diff --git a/src/main/java/com/nis/domain/callback/ProxyObjKeyring.java b/src/main/java/com/nis/domain/callback/ProxyObjKeyring.java
new file mode 100644
index 000000000..7e12c56d6
--- /dev/null
+++ b/src/main/java/com/nis/domain/callback/ProxyObjKeyring.java
@@ -0,0 +1,156 @@
+package com.nis.domain.callback;
+
+import java.util.Date;
+
+import com.google.gson.annotations.Expose;
+public class ProxyObjKeyring {
+	@Expose
+	private Long id; //compileId
+	@Expose
+	private Integer cfgId; //compileId
+	@Expose
+	private Integer keyringId;
+	@Expose
+	private Integer action;
+	@Expose
+	private Integer service;
+	@Expose
+	private Integer isValid;
+	@Expose
+	private Date opTime;
+	@Expose
+	private String keyringName;
+	@Expose
+	private String keyringType;
+	@Expose
+	private String privateKeyFile;
+	@Expose
+	private String publicKeyFile;
+	@Expose
+	private Integer expireAfter;
+	@Expose
+	private String publicKeyAlgo;
+	@Expose
+	private String crl;
+	
+	
+	
+	public Long getId() {
+		return id;
+	}
+	public void setId(Long id) {
+		this.id = id;
+	}
+	public void setCfgId(Integer cfgId) {
+		this.cfgId = cfgId;
+	}
+	public Integer getCfgId() {
+		return cfgId;
+	}
+	public void setKeyringId(Integer keyringId) {
+		this.keyringId = keyringId;
+	}
+	public Integer getKeyringId() {
+		return keyringId;
+	}
+
+	public String getKeyringName() {
+		return keyringName;
+	}
+	public void setKeyringName(String keyringName) {
+		this.keyringName = keyringName;
+	}
+	public String getKeyringType() {
+		return keyringType;
+	}
+	public void setKeyringType(String keyringType) {
+		this.keyringType = keyringType;
+	}
+	public String getPrivateKeyFile() {
+		return privateKeyFile;
+	}
+	public void setPrivateKeyFile(String privateKeyFile) {
+		this.privateKeyFile = privateKeyFile;
+	}
+	public String getPublicKeyFile() {
+		return publicKeyFile;
+	}
+	public void setPublicKeyFile(String publicKeyFile) {
+		this.publicKeyFile = publicKeyFile;
+	}
+	public Integer getExpireAfter() {
+		return expireAfter;
+	}
+	public void setExpireAfter(Integer expireAfter) {
+		this.expireAfter = expireAfter;
+	}
+	public String getPublicKeyAlgo() {
+		return publicKeyAlgo;
+	}
+	public void setPublicKeyAlgo(String publicKeyAlgo) {
+		this.publicKeyAlgo = publicKeyAlgo;
+	}
+	public String getCrl() {
+		return crl;
+	}
+	public void setCrl(String crl) {
+		this.crl = crl;
+	}
+	/**
+	 * action
+	 * @return  action
+	*/
+	
+	public Integer getAction() {
+		return action;
+	}
+	/**
+	 * @param action the action to set
+	 */
+	public void setAction(Integer action) {
+		this.action = action;
+	}
+	/**
+	 * isValid
+	 * @return  isValid
+	*/
+	
+	public Integer getIsValid() {
+		return isValid;
+	}
+	/**
+	 * @param isValid the isValid to set
+	 */
+	public void setIsValid(Integer isValid) {
+		this.isValid = isValid;
+	}
+	/**
+	 * opTime
+	 * @return  opTime
+	*/
+	
+	public Date getOpTime() {
+		return opTime;
+	}
+	/**
+	 * @param opTime the opTime to set
+	 */
+	public void setOpTime(Date opTime) {
+		this.opTime = opTime;
+	}
+	
+	/**
+	 * service
+	 * @return  service
+	*/
+	
+	public Integer getService() {
+		return service;
+	}
+	/**
+	 * @param service the service to set
+	 */
+	public void setService(Integer service) {
+		this.service = service;
+	}
+}
diff --git a/src/main/java/com/nis/domain/configuration/DnsResStrategy.java b/src/main/java/com/nis/domain/configuration/DnsResStrategy.java
index 1bc76aad7..8d4a6a9af 100644
--- a/src/main/java/com/nis/domain/configuration/DnsResStrategy.java
+++ b/src/main/java/com/nis/domain/configuration/DnsResStrategy.java
@@ -1,12 +1,13 @@
 package com.nis.domain.configuration;
 
+import javax.net.ssl.KeyManager;
+
 /**
  * dns响应策略配置
  * @author dell
  *
  */
 public class DnsResStrategy extends BaseCfg<DnsResStrategy> {
-
 	/**
 	 * 
 	 */
diff --git a/src/main/java/com/nis/domain/configuration/PxyObjKeyring.java b/src/main/java/com/nis/domain/configuration/PxyObjKeyring.java
new file mode 100644
index 000000000..7ce57a738
--- /dev/null
+++ b/src/main/java/com/nis/domain/configuration/PxyObjKeyring.java
@@ -0,0 +1,89 @@
