildren()){
if(!StringUtil.isEmpty(fourth.getMenuBg())&&fourth.getIsShow()==1){
newList.add(fourth);
if(second.getIsShow()==1){
if(!StringUtil.isEmpty(second.getMenuBg())){
secondShow = true;
}
if(!StringUtil.isEmpty(second.getChildren())){
for(SysMenu third:second.getChildren()){
boolean thirdShow = false;
if(third.getIsShow()==1){
if(!StringUtil.isEmpty(third.getMenuBg())){
thirdShow = true;
secondShow = true;
}
if(!StringUtil.isEmpty(third.getChildren())){
for(SysMenu fourth:third.getChildren()){
if(!StringUtil.isEmpty(fourth.getMenuBg())&&fourth.getIsShow()==1){
newList.add(fourth);
thirdShow = true;
secondShow = true;
}
}
}
}
}else{
if(!StringUtil.isEmpty(third.getMenuBg())&&third.getIsShow()==1){
thirdShow = true;
secondShow = true;
if(thirdShow){
newList.add(third);
}
}
if(thirdShow){
newList.add(third);
}
}
if(secondShow){
@@ -59,10 +65,6 @@ public class SystemController extends BaseController{
topShow = true;
}
}else{
if(!StringUtil.isEmpty(second.getMenuBg())&&second.getIsShow()==1){
topShow = true;
}
}
}
if(topShow){

2
src/main/java/com/nis/web/dao/configuration/AppCfgDao.java
View File

@@ -41,6 +41,7 @@ public interface AppCfgDao {
public IpPortCfg getAppPolicyIpCfg(AppPolicyCfg entity) ;
public List<IpPortCfg> getAppPolicyIpList(AppPolicyCfg entity);
public int insertAppPolicyCfg(AppPolicyCfg entity);
public int insertAppPolicyCfgForBatch(AppPolicyCfg entity);
public int updateAppPolicyCfg(AppPolicyCfg entity);
public int insertAppPolicyIpCfg(IpPortCfg entity);
public int deleteAppPolicyIpCfg(AppPolicyCfg entity);
@@ -49,6 +50,7 @@ public interface AppCfgDao {
public List<AppIpCfg> findAppIpList(AppIpCfg entity) ;
public AppIpCfg getAppIpCfg(Long cfgId) ;
public int insertAppIpCfg(AppIpCfg entity);
public int insertAppIpCfgForBatch(AppIpCfg entity);
public int insertAppIpCfgBatch(List<AppIpCfg> list);
public int updateAppIpCfg(AppIpCfg entity);
//app http特征增删改查

31
src/main/java/com/nis/web/dao/configuration/AppCfgDao.xml
View File

@@ -1690,6 +1690,21 @@
,#{userRegion4,jdbcType=VARCHAR} ,#{userRegion5,jdbcType=VARCHAR} ,#{doLog,jdbcType=INTEGER}
)
</insert>
<insert id="insertAppPolicyCfgForBatch" parameterType="com.nis.domain.configuration.AppPolicyCfg" >
insert into app_policy_cfg (
APP_CODE,BEHAV_CODE,SPEC_SERVICE_ID,CFG_DESC,ACTION,IS_VALID,IS_AUDIT,
CREATOR_ID,CREATE_TIME,EDITOR_ID,EDIT_TIME,AUDITOR_ID,AUDIT_TIME,
SERVICE_ID,REQUEST_ID,COMPILE_ID,IS_AREA_EFFECTIVE,CLASSIFY,
ATTRIBUTE,LABLE,AREA_EFFECTIVE_IDS,RATELIMIT,FUNCTION_ID,
CFG_TYPE,CFG_REGION_CODE,EXPR_TYPE,MATCH_METHOD,IS_HEXBIN,USER_REGION1
,USER_REGION2,USER_REGION3,USER_REGION4,USER_REGION5,DO_LOG
)values (
<include refid="AppCommonCfg_Value_List" />,
#{exprType,jdbcType=INTEGER},#{matchMethod,jdbcType=INTEGER},#{isHexbin,jdbcType=INTEGER}
,#{userRegion1,jdbcType=VARCHAR} ,#{userRegion2,jdbcType=VARCHAR} ,#{userRegion3,jdbcType=VARCHAR}
,#{userRegion4,jdbcType=VARCHAR} ,#{userRegion5,jdbcType=VARCHAR} ,#{doLog,jdbcType=INTEGER}
)
</insert>
<insert id="insertAppIpCfg" parameterType="com.nis.domain.configuration.AppIpCfg" >
<selectKey resultType="java.lang.Long" order="AFTER" keyProperty="cfgId">
SELECT LAST_INSERT_ID()
@@ -1709,6 +1724,22 @@
,#{userRegion3,jdbcType=VARCHAR},#{userRegion4,jdbcType=VARCHAR},#{userRegion5,jdbcType=VARCHAR}
)
</insert>
<insert id="insertAppIpCfgForBatch" parameterType="com.nis.domain.configuration.AppIpCfg" >
insert into app_ip_cfg (
APP_CODE,BEHAV_CODE,SPEC_SERVICE_ID, CFG_DESC,ACTION,IS_VALID,IS_AUDIT,
CREATOR_ID,CREATE_TIME,EDITOR_ID,EDIT_TIME,AUDITOR_ID,AUDIT_TIME,
SERVICE_ID,REQUEST_ID,COMPILE_ID,IS_AREA_EFFECTIVE,CLASSIFY,
ATTRIBUTE,LABLE,AREA_EFFECTIVE_IDS,RATELIMIT,FUNCTION_ID,CFG_TYPE,CFG_REGION_CODE,
IP_TYPE, IP_PATTERN, SRC_IP_ADDRESS,DEST_IP_ADDRESS, PORT_PATTERN,SRC_PORT,DEST_PORT,
DIRECTION,PROTOCOL,DO_LOG,user_region1,user_region2,user_region3,user_region4,user_region5
)values (
<include refid="AppCommonCfg_Value_List" />,
#{ipType,jdbcType=INTEGER}, #{ipPattern,jdbcType=INTEGER},#{srcIpAddress,jdbcType=VARCHAR},#{destIpAddress,jdbcType=VARCHAR},
#{portPattern,jdbcType=INTEGER},#{srcPort,jdbcType=VARCHAR},#{destPort,jdbcType=VARCHAR},#{direction,jdbcType=INTEGER},
#{protocol,jdbcType=INTEGER},#{doLog,jdbcType=INTEGER},#{userRegion1,jdbcType=VARCHAR},#{userRegion2,jdbcType=VARCHAR}
,#{userRegion3,jdbcType=VARCHAR},#{userRegion4,jdbcType=VARCHAR},#{userRegion5,jdbcType=VARCHAR}
)
</insert>
<insert id="insertAppIpCfgBatch" parameterType="com.nis.domain.configuration.AppIpCfg" >
insert into app_ip_cfg (
APP_CODE,BEHAV_CODE,SPEC_SERVICE_ID, CFG_DESC,ACTION,IS_VALID,IS_AUDIT,

4
src/main/java/com/nis/web/dao/configuration/IpCfgDao.xml
View File

@@ -862,8 +862,8 @@
)values (
#{cfgDesc,jdbcType=VARCHAR},
#{action,jdbcType=INTEGER},
0,
0,
#{isValid,jdbcType=INTEGER},
#{isAudit,jdbcType=INTEGER},
#{creatorId,jdbcType=INTEGER},
#{createTime,jdbcType=TIMESTAMP},
#{editorId,jdbcType=INTEGER},

1485
src/main/java/com/nis/web/service/BaseService.java
View File

File diff suppressed because it is too large Load Diff

12
src/main/resources/sql/20181120/update_menu_help_url Normal file
View File

@@ -0,0 +1,12 @@
UPDATE `sys_menu` SET `parent_id` = 724, `parent_ids` = '0,1,86,719,724,', `code` = 'http_block', `name` = 'HTTP管控', `sort` = 2, `href` = '/proxy/control/httpRedirect/httpBlockList', `target` = '', `icon` = '', `is_show` = 1, `permission` = 'control:httpBlock:config', `create_by` = '1', `create_date` = '2018-07-24 11:06:03', `update_by` = '1', `update_date` = '2018-07-25 10:42:57', `remarks` = '', `del_flag` = 1, `menu_bg` = null, `quick_action` = 0, `is_top` = 0, `function_id` = 207 WHERE `id` = 911;
UPDATE `sys_menu` SET `parent_id` = 724, `parent_ids` = '0,1,86,719,724,', `code` = 'http_monit', `name` = 'HTTP监测', `sort` = 1, `href` = '/proxy/control/httpRedirect/httpMonitList', `target` = '', `icon` = '', `is_show` = 1, `permission` = 'control:httpMonit:config', `create_by` = '1', `create_date` = '2018-07-24 11:08:59', `update_by` = '1', `update_date` = '2018-07-25 10:43:52', `remarks` = '', `del_flag` = 1, `menu_bg` =null, `quick_action` = 0, `is_top` = 0, `function_id` = 210 WHERE `id` = 914;
UPDATE `sys_menu` SET `parent_id` = 724, `parent_ids` = '0,1,86,719,724,', `code` = 'http_redirect', `name` = 'HTTP重定向', `sort` = 3, `href` = '/proxy/control/httpRedirect/httpRedirectList', `target` = '', `icon` = '', `is_show` = 1, `permission` = 'control:httpRedirect:config', `create_by` = '1', `create_date` = '2018-07-24 11:06:49', `update_by` = '1', `update_date` = '2018-07-24 11:15:35', `remarks` = '', `del_flag` = 1, `menu_bg` = null, `quick_action` = 0, `is_top` = 0, `function_id` = 208 WHERE `id` = 912;
UPDATE `sys_menu` SET `parent_id` = 724, `parent_ids` = '0,1,86,719,724,', `code` = 'ip_redirect', `name` = 'IP控制', `sort` = 30, `href` = '/proxy/control/ip/list?cfgName=ip_control', `target` = '', `icon` = '', `is_show` = 0, `permission` = 'control:ip:config', `create_by` = '1', `create_date` = '2018-06-19 17:40:46', `update_by` = '1', `update_date` = '2018-07-24 11:11:32', `remarks` = '', `del_flag` = 0, `menu_bg` = null, `quick_action` = 0, `is_top` = 0, `function_id` = 202 WHERE `id` = 725;
UPDATE `sys_menu` SET `parent_id` = 724, `parent_ids` = '0,1,86,719,724,', `code` = 'http_replace', `name` = 'HTTP替换', `sort` = 4, `href` = '/proxy/control/httpRedirect/httpReplaceList', `target` = '', `icon` = '', `is_show` = 1, `permission` = 'control:httpReplace:config', `create_by` = '1', `create_date` = '2018-07-24 11:08:34', `update_by` = '1', `update_date` = '2018-07-25 10:43:28', `remarks` = '', `del_flag` = 1, `menu_bg` = null, `quick_action` = 0, `is_top` = 0, `function_id` = 209 WHERE `id` = 913;
UPDATE `sys_menu` SET `parent_id` = 724, `parent_ids` = '0,1,86,719,724,', `code` = 'http_whitelist', `name` = 'HTTP白名单', `sort` = 300, `href` = '/proxy/control/httpRedirect/httpWhitelistList', `target` = '', `icon` = '', `is_show` = 1, `permission` = 'control:httpWhitelist:config', `create_by` = '1', `create_date` = '2018-07-24 11:09:35', `update_by` = '1', `update_date` = '2018-07-25 10:44:13', `remarks` = '', `del_flag` = 1, `menu_bg` = null, `quick_action` = 0, `is_top` = 0, `function_id` = 211 WHERE `id` = 915;
UPDATE `sys_menu` SET `parent_id` = 1096, `parent_ids` = '0,1,86,1096,', `code` = 'ip_payload', `name` = 'IP Payload', `sort` = 2, `href` = '/proxy/intercept/ippayload/list', `target` = '', `icon` = '', `is_show` = 1, `permission` = 'intercept:ippayload:config', `create_by` = '1', `create_date` = '2018-09-26 14:23:23', `update_by` = '1', `update_date` = '2018-10-25 15:53:29', `remarks` = '', `del_flag` = 1, `menu_bg` = null, `quick_action` = 0, `is_top` = 0, `function_id` = 212 WHERE `id` = 1099;
UPDATE `sys_menu` SET menu_bg='/online-help/proxy/control_policy' where id=719;
UPDATE `sys_menu` SET menu_bg='/online-help/proxy/intercept_policy' where id=724;
UPDATE `sys_menu` SET menu_bg='/online-help/proxy/cache_policy' where id=1161;
UPDATE `sys_menu` SET menu_bg='/online-help/proxy/proxy_policy_object' where id=1121;

14
src/main/webapp/WEB-INF/include/excel/importModal.jsp
View File

@@ -174,6 +174,20 @@
</div>
</br>
</c:if>
<c:if test="${cfg.functionId eq 5 or cfg.functionId eq 34 or cfg.functionId eq 6}">
<div class="row">
<label class="control-label col-md-3"><font color="red">*</font><spring:message code="examine"/></label>
<div class="col-md-6">
<label class="radio-inline">
<input type="radio" name="isSend" value="0" checked><spring:message code="no"/>
</label>
<label class="radio-inline">
<input type="radio" name="isSend" value="1"><spring:message code="yes"/>
</label>
</div>
</div>
</br>
</c:if>
<div class="col-md-12">
<div class="form-group">
<label class="col-md-2 control-label" style="margin-top:5px;"><spring:message