+package com.nis.domain.configuration;
+
+import java.util.Date;
+
+/**
+ * 拦截证书策略
+ * @author dell
+ *
+ */
+public class PxyObjKeyring extends BaseCfg<PxyObjKeyring> {
+
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = -2720862431960415564L;
+	
+	private String keyringType;
+	private String privateKeyFile;
+	private String publicKeyFile;
+	private Integer expireAfter;
+	private String publicKeyAlgo;
+	private String crl;
+	private String issuer;
+	private Date notBeforeTime;
+	private Date notAfterTime;
+	private String subject;
+	public String getKeyringType() {
+		return keyringType;
+	}
+	public void setKeyringType(String keyringType) {
+		this.keyringType = keyringType;
+	}
+	public String getPrivateKeyFile() {
+		return privateKeyFile;
+	}
+	public void setPrivateKeyFile(String privateKeyFile) {
+		this.privateKeyFile = privateKeyFile;
+	}
+	public String getPublicKeyFile() {
+		return publicKeyFile;
+	}
+	public void setPublicKeyFile(String publicKeyFile) {
+		this.publicKeyFile = publicKeyFile;
+	}
+	public Integer getExpireAfter() {
+		return expireAfter;
+	}
+	public void setExpireAfter(Integer expireAfter) {
+		this.expireAfter = expireAfter;
+	}
+	public String getPublicKeyAlgo() {
+		return publicKeyAlgo;
+	}
+	public void setPublicKeyAlgo(String publicKeyAlgo) {
+		this.publicKeyAlgo = publicKeyAlgo;
+	}
+	public String getCrl() {
+		return crl;
+	}
+	public void setCrl(String crl) {
+		this.crl = crl;
+	}
+	public String getIssuer() {
+		return issuer;
+	}
+	public void setIssuer(String issuer) {
+		this.issuer = issuer;
+	}
+	public Date getNotAfterTime() {
+		return notAfterTime;
+	}
+	public Date getNotBeforeTime() {
+		return notBeforeTime;
+	}
+	public void setNotAfterTime(Date notAfterTime) {
+		this.notAfterTime = notAfterTime;
+	}
+	public void setNotBeforeTime(Date notBeforeTime) {
+		this.notBeforeTime = notBeforeTime;
+	}
+	public String getSubject() {
+		return subject;
+	}
+	public void setSubject(String subject) {
+		this.subject = subject;
+	}
+	
+	
+}
diff --git a/src/main/java/com/nis/util/FileUtils.java b/src/main/java/com/nis/util/FileUtils.java
index a7f78a319..46adb4699 100644
--- a/src/main/java/com/nis/util/FileUtils.java
+++ b/src/main/java/com/nis/util/FileUtils.java
@@ -11,6 +11,8 @@ import java.io.InputStream;
 import java.io.OutputStream;
 import java.net.URLEncoder;
 import java.security.MessageDigest;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
 import java.util.Enumeration;
 
 import javax.servlet.ServletOutputStream;
@@ -747,6 +749,20 @@ public class FileUtils extends org.apache.commons.io.FileUtils {
 			}
 		}
 	}
+	/**
+	 * 获取公钥证书
+	 * @param inputStream
+	 * @return
+	 */
+	public static X509Certificate getCertificateInfo(InputStream inputStream) throws Exception{
+		X509Certificate ca = null;
+		CertificateFactory certificateFactory = CertificateFactory
+				.getInstance("X.509");
+		ca= (X509Certificate) certificateFactory
+				.generateCertificate(inputStream);
+		return ca;
+	}
+	
 	/**
 	 * 计算文件MD5
 	 * @param file
diff --git a/src/main/java/com/nis/web/controller/BaseController.java b/src/main/java/com/nis/web/controller/BaseController.java
index d1210c25d..08cd1bc25 100644
--- a/src/main/java/com/nis/web/controller/BaseController.java
+++ b/src/main/java/com/nis/web/controller/BaseController.java
@@ -85,6 +85,7 @@ import com.nis.web.service.configuration.IpMultiplexPoolCfgService;
 import com.nis.web.service.configuration.MailCfgService;
 import com.nis.web.service.configuration.NumCfgService;
 import com.nis.web.service.configuration.ProxyFileStrategyService;
+import com.nis.web.service.configuration.PxyObjKeyringService;
 import com.nis.web.service.configuration.RequestInfoService;
 import com.nis.web.service.configuration.WebsiteCfgService;
 import com.nis.web.service.configuration.XmppCfgService;
@@ -189,6 +190,8 @@ public class BaseController {
 	protected InterceptCfgService interceptCfgService;
 	@Autowired
 	protected ProxyFileStrategyService proxyFileStrategyService;//代理文件策略service
+	@Autowired
+	protected PxyObjKeyringService pxyObjKeyringService;//拦截策略service
 	
 	/**
 	 * 管理基础路径
diff --git a/src/main/java/com/nis/web/controller/configuration/proxy/InterceptController.java b/src/main/java/com/nis/web/controller/configuration/proxy/InterceptController.java
index 561d247c0..428417107 100644
--- a/src/main/java/com/nis/web/controller/configuration/proxy/InterceptController.java
+++ b/src/main/java/com/nis/web/controller/configuration/proxy/InterceptController.java
@@ -27,6 +27,7 @@ import com.nis.domain.configuration.DnsResStrategy;
 import com.nis.domain.configuration.HttpUrlCfg;
 import com.nis.domain.configuration.InterceptPktBin;
 import com.nis.domain.configuration.IpPortCfg;
+import com.nis.domain.configuration.PxyObjKeyring;
 import com.nis.domain.configuration.template.IpAddrTemplate;
 import com.nis.exceptions.MaatConvertException;
 import com.nis.web.controller.configuration.CommonController;
@@ -46,6 +47,17 @@ public class InterceptController extends CommonController{
 		Page<CfgIndexInfo> page = websiteCfgService.getWebsiteList(searchPage, cfg);
 		model.addAttribute("page", page);
 		initPageCondition(model,cfg);
+		
+		//获取证书信息
+		List<PxyObjKeyring> certificateList=new ArrayList<PxyObjKeyring>();
+		if(cfg.getFunctionId().equals(200)){
+			certificateList=pxyObjKeyringService.findPxyObjKeyrings(null, 1, 1, "ip");
+		}
+		if(cfg.getFunctionId().equals(201)){
+			certificateList=pxyObjKeyringService.findPxyObjKeyrings(null, 1, 1, "domain");
+		}
+		model.addAttribute("certificateList", certificateList);
+		
 		return "/cfg/intercept/interceptList";
 	}
 	@RequestMapping(value = {"/interceptIpForm","interceptDomainForm"})
@@ -57,9 +69,15 @@ public class InterceptController extends CommonController{
 		}else{
 			initFormCondition(model,entity);
 		}
-		//TODO获取证书信息
-		//List<DnsResStrategy> resStrategys=dnsResStrategyService.findDnsResStrategys(null, 1,1);
-		//model.addAttribute("dnsResStrategys", resStrategys);
+		//获取证书信息
+		List<PxyObjKeyring> certificateList=new ArrayList<PxyObjKeyring>();
+		if(entity.getFunctionId().equals(200)){
+			certificateList=pxyObjKeyringService.findPxyObjKeyrings(null, 1, 1, "ip");
+		}
+		if(entity.getFunctionId().equals(201)){
+			certificateList=pxyObjKeyringService.findPxyObjKeyrings(null, 1, 1, "domain");
+		}
+		model.addAttribute("certificateList", certificateList);
 		
 		model.addAttribute("_cfg", entity);
 		return "/cfg/intercept/interceptForm";
diff --git a/src/main/java/com/nis/web/controller/configuration/proxy/PxyObjKeyringController.java b/src/main/java/com/nis/web/controller/configuration/proxy/PxyObjKeyringController.java
new file mode 100644
index 000000000..a31e3418f
--- /dev/null
+++ b/src/main/java/com/nis/web/controller/configuration/proxy/PxyObjKeyringController.java
@@ -0,0 +1,211 @@
+package com.nis.web.controller.configuration.proxy;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.security.KeyStore;
+import java.security.Principal;
+import java.security.SecureRandom;
+import java.security.cert.X509Certificate;
+import java.util.Date;
+import java.util.List;
+import java.util.Map;
+
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManagerFactory;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.shiro.authz.annotation.RequiresPermissions;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.ModelAttribute;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.ResponseBody;
+import org.springframework.web.multipart.MultipartFile;
+import org.springframework.web.servlet.mvc.support.RedirectAttributes;
+
+import com.google.common.collect.Maps;
+import com.nis.domain.Page;
+import com.nis.domain.basics.PolicyGroupInfo;
+import com.nis.domain.configuration.PxyObjKeyring;
+import com.nis.domain.maat.ToMaatResult;
+import com.nis.domain.maat.ToMaatResult.ResponseData;
+import com.nis.exceptions.MaatConvertException;
+import com.nis.util.ConfigServiceUtil;
+import com.nis.util.FileUtils;
+import com.nis.util.JsonMapper;
+import com.nis.util.StringUtil;
+import com.nis.web.controller.BaseController;
+
+/**
+ * 拦截策略
+ * @author ddm
+ *
+ */
+@Controller
+@RequestMapping("${adminPath}/proxy/intercept/strateagy")
+public class PxyObjKeyringController extends BaseController  {