296
src/main/webapp/online-help/proxy/cache_policy.html Normal file
View File

@@ -0,0 +1,296 @@
<!DOCTYPE html>
<!--
Template Name: Metronic - Responsive Admin Dashboard Template build with Twitter Bootstrap 3.3.0
Version: 3.5
Author: KeenThemes
Website: http://www.keenthemes.com/
Contact: support@keenthemes.com
Follow: www.twitter.com/keenthemes
Like: www.facebook.com/keenthemes
Purchase: http://themeforest.net/item/metronic-responsive-admin-dashboard-template/4021469?ref=keenthemes
License: You must have a valid license purchased only from themeforest(the above link) in order to legally use the theme for your project.
-->
<!--[if IE 8]> <html lang="en" class="ie8 no-js"> <![endif]-->
<!--[if IE 9]> <html lang="en" class="ie9 no-js"> <![endif]-->
<!--[if !IE]><!-->
<html lang="en">
<!--<![endif]-->
<!-- BEGIN HEAD -->
<head>
<meta charset="utf-8"/>
<title>online help</title>
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta content="width=device-width, initial-scale=1.0" name="viewport"/>
<meta http-equiv="Content-type" content="text/html; charset=utf-8">
<meta content="" name="description"/>
<meta content="" name="author"/>
<!-- BEGIN GLOBAL MANDATORY STYLES -->
<link href="http://fonts.googleapis.com/css?family=Open+Sans:400,300,600,700&subset=all" rel="stylesheet" type="text/css"/>
<link href="../../static/global/plugins/font-awesome/css/font-awesome.css" rel="stylesheet" type="text/css" />
<link href="../../static/global/plugins/simple-line-icons/simple-line-icons.css" rel="stylesheet" type="text/css" />
<link href="../../static/global/plugins/bootstrap/css/bootstrap.css" rel="stylesheet" type="text/css" />
<!-- <link href="../../static/global/plugins/uniform/css/uniform.default.css" rel="stylesheet" type="text/css"/> -->
<link href="../../static/global/plugins/bootstrap-switch/css/bootstrap-switch.css" rel="stylesheet" type="text/css" />
<!-- END GLOBAL MANDATORY STYLES -->
<!-- BEGIN THEME STYLES -->
<link href="../../static/global/css/components.css" rel="stylesheet" id="style_components" type="text/css" />
<link href="../../static/global/css/plugins.css" rel="stylesheet" type="text/css" />
<link href="../../static/layouts/layout/css/layout.css" rel="stylesheet" type="text/css" />
<link href="../../static/layouts/layout/css/themes/default.css" rel="stylesheet" type="text/css" id="style_color" />
<link href="../../static/layouts/layout/css/custom.css" rel="stylesheet" type="text/css" />
<!-- END THEME STYLES -->
<link rel="shortcut icon" href="favicon.ico"/>
</head>
<!-- END HEAD -->
<!-- BEGIN BODY -->
<!-- DOC: Apply "page-header-fixed-mobile" and "page-footer-fixed-mobile" class to body element to force fixed header or footer in mobile devices -->
<!-- DOC: Apply "page-sidebar-closed" class to the body and "page-sidebar-menu-closed" class to the sidebar menu element to hide the sidebar by default -->
<!-- DOC: Apply "page-sidebar-hide" class to the body to make the sidebar completely hidden on toggle -->
<!-- DOC: Apply "page-sidebar-closed-hide-logo" class to the body element to make the logo hidden on sidebar toggle -->
<!-- DOC: Apply "page-sidebar-hide" class to body element to completely hide the sidebar on sidebar toggle -->
<!-- DOC: Apply "page-sidebar-fixed" class to have fixed sidebar -->
<!-- DOC: Apply "page-footer-fixed" class to the body element to have fixed footer -->
<!-- DOC: Apply "page-sidebar-reversed" class to put the sidebar on the right side -->
<!-- DOC: Apply "page-full-width" class to the body element to have full width page without the sidebar menu -->
<body class="page-header-fixed page-quick-sidebar-over-content ">
<div class="page-content" style="margin:15px 20px 0 15px">
<div class="row">
<div id="accordion1" class="panel-group">
<div class="panel panel-success">
<div class="panel-heading">
<h4 class="panel-title">
<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_1">
1.功能简介</a>
</h4>
</div>
<div id="accordion1_1" class="panel-collapse collapse in">
<div class="panel-body">
On National Proxy System, Individual Cache policy rules determine whether to cache or not based on traffic attributes, such as URL and Cookies.
</div>
</div>
</div>
<!-- <div class="panel panel-warning">
<div class="panel-heading">
<h4 class="panel-title">
<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_2">
2.基础配置信息 </a>
</h4>
</div>
<div id="accordion1_2" class="panel-collapse collapse">
<div class="panel-body">
<ul>
<li>IP同“IP拦截”</li>
<li>HTTP URL:“同域名拦截”</li>
<li>HTTP 请求头域同“HTTP(s)监测”</li>
<li>HTTP 应答头域同“HTTP(s)监测”</li>
<li>HTTP 请求内容同“HTTP(s)监测”</li>
<li>HTTP 应答内容同“HTTP(s)监测”</li>
<li>账号同“HTTP(s)监测”</li>
</ul>
</div>
</div>
</div> -->
<div class="panel panel-warning">
<div class="panel-heading">
<h4 class="panel-title">
<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_2">
2.动作参数</a>
</h4>
</div>
<div id="accordion1_2" class="panel-collapse collapse">
<div class="panel-body">
For cache action, the optimization parameters are:
<ul>
<li>
A Cache key:is a unique string that lets the National Proxy System look for web content when requests hit them. Its made up of a hostname, path, and cookie parts. By default, the Proxy use the entire URL as the cache key. Selecting the correct cache key will ensure maximum cache footprint and increase cache hits.</li>
<li>
Ignore Query String in URL:in case the query strings doesnt actually indicate that the object need to be different then you could EXCLUDE them from the cache key. For example, after ignoring “sqp” and “rs” of URL: “https://example.com/pic.jpg?sqp=UAAI&rs=AOn4”.
</li>
<li>
Include Cookie Values:in case the server send different content for the same URL based on the cookie value, you can include that cookie value as a part of cache key. For example, the server may set a cookie at the client called "prefLang=ru" to record user preferred language, you could add "prefLang" to distinguish different web content.
</li>
<li>
Disable Revalidate:is an ON-OFF switch. The pragma-no-cache header in a clients request causes the proxy to re-fetch the entire object from the original server, even if the cached copy of the object is fresh. By default this option is switch OFF, which means a clients non-conditional request results in a conditional GET request sent to the original server if the object is already in cache. The conditional request allows the original server to return the 304 Not Modified response, if the content in cache is still fresh. Thereby, the server-side bandwidth and latency consumed are lesser as the full content is not retrieved again from the original server.
</li>
<li>
Cache Dynamic Content:is an ON-OFF switch. A URL is considered dynamic if it ends in “.asp(x)” or contains a question mark (?), a semicolon (;), or “cgi”. Ignore Query String overrides this option (switch on).
</li>
<li>
Cache Cookied Content:is an ON-OFF switch. By default, the Proxy does NOT cache cookied content of any type. If this option is switch on, the system cache all Cookeid content except HTML.
</li>
<li>
Ignore Request no-cache Headers:is an ON-OFF switch. By default, the proxy strictly observes client Cache-Control: no-cache directives. As known as:
<ul>
<li>
i. Authorization
</li>
<li>
ii. WWW-Authenticate
</li>
<li>
iii. Cache-Control: no-store
</li>
<li>
iv. Cache-Control: no-cache
</li>
</ul>
</li>
<li>
If a requested object contains a no-cache header, then proxy forwards the request to the origin server even if it has a fresh copy in cache. You can configure proxy to ignore client no-cache directives such that it ignores no-cache headers from client requests and serves the object from its cache.
Ignore Response no-cache Headers — is an ON-OFF switch. By default, a response from an origin server with a no-cache header is not stored in the cache. As known as:
<ul>
<li>
i. Cache-Control: no-store
</li>
<li>
ii. Cache-Control: private
</li>
<li>
iii. Set-Cookie
</li>
<li>
iv. Cache-Control: no-cache
</li>
<li>
v. WWW-Authenticate
</li>
<li>
vi. Expires header with a value of 0 (zero) or a past date.
</li>
</ul>
If you configure proxy to ignore no-cache headers, then proxy also ignores no-store headers. The default behavior of observing no-cache directives is appropriate in most cases.
</li>
<li>
Forcing Object Caching:
is an ON-OFF switch. You can force Proxy to cache specific URLs (including dynamic URLs) for a specified duration, regardless of Cache-Control response headers.
</li>
<li>
Minimum Use:
sets the number of times an item must be requested by clients before Proxy caches it. This is useful if the cache is constantly filling up, as it ensures that only the most frequently accessed items are added to the cache. By default, Proxy cache object at its first appearance. The Counter resets in every 30 minutes. Note that the requests is counted in computing unit independently.
</li>
<li>
Max Cache Object Size:
sets the upper limit of an object size, larger object will not be cached. By default, Proxy does not cache object larger than 1 GB.
</li>
<li>
Cache Pinning Time:
configures Proxy to keep certain objects in the cache for a specified time. You can use this option to ensure that the most popular objects are in cache when needed and to prevent cache manager from deleting important objects. Proxy observes Cache-Control headers and pins an object in the cache only if it is indeed cacheable.
</li>
<li>
Max Cache Size:
sets the upper limit of the size of storage for a policy. By default, Proxy uses all available disk space. When the cache size reaches the limit, the cache manager removes the files that were least recently used to bring the cache size back under the limit.
</li>
<li>
Inactive Time:
specifies how long an item can remain in the cache without being accessed. A file that has not been requested for this time is automatically deleted from the cache by the cache manager, regardless of whether or not it has expired.
</li>
</ul>
</div>
</div>
</div>
<!-- <div class="panel panel-danger">
<div class="panel-heading">
<h4 class="panel-title">
<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_4">
4.配置约束条件 </a>
</h4>
</div>
<div id="accordion1_4" class="panel-collapse collapse">
<div class="panel-body">
<ul>
<li>IP同“IP拦截”</li>
<li>URL同“域名拦截”</li>
<li>HTTP 请求头同“HTTP(s)监测”</li>
<li>HTTP 应答头同“HTTP(s)监测”</li>
<li>HTTP 请求内容同“HTTP(s)监测”</li>
<li>HTTP 应答内容同“HTTP(s)监测”</li>
<li>账号同“HTTP(s)监测”</li>
</ul>
</div>
</div>
</div>
<div class="panel panel-warning">
<div class="panel-heading">
<h4 class="panel-title">
<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_5">
5.预期效果 </a>
</h4>
</div>
<div id="accordion1_5" class="panel-collapse collapse">
<div class="panel-body">
<ul>
<li>阻断效果:浏览器无法访问页面</li>
<li>日志检查:生成日志</li>
</ul>
</div>
</div>
</div>
<div class="panel panel-success">
<div class="panel-heading">
<h4 class="panel-title">
<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_6">
6.配置生效区域 </a>
</h4>
</div>
<div id="accordion1_6" class="panel-collapse collapse">
<div class="panel-body">
配置的生效区域生效区域包括地区以及ISP地区和ISP可组合即某个地区的某个运营商流量生效
或者某个地区的所有流量生效,或者某个运营商的所有流量生效,也可全域生效
</div>
</div>
</div>
<div class="panel panel-success">
<div class="panel-heading">
<h4 class="panel-title">
<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_7">
7.配置标签 </a>
</h4>
</div>
<div id="accordion1_7" class="panel-collapse collapse">
<div class="panel-body">
<ul>
<li>来函:必选项,官方或其他组织下达的配置流量管控依据。</li>
<li>分类:非必选项,配置分类,例如内容安全、网络攻击等。</li>
<li>性质:非必选项,配置性质,例如政治、暴力、宗教等。</li>
<li>标签:非必选项,自定义标签。</li>
</ul>
</div>
</div>
</div> -->
<!-- <div class="panel panel-success">
<div class="panel-heading">
<h4 class="panel-title">
<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_7">
7.其他</a>
</h4>
</div>
<div id="accordion1_7" class="panel-collapse collapse">
<div class="panel-body">
</div>
</div>
</div>-->
</div>
</div>
</div>
<!-- END FOOTER -->
<!-- BEGIN JAVASCRIPTS(Load javascripts at bottom, this will reduce page load time) -->
<!-- BEGIN CORE PLUGINS -->
<!--[if lt IE 9]>
<script src="../../static/global/plugins/respond.min.js"></script>
<script src="../../static/global/plugins/excanvas.min.js"></script>
<![endif]-->
<script src="../../static/global/plugins/jquery.min.js" type="text/javascript"></script>
<script src="../../static/global/plugins/bootstrap/js/bootstrap.min.js" type="text/javascript"></script>
<script>
jQuery(document).ready(function() {
});
</script>
<!-- END JAVASCRIPTS -->
</body>
<!-- END BODY -->
</html>