+	
+	@RequestMapping(value = {"/form"})
+	@RequiresPermissions(value={"proxy:intercept:config"})
+	public String from(Model model,
+							HttpServletRequest request,
+							HttpServletResponse response,
+							String ids,
+							@ModelAttribute("cfg")PxyObjKeyring cfg
+							,RedirectAttributes redirectAttributes){
+		if(cfg == null){
+			cfg=new PxyObjKeyring();
+		}
+		if(!StringUtil.isEmpty(ids)){
+			cfg = pxyObjKeyringService.getPxyObjKeyring(Long.valueOf(ids),-1);
+			initFormCondition(model, cfg);
+			model.addAttribute("isAdd", false);
+		}else{
+			initFormCondition(model, cfg);
+			model.addAttribute("isAdd", true);
+		}
+		
+		model.addAttribute("_cfg", cfg);
+		return "/cfg/intercept/strateagy/form";
+	}
+	
+	@RequestMapping(value = {"/saveOrUpdate"})
+	@RequiresPermissions(value={"proxy:intercept:config"})
+	public String saveOrUpdate(Model model,HttpServletRequest request,HttpServletResponse response,
+			@ModelAttribute("cfg")PxyObjKeyring cfg,
+			MultipartFile privateKeyFileI,
+			MultipartFile publicKeyFileI,
+			RedirectAttributes redirectAttributes){
+		File file = null;
+		try{
+			if(publicKeyFileI != null) {
+				// 获取公钥信息
+				X509Certificate cert=FileUtils.getCertificateInfo(publicKeyFileI.getInputStream());
+				String issuer=cert.getIssuerDN().getName();//颁发者
+				Date notBefore=cert.getNotBefore();//起始时间
+				Date notAfter=cert.getNotAfter();//结束时间
+				String subject=cert.getSubjectDN().getName();//颁发给
+				cfg.setIssuer(StringUtil.isEmpty(issuer)?"":issuer.trim());
+				cfg.setSubject(StringUtil.isEmpty(subject)?"":subject.trim());
+				cfg.setNotBeforeTime(notBefore);
+				cfg.setNotAfterTime(notAfter);
+			}
+		}catch (Exception e) {
+			logger.error("证书信息获取失败",e);
+			addMessage(redirectAttributes,"save_failed");
+		}
+	
+		try{
+			
+				if(publicKeyFileI != null) {
+					String filename = publicKeyFileI.getOriginalFilename();
+					String prefix = FileUtils.getPrefix(filename, false);
+					String suffix = FileUtils.getSuffix(filename, false);
+					file = File.createTempFile("file_"+ prefix, suffix);
+					publicKeyFileI.transferTo(file);//复制文件
+					String md5 = FileUtils.getFileMD5(file);
+					Map<String,Object> srcMap = Maps.newHashMap();
+					srcMap.put("filetype", suffix);
+					srcMap.put("datatype", "dbSystem");//源文件存入数据中心
+					srcMap.put("createTime",new Date());
+					srcMap.put("key",prefix);
+					srcMap.put("fileName", filename);
+					srcMap.put("checksum", md5);
+					ToMaatResult result = ConfigServiceUtil.postFileCfg(null, file, JsonMapper.toJsonString(srcMap));
+					logger.info("proxy 证书文件策略公钥 文件上传响应信息："+JsonMapper.toJsonString(result));
+					String publicKeyFileAccessUrl = null;
+					if(!StringUtil.isEmpty(result)){
+						ResponseData data = result.getData();
+						publicKeyFileAccessUrl=data.getAccessUrl();
+						cfg.setPublicKeyFile(publicKeyFileAccessUrl);;
+					}
+	 			}
+				if(privateKeyFileI != null) {
+					String filename = privateKeyFileI.getOriginalFilename();
+					String prefix = FileUtils.getPrefix(filename, false);
+					String suffix = FileUtils.getSuffix(filename, false);
+					file = File.createTempFile("file_"+ prefix, suffix);
+					privateKeyFileI.transferTo(file);//复制文件
+					String md5 = FileUtils.getFileMD5(file);
+					Map<String,Object> srcMap = Maps.newHashMap();
+					srcMap.put("filetype", suffix);
+					srcMap.put("datatype", "dbSystem");//源文件存入数据中心
+					srcMap.put("createTime",new Date());
+					srcMap.put("key",prefix);
+					srcMap.put("fileName", filename);
+					srcMap.put("checksum", md5);
+					ToMaatResult result = ConfigServiceUtil.postFileCfg(null, file, JsonMapper.toJsonString(srcMap));
+					logger.info("proxy 证书文件策略私钥 上传响应信息："+JsonMapper.toJsonString(result));
+					String privateKeyFileAccessUrl = null;
+					if(!StringUtil.isEmpty(result)){
+						ResponseData data = result.getData();
+						privateKeyFileAccessUrl=data.getAccessUrl();
+						cfg.setPrivateKeyFile(privateKeyFileAccessUrl);;
+					}
+				}
+				pxyObjKeyringService.saveOrUpdate(cfg);
+			
+			addMessage(redirectAttributes,"save_success");