251
src/main/webapp/online-help/proxy/control_policy.html Normal file
View File

@@ -0,0 +1,251 @@
<!DOCTYPE html>
<!--
Template Name: Metronic - Responsive Admin Dashboard Template build with Twitter Bootstrap 3.3.0
Version: 3.5
Author: KeenThemes
Website: http://www.keenthemes.com/
Contact: support@keenthemes.com
Follow: www.twitter.com/keenthemes
Like: www.facebook.com/keenthemes
Purchase: http://themeforest.net/item/metronic-responsive-admin-dashboard-template/4021469?ref=keenthemes
License: You must have a valid license purchased only from themeforest(the above link) in order to legally use the theme for your project.
-->
<!--[if IE 8]> <html lang="en" class="ie8 no-js"> <![endif]-->
<!--[if IE 9]> <html lang="en" class="ie9 no-js"> <![endif]-->
<!--[if !IE]><!-->
<html lang="en">
<!--<![endif]-->
<!-- BEGIN HEAD -->
<head>
<meta charset="utf-8"/>
<title>online help</title>
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta content="width=device-width, initial-scale=1.0" name="viewport"/>
<meta http-equiv="Content-type" content="text/html; charset=utf-8">
<meta content="" name="description"/>
<meta content="" name="author"/>
<!-- BEGIN GLOBAL MANDATORY STYLES -->
<link href="http://fonts.googleapis.com/css?family=Open+Sans:400,300,600,700&subset=all" rel="stylesheet" type="text/css"/>
<link href="../../static/global/plugins/font-awesome/css/font-awesome.css" rel="stylesheet" type="text/css" />
<link href="../../static/global/plugins/simple-line-icons/simple-line-icons.css" rel="stylesheet" type="text/css" />
<link href="../../static/global/plugins/bootstrap/css/bootstrap.css" rel="stylesheet" type="text/css" />
<!-- <link href="../../static/global/plugins/uniform/css/uniform.default.css" rel="stylesheet" type="text/css"/> -->
<link href="../../static/global/plugins/bootstrap-switch/css/bootstrap-switch.css" rel="stylesheet" type="text/css" />
<!-- END GLOBAL MANDATORY STYLES -->
<!-- BEGIN THEME STYLES -->
<link href="../../static/global/css/components.css" rel="stylesheet" id="style_components" type="text/css" />
<link href="../../static/global/css/plugins.css" rel="stylesheet" type="text/css" />
<link href="../../static/layouts/layout/css/layout.css" rel="stylesheet" type="text/css" />
<link href="../../static/layouts/layout/css/themes/default.css" rel="stylesheet" type="text/css" id="style_color" />
<link href="../../static/layouts/layout/css/custom.css" rel="stylesheet" type="text/css" />
<!-- END THEME STYLES -->
<link rel="shortcut icon" href="favicon.ico"/>
</head>
<!-- END HEAD -->
<!-- BEGIN BODY -->
<!-- DOC: Apply "page-header-fixed-mobile" and "page-footer-fixed-mobile" class to body element to force fixed header or footer in mobile devices -->
<!-- DOC: Apply "page-sidebar-closed" class to the body and "page-sidebar-menu-closed" class to the sidebar menu element to hide the sidebar by default -->
<!-- DOC: Apply "page-sidebar-hide" class to the body to make the sidebar completely hidden on toggle -->
<!-- DOC: Apply "page-sidebar-closed-hide-logo" class to the body element to make the logo hidden on sidebar toggle -->
<!-- DOC: Apply "page-sidebar-hide" class to body element to completely hide the sidebar on sidebar toggle -->
<!-- DOC: Apply "page-sidebar-fixed" class to have fixed sidebar -->
<!-- DOC: Apply "page-footer-fixed" class to the body element to have fixed footer -->
<!-- DOC: Apply "page-sidebar-reversed" class to put the sidebar on the right side -->
<!-- DOC: Apply "page-full-width" class to the body element to have full width page without the sidebar menu -->
<body class="page-header-fixed page-quick-sidebar-over-content ">
<div class="page-content" style="margin:15px 20px 0 15px">
<div class="row">
<div id="accordion1" class="panel-group">
<div class="panel panel-success">
<div class="panel-heading">
<h4 class="panel-title">
<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_1">
1.功能简介</a>
</h4>
</div>
<div id="accordion1_1" class="panel-collapse collapse in">
<div class="panel-body">
On National Proxy System, Individual Control policy rules determine whether to allow,
block, redirect or replace a session based on traffic attributes, such as URL, request header fields,
request body keywords, response header fields, response body keywords, IP address, Subscribe ID and
their combination. You could specify these attributes in the submenu of Control Policy.
</div>
</div>
</div>
<div class="panel panel-warning">
<div class="panel-heading">
<h4 class="panel-title">
<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_2">
2.执行动作 </a>
</h4>
</div>
<div id="accordion1_2" class="panel-collapse collapse">
<div class="panel-body">
You could select one of the five actions for above attributes, as known as:
<ul>
<li>
Monitorthe Proxy produce a log to record matched HTTP session information.
</li>
<li>
Block:the Proxy terminate matched HTTP session with an error page and produce a log. You MUST specify a Response Code and a Response Content to generate an error page.
</li>
<li>
Redirect: the Proxy redirect matched HTTP session to a predefined URL. Since redirection need to be performed before delivering response to client, condition of response body is not applicable in this action. You MUST configure the redirect response via Response Code and Response URL. The Response URL MUST start with a scheme (http:// or https://). You SHOULD NOT select 301 as Response Code unless you exactly know what you are doing. This action produces a log.
</li>
<li>
Replace:the Proxy Searches in a given HTTP part to Find a given string, and Replace any matches with another given string. If no match was found, the session remained untouched. For performance concerns, condition of request body and response body is not available in this action. For example, you can configure the Proxy to search in the response body of URL “www.example.com/index.html”, find every “string1” and replace with “string2”. This action produces a log.
</li>
<li>
Whitelist:the Proxy pass-through the matched sessions and produce no log.
</li>
<li>
In case of HTTP session matches one more policies, the priority order is Whitelist > Reject > Redirect > Replace > Monitor, action with higher priority overrides others.
</li>
</ul>
</div>
</div>
</div>
<div class="panel panel-warning">
<div class="panel-heading">
<h4 class="panel-title">
<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_3">
3.业务配置属性 </a>
</h4>
</div>
<div id="accordion1_3" class="panel-collapse collapse">
<div class="panel-body">
The attributes are detailed in following context:
<ul>
<li>URLFrom proxys perspective, a HTTP URL consists of a hierarchical sequence of three components:
URL = hostname/path[?query] . The URL path name can also be specified by the user in the local writing system.
If not already encoded, it is converted to UTF-8, and any characters not part of the basic URL character set are
escaped as hexadecimal using percent-encoding; for example, search keywords “русский”
in Google produces URL
https://www.google.com/search?q=%D1%80%D1%83%D1%81%D1%81%D0%BA%D0%B8%D0%B9
To perform policy action on above URL, you could input the whole URL in the input box. Or,
you could input original keywords and let the Proxy do the decoding, e.g.
“google.com/search” & “русский”. Note that the scheme string MUST be excluded from the URL,
its “https://” in this case.
</li>
<li>
Request Header: is used to set conditions on request header fields. Header fields are colon-separated key-value pairs in clear-text string format, terminated by a carriage return (CR) and line feed (LF) character sequence. For example, “user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)“ is a header filed in request header. The Matching District is used to configure the fields key, if the key was presented, the Proxy will search in the value for Keywords.
</li>
<li>
Response Header is used to set conditions on response header fields. Its configuration is similar to Request Header.
</li>
<li>
Request Bodyis used to set conditions on requests body message. The Proxy searches the pre-configured Keywords in it. You can configure non-ASCII or non-utf8 keywords by turn on HEX.
</li>
<li>
Response Bodyis used to set conditions on responses body message. Its configuration is similar to Request Body.
</li>
</ul>
</div>
</div>
</div>
<!-- <div class="panel panel-danger">
<div class="panel-heading">
<h4 class="panel-title">
<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_4">
4.配置约束条件 </a>
</h4>
</div>
<div id="accordion1_4" class="panel-collapse collapse">
<div class="panel-body">
<ul>
<li>IP同“IP拦截”</li>
<li>URL同“域名拦截”</li>
<li>HTTP 请求头同“HTTP(s)监测”</li>
<li>HTTP 应答头同“HTTP(s)监测”</li>
<li>HTTP 请求内容同“HTTP(s)监测”</li>
<li>HTTP 应答内容同“HTTP(s)监测”</li>
<li>账号同“HTTP(s)监测”</li>
</ul>
</div>
</div>
</div>
<div class="panel panel-warning">
<div class="panel-heading">
<h4 class="panel-title">
<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_5">
5.预期效果 </a>
</h4>
</div>
<div id="accordion1_5" class="panel-collapse collapse">
<div class="panel-body">
<ul>
<li>阻断效果:浏览器无法访问页面</li>
<li>日志检查:生成日志</li>
</ul>
</div>
</div>
</div>
<div class="panel panel-success">
<div class="panel-heading">
<h4 class="panel-title">
<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_6">
6.配置生效区域 </a>
</h4>
</div>
<div id="accordion1_6" class="panel-collapse collapse">
<div class="panel-body">
配置的生效区域生效区域包括地区以及ISP地区和ISP可组合即某个地区的某个运营商流量生效
或者某个地区的所有流量生效,或者某个运营商的所有流量生效,也可全域生效
</div>
</div>
</div>
<div class="panel panel-success">
<div class="panel-heading">
<h4 class="panel-title">
<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_7">
7.配置标签 </a>
</h4>
</div>
<div id="accordion1_7" class="panel-collapse collapse">
<div class="panel-body">
<ul>
<li>来函:必选项,官方或其他组织下达的配置流量管控依据。</li>
<li>分类:非必选项,配置分类,例如内容安全、网络攻击等。</li>
<li>性质:非必选项,配置性质,例如政治、暴力、宗教等。</li>
<li>标签:非必选项,自定义标签。</li>
</ul>
</div>
</div>
</div> -->
<!-- <div class="panel panel-success">
<div class="panel-heading">
<h4 class="panel-title">
<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_7">
7.其他</a>
</h4>
</div>
<div id="accordion1_7" class="panel-collapse collapse">
<div class="panel-body">
</div>
</div>
</div>-->
</div>
</div>
</div>
<!-- END FOOTER -->
<!-- BEGIN JAVASCRIPTS(Load javascripts at bottom, this will reduce page load time) -->
<!-- BEGIN CORE PLUGINS -->
<!--[if lt IE 9]>
<script src="../../static/global/plugins/respond.min.js"></script>
<script src="../../static/global/plugins/excanvas.min.js"></script>
<![endif]-->
<script src="../../static/global/plugins/jquery.min.js" type="text/javascript"></script>
<script src="../../static/global/plugins/bootstrap/js/bootstrap.min.js" type="text/javascript"></script>
<script>
jQuery(document).ready(function() {
});
</script>
<!-- END JAVASCRIPTS -->
</body>
<!-- END BODY -->
</html>

224
src/main/webapp/online-help/proxy/intercept_policy.html Normal file
View File

@@ -0,0 +1,224 @@
<!DOCTYPE html>
<!--
Template Name: Metronic - Responsive Admin Dashboard Template build with Twitter Bootstrap 3.3.0
Version: 3.5
Author: KeenThemes
Website: http://www.keenthemes.com/
Contact: support@keenthemes.com
Follow: www.twitter.com/keenthemes
Like: www.facebook.com/keenthemes
Purchase: http://themeforest.net/item/metronic-responsive-admin-dashboard-template/4021469?ref=keenthemes
License: You must have a valid license purchased only from themeforest(the above link) in order to legally use the theme for your project.
-->
<!--[if IE 8]> <html lang="en" class="ie8 no-js"> <![endif]-->
<!--[if IE 9]> <html lang="en" class="ie9 no-js"> <![endif]-->
<!--[if !IE]><!-->
<html lang="en">
<!--<![endif]-->
<!-- BEGIN HEAD -->
<head>
<meta charset="utf-8"/>
<title>online help</title>
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta content="width=device-width, initial-scale=1.0" name="viewport"/>
<meta http-equiv="Content-type" content="text/html; charset=utf-8">
<meta content="" name="description"/>
<meta content="" name="author"/>
<!-- BEGIN GLOBAL MANDATORY STYLES -->
<link href="http://fonts.googleapis.com/css?family=Open+Sans:400,300,600,700&subset=all" rel="stylesheet" type="text/css"/>
<link href="../../static/global/plugins/font-awesome/css/font-awesome.css" rel="stylesheet" type="text/css" />
<link href="../../static/global/plugins/simple-line-icons/simple-line-icons.css" rel="stylesheet" type="text/css" />
<link href="../../static/global/plugins/bootstrap/css/bootstrap.css" rel="stylesheet" type="text/css" />
<!-- <link href="../../static/global/plugins/uniform/css/uniform.default.css" rel="stylesheet" type="text/css"/> -->
<link href="../../static/global/plugins/bootstrap-switch/css/bootstrap-switch.css" rel="stylesheet" type="text/css" />
<!-- END GLOBAL MANDATORY STYLES -->
<!-- BEGIN THEME STYLES -->
<link href="../../static/global/css/components.css" rel="stylesheet" id="style_components" type="text/css" />
<link href="../../static/global/css/plugins.css" rel="stylesheet" type="text/css" />
<link href="../../static/layouts/layout/css/layout.css" rel="stylesheet" type="text/css" />
<link href="../../static/layouts/layout/css/themes/default.css" rel="stylesheet" type="text/css" id="style_color" />
<link href="../../static/layouts/layout/css/custom.css" rel="stylesheet" type="text/css" />
<!-- END THEME STYLES -->
<link rel="shortcut icon" href="favicon.ico"/>
</head>
<!-- END HEAD -->
<!-- BEGIN BODY -->
<!-- DOC: Apply "page-header-fixed-mobile" and "page-footer-fixed-mobile" class to body element to force fixed header or footer in mobile devices -->
<!-- DOC: Apply "page-sidebar-closed" class to the body and "page-sidebar-menu-closed" class to the sidebar menu element to hide the sidebar by default -->
<!-- DOC: Apply "page-sidebar-hide" class to the body to make the sidebar completely hidden on toggle -->
<!-- DOC: Apply "page-sidebar-closed-hide-logo" class to the body element to make the logo hidden on sidebar toggle -->
<!-- DOC: Apply "page-sidebar-hide" class to body element to completely hide the sidebar on sidebar toggle -->
<!-- DOC: Apply "page-sidebar-fixed" class to have fixed sidebar -->
<!-- DOC: Apply "page-footer-fixed" class to the body element to have fixed footer -->
<!-- DOC: Apply "page-sidebar-reversed" class to put the sidebar on the right side -->
<!-- DOC: Apply "page-full-width" class to the body element to have full width page without the sidebar menu -->
<body class="page-header-fixed page-quick-sidebar-over-content ">
<div class="page-content" style="margin:15px 20px 0 15px">
<div class="row">
<div id="accordion1" class="panel-group">
<div class="panel panel-success">
<div class="panel-heading">
<h4 class="panel-title">
<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_1">
1.功能简介</a>
</h4>
</div>
<div id="accordion1_1" class="panel-collapse collapse in">
<div class="panel-body">
On National Proxy System, Individual Intercept policy rules determines whether to intercept/optimize a connection based on traffic attributes, such as IP address, domain name and Subscribe ID. You could specify these attributes in IP Intercept and Domain Intercept.
</div>
</div>
</div>
<div class="panel panel-warning">
<div class="panel-heading">
<h4 class="panel-title">
<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_2">
2.执行动作 </a>
</h4>
</div>
<div id="accordion1_2" class="panel-collapse collapse">
<div class="panel-body">
Both IP intercept and Domain Intercept are subject two actions:
<ul>
<li>Bypass:
the Proxy passes through the network connection without apply an optimization or policy checking. Its could be used to bypass SSL pinning applications, such as Apple Store and WhatsApp, or a of a VIPs IP address. In case of traffic matches one more policies, bypass overrides intercept.
</li>
<li>Intercept:
the National Proxy System intercepts network traffic for further control policy and cache policy checking. When a connection is set to intercept, the proxy terminates the connection and initiates a new connection between client and server. If the connection is SSL encrypted, the original certificate is replaced with a substitute one.
<p>When Intercept Related Domains is enabled, domains that share one certificates with the specified domain are considered as the same. For example, if the intercept facebook.com with Intercept Related Domain option, then *.xx.fbcdn.net, fb.com, .messenger.com and etc. are also intercepted. There may be side effects that intercept many different websites when they were hosted in a same CDN provider (Content Delivery Network). </p>
<p>Key ring determines which certificate will be used to generate substitute certificate. You could configure key ring through Proxy Policy Object page. If no key ring is specified, proxy will use the default one.</p>
<p>Intercept policy produces no log. You can find out if the interception is successful by checking if the certificate is issued by your pre-configured Root CA. You need a PC which traffic has already directed to the Proxy, and a web browser to test the policy. For Chrome and Microsoft Internet Explorer, you could click the lock icon on the address bar to view certificate. For Firefox, after you clicking the lock icon, click “>” button to show connection details, click “more information”, and then click “view certificate”. If the browser warning that the connection is not secure, one possible reason is you havent install/trust the root certificate yet.</p>
</li>
</ul>
<h3 class="text-danger ">
Note: You should exercise caution because web applications may not cooperate with SSL interception, such as SSL pinning, mutual authentication or non-standard SSL implementation.
</h3>
</div>
</div>
</div>
<!-- <div class="panel panel-warning">
<div class="panel-heading">
<h4 class="panel-title">
<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_3">
3.业务配置属性 </a>
</h4>
</div>
<div id="accordion1_3" class="panel-collapse collapse">
<div class="panel-body">
<ul>
<li>IP同“HTTP(s)监测”</li>
<li>HTTP URL:同“HTTP(s)监测”</li>
<li>HTTP 请求头域同“HTTP(s)监测”</li>
<li>HTTP 应答头域同“HTTP(s)监测”</li>
<li>HTTP 请求内容同“HTTP(s)监测”</li>
<li>HTTP 应答内容同“HTTP(s)监测”</li>
<li>账号同“HTTP(s)监测”</li>
</ul>
</div>
</div>
</div>
<div class="panel panel-danger">
<div class="panel-heading">
<h4 class="panel-title">
<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_4">
4.配置约束条件 </a>
</h4>
</div>
<div id="accordion1_4" class="panel-collapse collapse">
<div class="panel-body">
<ul>
<li>IP同“IP拦截”</li>
<li>URL同“域名拦截”</li>
<li>HTTP 请求头同“HTTP(s)监测”</li>
<li>HTTP 应答头同“HTTP(s)监测”</li>
<li>HTTP 请求内容同“HTTP(s)监测”</li>
<li>HTTP 应答内容同“HTTP(s)监测”</li>
<li>账号同“HTTP(s)监测”</li>
</ul>
</div>
</div>
</div>
<div class="panel panel-warning">
<div class="panel-heading">
<h4 class="panel-title">
<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_5">
5.预期效果 </a>
</h4>
</div>
<div id="accordion1_5" class="panel-collapse collapse">
<div class="panel-body">
<ul>
<li>阻断效果:浏览器无法访问页面</li>
<li>日志检查:生成日志</li>
</ul>
</div>
</div>
</div>
<div class="panel panel-success">
<div class="panel-heading">
<h4 class="panel-title">
<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_6">
6.配置生效区域 </a>
</h4>
</div>
<div id="accordion1_6" class="panel-collapse collapse">
<div class="panel-body">
配置的生效区域生效区域包括地区以及ISP地区和ISP可组合即某个地区的某个运营商流量生效
或者某个地区的所有流量生效,或者某个运营商的所有流量生效,也可全域生效
</div>
</div>
</div>
<div class="panel panel-success">
<div class="panel-heading">
<h4 class="panel-title">
<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_7">
7.配置标签 </a>
</h4>
</div>
<div id="accordion1_7" class="panel-collapse collapse">
<div class="panel-body">
<ul>
<li>来函:必选项,官方或其他组织下达的配置流量管控依据。</li>
<li>分类:非必选项,配置分类,例如内容安全、网络攻击等。</li>
<li>性质:非必选项,配置性质,例如政治、暴力、宗教等。</li>
<li>标签:非必选项,自定义标签。</li>
</ul>
</div>
</div>
</div> -->
<!-- <div class="panel panel-success">
<div class="panel-heading">
<h4 class="panel-title">
<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_7">
7.其他</a>
</h4>
</div>
<div id="accordion1_7" class="panel-collapse collapse">
<div class="panel-body">
</div>
</div>
</div>-->
</div>
</div>
</div>
<!-- END FOOTER -->
<!-- BEGIN JAVASCRIPTS(Load javascripts at bottom, this will reduce page load time) -->
<!-- BEGIN CORE PLUGINS -->
<!--[if lt IE 9]>
<script src="../../static/global/plugins/respond.min.js"></script>
<script src="../../static/global/plugins/excanvas.min.js"></script>
<![endif]-->
<script src="../../static/global/plugins/jquery.min.js" type="text/javascript"></script>
<script src="../../static/global/plugins/bootstrap/js/bootstrap.min.js" type="text/javascript"></script>
<script>
jQuery(document).ready(function() {
});
</script>
<!-- END JAVASCRIPTS -->
</body>
<!-- END BODY -->
</html>

365
src/main/webapp/online-help/proxy/proxy_policy_object.html Normal file
View File