+		}catch(Exception e){
+			e.printStackTrace();
+			addMessage(redirectAttributes,"save_failed");
+		}
+		
+		return "redirect:" + adminPath +"/proxy/intercept/strateagy/list?functionId="+cfg.getFunctionId();
+	}
+	
+	@RequestMapping(value = {"/list"})
+	public String list(Model model,HttpServletRequest  request,HttpServletResponse response
+			,@ModelAttribute("cfg")PxyObjKeyring entity
+			,RedirectAttributes redirectAttributes){
+		//查询时left join policyGroup
+		Page<PxyObjKeyring> page = pxyObjKeyringService.findPage(new Page<PxyObjKeyring>(request, response,"r"), entity);
+		model.addAttribute("page", page);
+		initPageCondition(model);
+		return "/cfg/intercept/strateagy/list";
+	}
+	
+	@RequestMapping(value = {"/delete"})
+	@RequiresPermissions(value={"proxy:intercept:config"})
+	public String delete(Integer isAudit,Integer isValid,String ids,Integer functionId
+			,Model model,HttpServletRequest request
+			,HttpServletResponse response
+			,RedirectAttributes redirectAttributes){
+		if(!StringUtil.isEmpty(ids)){
+			pxyObjKeyringService.delete(isAudit,isValid,ids,functionId);
+		}
+		
+		return "redirect:" + adminPath +"/proxy/intercept/strateagy/list?functionId="+functionId;
+	}
+	
+	@RequestMapping(value = {"/audit"})
+	@RequiresPermissions(value={"proxy:intercept:confirm"})
+	public String audit(Integer isAudit,Integer isValid,String ids,Integer functionId,
+			RedirectAttributes redirectAttributes) {
+		if(!StringUtil.isEmpty(ids)){
+			String[] idArray = ids.split(",");
+			Date auditTime=new Date();
+			for(String id :idArray){
+				try {
+					pxyObjKeyringService.audit(isAudit,isValid,functionId,id,auditTime);
+				} catch (MaatConvertException e) {
+					addMessage(redirectAttributes, e.getMessage());
+				}
+			}
+			
+		}
+		return "redirect:" + adminPath +"/proxy/intercept/strateagy/list?functionId="+functionId;
+	}
+	@ResponseBody
+	@RequestMapping(value = "/validCfgId")
+	public boolean validCfgId(Long cfgId) {
+		PxyObjKeyring dns=pxyObjKeyringService.getPxyObjKeyring(cfgId,null);
+		if(dns == null ){
+			return false;
+		}else{
+			return true;
+		}
+	}
+}
diff --git a/src/main/java/com/nis/web/dao/configuration/PxyObjKeyringDao.java b/src/main/java/com/nis/web/dao/configuration/PxyObjKeyringDao.java
new file mode 100644
index 000000000..198b50b3b
--- /dev/null
+++ b/src/main/java/com/nis/web/dao/configuration/PxyObjKeyringDao.java
@@ -0,0 +1,19 @@
+package com.nis.web.dao.configuration;
+
+import java.util.List;
+
+import org.apache.ibatis.annotations.Param;
+
+import com.nis.domain.configuration.DnsResStrategy;
+import com.nis.domain.configuration.PxyObjKeyring;
+import com.nis.web.dao.CrudDao;
+import com.nis.web.dao.MyBatisDao;
+
+@MyBatisDao
+public interface PxyObjKeyringDao extends CrudDao< PxyObjKeyring> {
+	List<PxyObjKeyring> findPage( PxyObjKeyring  pxyObjKeyring);
+	List<PxyObjKeyring> findList(@Param("cfgId")Long cfgId
+			,@Param("isAudit")Integer isAudit
+			,@Param("isValid")Integer isValid,@Param("cfgType")String cfgType);
+	
+}
\ No newline at end of file
diff --git a/src/main/java/com/nis/web/dao/configuration/PxyObjKeyringDao.xml b/src/main/java/com/nis/web/dao/configuration/PxyObjKeyringDao.xml
new file mode 100644
index 000000000..bfc5eff4b
--- /dev/null
+++ b/src/main/java/com/nis/web/dao/configuration/PxyObjKeyringDao.xml
@@ -0,0 +1,326 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
+<mapper namespace="com.nis.web.dao.configuration.PxyObjKeyringDao" >
+  
+	  <resultMap id="PxyObjKeyringMap" type="com.nis.domain.configuration.PxyObjKeyring" >
+	    <id column="cfg_id" property="cfgId" jdbcType="BIGINT" />
+	    <result column="cfg_desc" property="cfgDesc" jdbcType="VARCHAR" />
+	    <result column="keyring_type" property="keyringType" jdbcType="VARCHAR" />
+	    <result column="private_key_file" property="privateKeyFile" jdbcType="VARCHAR" />
+	    <result column="public_key_file" property="publicKeyFile" jdbcType="VARCHAR" />
+	    <result column="expire_after" property="expireAfter" jdbcType="INTEGER" />
+	    <result column="public_key_algo" property="publicKeyAlgo" jdbcType="VARCHAR" />