@@ -0,0 +1,365 @@
<!DOCTYPE html>
<!--
Template Name: Metronic - Responsive Admin Dashboard Template build with Twitter Bootstrap 3.3.0
Version: 3.5
Author: KeenThemes
Website: http://www.keenthemes.com/
Contact: support@keenthemes.com
Follow: www.twitter.com/keenthemes
Like: www.facebook.com/keenthemes
Purchase: http://themeforest.net/item/metronic-responsive-admin-dashboard-template/4021469?ref=keenthemes
License: You must have a valid license purchased only from themeforest(the above link) in order to legally use the theme for your project.
-->
<!--[if IE 8]> <html lang="en" class="ie8 no-js"> <![endif]-->
<!--[if IE 9]> <html lang="en" class="ie9 no-js"> <![endif]-->
<!--[if !IE]><!-->
<html lang="en">
<!--<![endif]-->
<!-- BEGIN HEAD -->
<head>
<meta charset="utf-8"/>
<title>online help</title>
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta content="width=device-width, initial-scale=1.0" name="viewport"/>
<meta http-equiv="Content-type" content="text/html; charset=utf-8">
<meta content="" name="description"/>
<meta content="" name="author"/>
<!-- BEGIN GLOBAL MANDATORY STYLES -->
<link href="http://fonts.googleapis.com/css?family=Open+Sans:400,300,600,700&subset=all" rel="stylesheet" type="text/css"/>
<link href="../../static/global/plugins/font-awesome/css/font-awesome.css" rel="stylesheet" type="text/css" />
<link href="../../static/global/plugins/simple-line-icons/simple-line-icons.css" rel="stylesheet" type="text/css" />
<link href="../../static/global/plugins/bootstrap/css/bootstrap.css" rel="stylesheet" type="text/css" />
<!-- <link href="../../static/global/plugins/uniform/css/uniform.default.css" rel="stylesheet" type="text/css"/> -->
<link href="../../static/global/plugins/bootstrap-switch/css/bootstrap-switch.css" rel="stylesheet" type="text/css" />
<!-- END GLOBAL MANDATORY STYLES -->
<!-- BEGIN THEME STYLES -->
<link href="../../static/global/css/components.css" rel="stylesheet" id="style_components" type="text/css" />
<link href="../../static/global/css/plugins.css" rel="stylesheet" type="text/css" />
<link href="../../static/layouts/layout/css/layout.css" rel="stylesheet" type="text/css" />
<link href="../../static/layouts/layout/css/themes/default.css" rel="stylesheet" type="text/css" id="style_color" />
<link href="../../static/layouts/layout/css/custom.css" rel="stylesheet" type="text/css" />
<!-- END THEME STYLES -->
<link rel="shortcut icon" href="favicon.ico"/>
</head>
<!-- END HEAD -->
<!-- BEGIN BODY -->
<!-- DOC: Apply "page-header-fixed-mobile" and "page-footer-fixed-mobile" class to body element to force fixed header or footer in mobile devices -->
<!-- DOC: Apply "page-sidebar-closed" class to the body and "page-sidebar-menu-closed" class to the sidebar menu element to hide the sidebar by default -->
<!-- DOC: Apply "page-sidebar-hide" class to the body to make the sidebar completely hidden on toggle -->
<!-- DOC: Apply "page-sidebar-closed-hide-logo" class to the body element to make the logo hidden on sidebar toggle -->
<!-- DOC: Apply "page-sidebar-hide" class to body element to completely hide the sidebar on sidebar toggle -->
<!-- DOC: Apply "page-sidebar-fixed" class to have fixed sidebar -->
<!-- DOC: Apply "page-footer-fixed" class to the body element to have fixed footer -->
<!-- DOC: Apply "page-sidebar-reversed" class to put the sidebar on the right side -->
<!-- DOC: Apply "page-full-width" class to the body element to have full width page without the sidebar menu -->
<body class="page-header-fixed page-quick-sidebar-over-content ">
<div class="page-content" style="margin:15px 20px 0 15px">
<div class="row">
<div id="accordion1" class="panel-group">
<div class="panel panel-success">
<div class="panel-heading">
<h4 class="panel-title">
<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_1">
1.功能简介</a>
</h4>
</div>
<div id="accordion1_1" class="panel-collapse collapse in">
<div class="panel-body">
A policy object is a single object or a collective unit that groups discrete identities such as IP addresses, URLs, applications, or users. With policy objects that are a collective unit, you can reference the object in policy instead of manually selecting multiple objects one at a time. Typically, when creating a policy object, you group objects that require similar permissions in policy.
</div>
</div>
</div>
<div class="panel panel-warning">
<div class="panel-heading">
<h4 class="panel-title">
<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_2">
2.Key Ring </a>
</h4>
</div>
<div id="accordion1_2" class="panel-collapse collapse">
<div class="panel-body">
On National Proxy System, Key Ring is a pair of private key and public certificate. You can also import a certificate chain containing multiple certificates. Key Ring is a policy object, you can reference it in Intercept Policy.
There are three Certificate Type:
<ul>
<li>End-entity Certificate:
is used for web servers to identify themselves. The Public Key File MUST be .p12 format that contains entire certificate chain. The Private Key File could be .pem, .key or .p12 format. This certificate type is not applicable to Domain Intercept for it cannot be used to sign other certificates. Expire After parameter is also not applicable to end-entity certificate for the same reason.
</li>
<li>Intermedia Certificate:
is used to sign other certificates. An intermediate certificate must be signed by another intermediate certificate, or a root certificate. The Public Key File MUST be .p12 format that contains entire certificate chain. The Expire After parameter indicates the expiration of the substitute certificate that was issued by this intermedia certificate.
</li>
<li>Root Certificate:
is used to sign other certificates. The Public Key File could be .der, .cer, .crt or .pem format. The Expire After parameter has the same meaning as Intermedia Certificate.
Specification of certificate formats:
<ul>
<li>
.pem- (Privacy-enhanced Electronic Mail) Base64 encoded DER certificate, enclosed between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----"
</li>
<li>
.cer, .crt, .der usually in binary DER form, but Base64-encoded certificates are common too (see .pem above)
</li>
<li>
.p12 PKCS#12, may contain certificate(s) (public) and private keys (without password protected)
</li>
</ul>
</li>
</ul>
</div>
</div>
</div>
<div class="panel panel-warning">
<div class="panel-heading">
<h4 class="panel-title">
<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_3">
3.Trusted Certificate </a>
</h4>
</div>
<div id="accordion1_3" class="panel-collapse collapse">
<div class="panel-body">
National Proxy System has a build-in trusted certificate authorities list. When the original certificate is issued by a certificate authority that not in the list, the proxy will issued the substitute certificate with an untrusted root certificate, and so consequently, the browser could identify unsecure connections.
<p>
You can add a custom certificate authority to the trusted certificate authorities of the system.
<p>
The certificate MUST be PEM format.
<p>
Following are the National Proxy Systems default trusted certificate authorities:
<ul>
<li>ACCVRAIZ1</li>
<li>Actalis Authentication Root CA</li>
<li>AddTrust External CA Root</li>
<li>AffirmTrust Commercial</li>
<li>AffirmTrust Networking</li>