+	    <result column="crl" property="crl" jdbcType="VARCHAR" />
+	    <result column="issuer" property="issuer" jdbcType="VARCHAR" />
+	    <result column="subject" property="subject" jdbcType="VARCHAR" />
+	    <result column="not_before_time" property="notBeforeTime" jdbcType="TIMESTAMP" />
+	    <result column="not_after_time" property="notAfterTime" jdbcType="TIMESTAMP" />
+	    <result column="action" property="action" jdbcType="INTEGER" />
+	    <result column="is_valid" property="isValid" jdbcType="INTEGER" />
+	    <result column="is_audit" property="isAudit" jdbcType="INTEGER" />
+	    <result column="creator_id" property="creatorId" jdbcType="INTEGER" />
+	    <result column="create_time" property="createTime" jdbcType="TIMESTAMP" />
+	    <result column="editor_id" property="editorId" jdbcType="INTEGER" />
+	    <result column="edit_time" property="editTime" jdbcType="TIMESTAMP" />
+	    <result column="auditor_id" property="auditorId" jdbcType="INTEGER" />
+	    <result column="audit_time" property="auditTime" jdbcType="TIMESTAMP" />
+	    <result column="service_id" property="serviceId" jdbcType="INTEGER" />
+	    <result column="request_id" property="requestId" jdbcType="INTEGER" />
+	    <result column="is_area_effective" property="isAreaEffective" jdbcType="INTEGER" />
+	    <result column="classify" property="classify" jdbcType="VARCHAR" />
+	    <result column="attribute" property="attribute" jdbcType="VARCHAR" />
+	    <result column="lable" property="lable" jdbcType="VARCHAR" />
+	    <result column="area_effective_ids" property="areaEffectiveIds" jdbcType="VARCHAR" />
+	    <result column="function_id" property="functionId" jdbcType="INTEGER" />
+	    <result column="cfg_region_code" property="cfgRegionCode" jdbcType="INTEGER" />
+	    <result column="cfg_type" property="cfgType" jdbcType="VARCHAR" />
+	    <result column="compile_id" property="compileId" jdbcType="INTEGER" />
+	  </resultMap>
+    <sql id="PxyObjKeyringColumns">
+		 r.cfg_id,r.cfg_desc
+		, r.keyring_type
+	    ,r.private_key_file
+	    ,r.public_key_file
+	    ,r.expire_after
+	   , r.public_key_algo
+	   , r.crl
+	   , r.issuer
+	    ,r.subject
+	    ,r.not_before_time
+	    ,r.not_after_time
+		,r.cfg_type,r.action
+		,r.is_valid,r.is_audit,r.creator_id,r.create_time,r.editor_id
+		,r.edit_time,r.auditor_id,r.audit_time,r.service_id,r.request_id
+		,r.is_area_effective,r.classify,r.attribute,r.lable
+		,r.area_effective_ids,r.function_id,r.cfg_region_code,r.compile_id
+	</sql>
+  
+   <!-- 查出所有 有效数据-->
+      <select id="findPage" resultMap="PxyObjKeyringMap">
+		SELECT
+			<include refid="PxyObjKeyringColumns"/>
+		<trim prefix="," prefixOverrides=",">
+			,s.name as creator_name,e.name as editor_name,u.name as auditor_name
+			,ri.request_title as requestName
+		</trim>
+	    FROM  pxy_obj_keyring r
+	    left join sys_user s on r.creator_id=s.id
+		left join sys_user e on r.editor_id=e.id
+		left join sys_user u on r.auditor_id=u.id
+		left join request_info ri on r.request_id=ri.id
+		<trim prefix="WHERE" prefixOverrides="AND |OR ">
+	    	<if test="page !=null and page.where != null and page.where != ''">
+				 AND ${page.where}
+			</if>
+	 		<if test="cfgId != null">
+	   			AND r.CFG_ID=#{cfgId,jdbcType=BIGINT}
+	   		</if>
+	 		<if test="compileId != null">
+	   			AND r.compile_id=#{compileId,jdbcType=BIGINT}
+	   		</if>
+	    	<if test="cfgDesc != null and cfgDesc != ''">
+	    		AND r.CFG_DESC like concat(concat('%',#{cfgDesc,jdbcType=VARCHAR}),'%') 
+	    	</if>
+	    	<if test="issuer != null and issuer != ''">
+	    		AND r.issuer like concat(concat('%',#{issuer,jdbcType=VARCHAR}),'%') 
+	    	</if>
+	    	<if test="subject != null and subject != ''">
+	    		AND r.subject like concat(concat('%',#{subject,jdbcType=VARCHAR}),'%') 
+	    	</if>
+	    	<if test="action != null">
+	    		AND r.ACTION=#{action,jdbcType=INTEGER}
+	    	</if>
+	    	<if test="isValid != null">
+	    		AND r.IS_VALID=#{isValid,jdbcType=INTEGER}
+	    	</if>
+	    	<if test="isValid == null">
+	    		AND r.IS_VALID != -1
+	    	</if>
+	    	<if test="isAudit != null">
+	    		AND r.IS_AUDIT=#{isAudit,jdbcType=INTEGER}
+	    	</if>
+	    	<if test="creatorName != null and creatorName != ''">
+	    		AND CREATOR_NAME like concat(concat('%',#{creatorName,jdbcType=VARCHAR}),'%')
+	    	</if>
+	    	<if test="editorName != null and editorName != ''">
+	    		AND r.EDITOR_NAME like concat(concat('%',#{editorName,jdbcType=VARCHAR}),'%')
+	    	</if>
+	    	<if test="auditorName != null and auditorName != ''">
+	    		AND AUDITOR_NAME like concat(concat('%',#{auditorName,jdbcType=VARCHAR}),'%')
+	    	</if>
+	    	<if test="serviceId != null">
+	    		AND r.SERVICE_ID=#{serviceId,jdbcType=INTEGER}
+	    	</if>
+	    	<if test="requestId != null">
+	    		AND r.REQUEST_ID=#{requestId,jdbcType=INTEGER}
+	    	</if>
+	    	<if test="isAreaEffective != null">
+	    		AND r.IS_AREA_EFFECTIVE=#{isAreaEffective,jdbcType=INTEGER}
+	    	</if>
+	    	<if test="classify != null and classify != ''">
+	    		AND r.classify like concat(concat('%',#{classify,jdbcType=VARCHAR}),'%')
+	    	</if>
+	    	<if test="attribute != null and attribute != ''">
+	    		AND r.attribute like concat(concat('%',#{attribute,jdbcType=VARCHAR}),'%')
+	    	</if>
+	    	<if test="lable != null and lable != ''">
+	    		AND r.lable like concat(concat('%',#{lable,jdbcType=VARCHAR}),'%')
+	    	</if>
+	    	<if test="functionId != null">
+	    		AND r.function_id=#{functionId,jdbcType=INTEGER}
+	    	</if>
+	    	<!-- 数据范围过滤 -->
+			${sqlMap.dsf}
+	    </trim>
+	    <choose>
+			<when test="page !=null and page.orderBy != null and page.orderBy != ''">
+				ORDER BY ${page.orderBy}
+			</when>
+			<otherwise>
+				ORDER BY r.CFG_ID desc
+			</otherwise>
+		</choose>
+  </select>
+   <!-- 查出所有 有效数据-->
+      <select id="findList" resultMap="PxyObjKeyringMap">
+		SELECT
+			<include refid="PxyObjKeyringColumns"/>
+	    FROM pxy_obj_keyring r
+	    <where>
+	   	 <if test="isValid == -1">
+   			AND r.is_valid !=-1
+   		</if>
+	   	 <if test="isValid == 1">
+   			AND r.is_valid =1
+   		</if>
+	   	 <if test="isValid == 0">
+   			AND r.is_valid =0
+   		</if>
+	   	 <if test="isAudit == 0">
+   			AND r.is_audit =0
+   		</if>
+	   	 <if test="isAudit == 1">
+   			AND r.is_audit =1
+   		</if>
+	   	 <if test="cfgType != null">
+   			AND r.cfg_type =#{cfgType,jdbcType=VARCHAR}
+   		</if>
+	   	 <if test="cfgId != null">
+   			AND r.CFG_ID=#{cfgId,jdbcType=BIGINT}
+   		</if>
+	    </where>
+	</select>
+	<insert id="insert" parameterType="com.nis.domain.configuration.PxyObjKeyring" >
+    insert into pxy_obj_keyring (
+     CFG_ID,
+     CFG_DESC,
+     ACTION,
+     IS_VALID,
+     IS_AUDIT,
+     CREATOR_ID,
+    CREATE_TIME,
+    EDITOR_ID,
+    EDIT_TIME,
+    AUDITOR_ID,
+    AUDIT_TIME,
+   	SERVICE_ID,
+   	REQUEST_ID,
+   	IS_AREA_EFFECTIVE,
+   	CLASSIFY,
+    ATTRIBUTE,
+    LABLE,
+    AREA_EFFECTIVE_IDS,
+    function_id,
+   keyring_type, 
+ 	 	private_key_file, 
+  	public_key_file, 
+  	expire_after, 
+ 		public_key_algo, 
+ 		crl, 
+ 		issuer, 
+  	subject, 
+  	not_before_time, 
+  	not_after_time, 
+	cfg_type,
+	compile_Id,
+    cfg_region_code
+    )values (
+   		#{cfgId,jdbcType=VARCHAR},
+   		#{cfgDesc,jdbcType=VARCHAR},
+   		#{action,jdbcType=INTEGER}, 
+    	0,
+    	0,
+    	#{creatorId,jdbcType=INTEGER}, 
+   		#{createTime,jdbcType=TIMESTAMP},
+   		#{editorId,jdbcType=INTEGER},
+   		#{editTime,jdbcType=TIMESTAMP}, 
+   	 	#{auditorId,jdbcType=INTEGER},
+    	#{auditTime,jdbcType=TIMESTAMP},
+    	#{serviceId,jdbcType=INTEGER}, 
+    	#{requestId,jdbcType=INTEGER},
+    	#{isAreaEffective,jdbcType=INTEGER},
+    	#{classify,jdbcType=VARCHAR},
+    	#{attribute,jdbcType=VARCHAR},
+    	#{lable,jdbcType=VARCHAR},    
+   	 	#{areaEffectiveIds,jdbcType=VARCHAR},
+    	#{functionId,jdbcType=INTEGER},
+    	#{keyringType, jdbcType=VARCHAR},
+ 	 	#{privateKeyFile, jdbcType=VARCHAR},
+  		#{publicKeyFile, jdbcType=VARCHAR},
+  		#{expireAfter, jdbcType=INTEGER},
+ 		#{publicKeyAlgo, jdbcType=VARCHAR},
+ 		#{crl, jdbcType=VARCHAR},
+ 		#{issuer, jdbcType=VARCHAR},
+  		#{subject, jdbcType=VARCHAR},
+  		#{notBeforeTime,jdbcType=TIMESTAMP},