<li>AffirmTrust Premium</li>
<li>AffirmTrust Premium ECC</li>
<li>Amazon Root CA 1</li>
<li>Amazon Root CA 2</li>
<li>Amazon Root CA 3</li>
<li>Amazon Root CA 4</li>
<li>Atos TrustedRoot 2011</li>
<li>Autoridad de Certificacion Firmaprofesional CIF A62634068</li>
<li>Baltimore CyberTrust Root</li>
<li>Buypass Class 2 Root CA</li>
<li>Buypass Class 3 Root CA</li>
<li>CA Disig Root R2</li>
<li>CFCA EV ROOT</li>
<li>COMODO Certification Authority</li>
<li>COMODO ECC Certification Authority</li>
<li>COMODO RSA Certification Authority</li>
<li>Certigna</li>
<li>Certinomis - Root CA</li>
<li>Class 2 Primary CA</li>
<li>Certplus Root CA G1</li>
<li>Certplus Root CA G2</li>
<li>Certum Trusted Network CA</li>
<li>Certum Trusted Network CA 2</li>
<li>Chambers of Commerce Root - 2008</li>
<li>AAA Certificate Services</li>
<li>Cybertrust Global Root</li>
<li>D-TRUST Root Class 3 CA 2 2009</li>
<li>D-TRUST Root Class 3 CA 2 EV 2009</li>
<li>DST Root CA X3</li>
<li>Deutsche Telekom Root CA 2</li>
<li>DigiCert Assured ID Root CA</li>
<li>DigiCert Assured ID Root G2</li>
<li>DigiCert Assured ID Root G3</li>
<li>DigiCert Global Root CA</li>
<li>DigiCert Global Root G2</li>
<li>DigiCert Global Root G3</li>
<li>DigiCert High Assurance EV Root CA</li>
<li>DigiCert Trusted Root G4</li>
<li>E-Tugra Certification Authority</li>
<li>EC-ACC</li>
<li>EE Certification Centre Root CA</li>
<li>Entrust.net Certification Authority (2048)</li>
<li>Entrust Root Certification Authority</li>
<li>Entrust Root Certification Authority - EC1</li>
<li>Entrust Root Certification Authority - G2</li>
<li>GDCA TrustAUTH R5 ROOT</li>
<li>GeoTrust Global CA</li>
<li>GeoTrust Primary Certification Authority</li>
<li>GeoTrust Primary Certification Authority - G2</li>
<li>GeoTrust Primary Certification Authority - G3</li>
<li>GeoTrust Universal CA</li>
<li>GeoTrust Universal CA 2</li>
<li>GlobalSign</li>
<li>GlobalSign</li>
<li>GlobalSign Root CA</li>
<li>GlobalSign</li>
<li>GlobalSign</li>
<li>Global Chambersign Root - 2008</li>
<li>Go Daddy Root Certificate Authority - G2</li>
<li>Hellenic Academic and Research Institutions ECC RootCA 2015</li>
<li>Hellenic Academic and Research Institutions RootCA 2011</li>
<li>Hellenic Academic and Research Institutions RootCA 2015</li>
<li>Hongkong Post Root CA 1</li>
<li>ISRG Root X1</li>
<li>IdenTrust Commercial Root CA 1</li>
<li>IdenTrust Public Sector Root CA 1</li>
<li>Izenpe.com</li>
<li>LuxTrust Global Root 2</li>
<li>Microsec e-Szigno Root CA 2009</li>
<li>NetLock Arany (Class Gold) Főtanúsítvány</li>
<li>Network Solutions Certificate Authority</li>
<li>OISTE WISeKey Global Root GA CA</li>
<li>OISTE WISeKey Global Root GB CA</li>
<li>OpenTrust Root CA G1</li>
<li>OpenTrust Root CA G2</li>
<li>OpenTrust Root CA G3</li>
<li>QuoVadis Root Certification Authority</li>
<li>QuoVadis Root CA 1 G3</li>
<li>QuoVadis Root CA 2</li>
<li>QuoVadis Root CA 2 G3</li>
<li>QuoVadis Root CA 3</li>
<li>QuoVadis Root CA 3 G3</li>
<li>SSL.com EV Root Certification Authority ECC</li>
<li>SSL.com EV Root Certification Authority RSA R2</li>
<li>SSL.com Root Certification Authority ECC</li>
<li>SSL.com Root Certification Authority RSA</li>
<li>SZAFIR ROOT CA2</li>
<li>SecureSign RootCA11</li>
<li>SecureTrust CA</li>
<li>Secure Global CA</li>
<li>Sonera Class2 CA</li>
<li>Staat der Nederlanden EV Root CA</li>
<li>Staat der Nederlanden Root CA - G2</li>
<li>Staat der Nederlanden Root CA - G3</li>
<li>Starfield Root Certificate Authority - G2</li>
<li>Starfield Services Root Certificate Authority - G2</li>
<li>SwissSign Gold CA - G2</li>
<li>SwissSign Silver CA - G2</li>
<li>T-TeleSec GlobalRoot Class 2</li>
<li>T-TeleSec GlobalRoot Class 3</li>
<li>TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1</li>
<li>TWCA Global Root CA</li>
<li>TWCA Root Certification Authority</li>
<li>TeliaSonera Root CA v1</li>
<li>TrustCor ECA-1</li>
<li>TrustCor RootCert CA-1</li>
<li>TrustCor RootCert CA-2</li>
<li>TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5</li>
<li>USERTrust ECC Certification Authority</li>
<li>USERTrust RSA Certification Authority</li>
<li>VeriSign Class 3 Public Primary Certification Authority - G4</li>
<li>VeriSign Class 3 Public Primary Certification Authority - G5</li>
<li>VeriSign Universal Root Certification Authority</li>
<li>VeriSign Class 3 Public Primary Certification Authority - G3</li>
<li>Visa eCommerce Root</li>
<li>XRamp Global Certification Authority</li>
<li>thawte Primary Root CA</li>
<li>thawte Primary Root CA - G2</li>
<li>thawte Primary Root CA - G3</li>
<li>Microsoft Root Authority</li>
<li>Microsoft Root Certificate Authority</li>
<li>Microsoft Root Certificate Authority 2010</li>
<li>Microsoft Root Certificate Authority 2011</li>
<li>Baltimore CyberTrust Root</li>
</ul>
</div>
</div>
</div>
<!-- <div class="panel panel-danger">
<div class="panel-heading">
<h4 class="panel-title">
<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_4">
4.配置约束条件 </a>
</h4>
</div>
<div id="accordion1_4" class="panel-collapse collapse">
<div class="panel-body">
<ul>
<li>IP同“IP拦截”</li>
<li>URL同“域名拦截”</li>
<li>HTTP 请求头同“HTTP(s)监测”</li>
<li>HTTP 应答头同“HTTP(s)监测”</li>
<li>HTTP 请求内容同“HTTP(s)监测”</li>
<li>HTTP 应答内容同“HTTP(s)监测”</li>
<li>账号同“HTTP(s)监测”</li>
</ul>
</div>
</div>
</div>
<div class="panel panel-warning">
<div class="panel-heading">
<h4 class="panel-title">
<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_5">
5.预期效果 </a>
</h4>
</div>
<div id="accordion1_5" class="panel-collapse collapse">
<div class="panel-body">
<ul>
<li>阻断效果:浏览器无法访问页面</li>
<li>日志检查:生成日志</li>
</ul>
</div>
</div>
</div>
<div class="panel panel-success">
<div class="panel-heading">
<h4 class="panel-title">
<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_6">
6.配置生效区域 </a>
</h4>
</div>
<div id="accordion1_6" class="panel-collapse collapse">
<div class="panel-body">
配置的生效区域生效区域包括地区以及ISP地区和ISP可组合即某个地区的某个运营商流量生效
或者某个地区的所有流量生效,或者某个运营商的所有流量生效,也可全域生效
</div>
</div>
</div>
<div class="panel panel-success">
<div class="panel-heading">
<h4 class="panel-title">
<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_7">
7.配置标签 </a>
</h4>
</div>
<div id="accordion1_7" class="panel-collapse collapse">
<div class="panel-body">
<ul>
<li>来函:必选项,官方或其他组织下达的配置流量管控依据。</li>
<li>分类:非必选项,配置分类,例如内容安全、网络攻击等。</li>
<li>性质:非必选项,配置性质,例如政治、暴力、宗教等。</li>
<li>标签:非必选项,自定义标签。</li>
</ul>
</div>
</div>
</div> -->
<!-- <div class="panel panel-success">
<div class="panel-heading">
<h4 class="panel-title">
<a class="accordion-toggle" data-toggle="collapse" data-parent="#accordion1" href="#accordion1_7">
7.其他</a>
</h4>
</div>
<div id="accordion1_7" class="panel-collapse collapse">
<div class="panel-body">
</div>
</div>
</div>-->
</div>
</div>
</div>
<!-- END FOOTER -->
<!-- BEGIN JAVASCRIPTS(Load javascripts at bottom, this will reduce page load time) -->
<!-- BEGIN CORE PLUGINS -->
<!--[if lt IE 9]>
<script src="../../static/global/plugins/respond.min.js"></script>
<script src="../../static/global/plugins/excanvas.min.js"></script>
<![endif]-->
<script src="../../static/global/plugins/jquery.min.js" type="text/javascript"></script>
<script src="../../static/global/plugins/bootstrap/js/bootstrap.min.js" type="text/javascript"></script>
<script>
jQuery(document).ready(function() {
});
</script>
<!-- END JAVASCRIPTS -->
</body>
<!-- END BODY -->
</html>