+  		#{notAfterTime,jdbcType=TIMESTAMP}, 
+    	#{cfgType,jdbcType=VARCHAR},
+    	#{compileId,jdbcType=INTEGER},
+    	#{cfgRegionCode,jdbcType=INTEGER}
+    )
+  </insert>
+	
+ <update id="update" parameterType="com.nis.domain.configuration.PxyObjKeyring" >
+    update pxy_obj_keyring
+    <set >
+      <trim suffixOverrides=",">
+      <if test="cfgDesc != null and cfgDesc != ''" >
+        cfg_desc = #{cfgDesc,jdbcType=VARCHAR},
+      </if>
+      <if test="compileId != null " >
+        compile_Id = #{compileId,jdbcType=VARCHAR},
+      </if>
+      <if test="action != null" >
+        action = #{action,jdbcType=INTEGER},
+      </if>
+      <if test="isValid != null" >
+        is_valid = #{isValid,jdbcType=INTEGER},
+      </if>
+      <if test="isAudit != null" >
+        is_audit = #{isAudit,jdbcType=INTEGER},
+      </if>
+      <if test="editorId != null" >
+        editor_id = #{editorId,jdbcType=INTEGER},
+      </if>
+       <if test="editTime != null  and editTime != ''" >
+      	edit_time = #{editTime,jdbcType=TIMESTAMP},
+      </if>
+      <if test="auditorId != null" >
+        AUDITOR_ID = #{auditorId,jdbcType=INTEGER},
+      </if>
+       <if test="auditTime != null  and auditTime != ''" >
+     	AUDIT_TIME = #{auditTime,jdbcType=TIMESTAMP},
+      </if>
+      <if test="requestId != null" >
+        request_id = #{requestId,jdbcType=INTEGER},
+      </if>
+      <if test="isAreaEffective != null" >
+        is_area_effective = #{isAreaEffective,jdbcType=INTEGER},
+      </if>
+      <if test="classify != null and classify != ''" >
+        classify = #{classify,jdbcType=VARCHAR},
+      </if>
+      <if test="attribute != null and attribute != ''" >
+        attribute = #{attribute,jdbcType=VARCHAR},
+      </if>
+      <if test="lable != null and lable != ''" >
+        lable = #{lable,jdbcType=VARCHAR},
+      </if>
+      <if test="areaEffectiveIds != null" >
+        area_effective_ids =  #{areaEffectiveIds,jdbcType=VARCHAR},
+      </if>
+      <if test="functionId != null" >
+        function_id =  #{functionId,jdbcType=INTEGER},
+      </if>
+      <if test="serviceId != null" >
+        service_id =  #{serviceId,jdbcType=INTEGER},
+      </if>
+       <if test="keyringType != null" >
+        keyring_type =  #{keyringType,jdbcType=VARCHAR},
+      </if>
+       <if test="privateKeyFile != null" >
+        private_key_file =  #{privateKeyFile,jdbcType=VARCHAR},
+      </if>
+       <if test="publicKeyFile != null" >
+        public_key_file =  #{publicKeyFile,jdbcType=VARCHAR},
+      </if>
+       <if test="expireAfter != null" >
+        expire_after =  #{expireAfter,jdbcType=VARCHAR},
+      </if>
+       <if test="publicKeyAlgo != null" >
+        public_key_algo =  #{publicKeyAlgo,jdbcType=VARCHAR},
+      </if>
+       <if test="crl != null" >
+        crl =  #{crl,jdbcType=VARCHAR},
+      </if>
+      </trim>
+    </set>
+    <where>
+       	and cfg_id =  #{cfgId,jdbcType=INTEGER}
+    	<if test="functionId != null" >
+        	and function_id =  #{functionId,jdbcType=INTEGER}
+      	</if>
+    </where>
+  </update>
+  	
+</mapper>
\ No newline at end of file
diff --git a/src/main/java/com/nis/web/service/BaseService.java b/src/main/java/com/nis/web/service/BaseService.java
index 4df642004..9d06d4119 100644
--- a/src/main/java/com/nis/web/service/BaseService.java
+++ b/src/main/java/com/nis/web/service/BaseService.java
@@ -30,11 +30,13 @@ import com.nis.domain.SysRole;
 import com.nis.domain.SysUser;
 import com.nis.domain.callback.InlineIp;
 import com.nis.domain.callback.NtcDnsResStrategy;
+import com.nis.domain.callback.ProxyObjKeyring;
 import com.nis.domain.configuration.AreaBean;
 import com.nis.domain.configuration.AreaIpCfg;
 import com.nis.domain.configuration.BaseCfg;
 import com.nis.domain.configuration.BaseIpCfg;
 import com.nis.domain.configuration.DnsResStrategy;
+import com.nis.domain.configuration.PxyObjKeyring;
 import com.nis.domain.maat.MaatCfg.GroupCfg;
 import com.nis.domain.maat.MaatCfg.IpCfg;
 import com.nis.domain.maat.MaatCfg.NumBoundaryCfg;
@@ -623,6 +625,24 @@ public abstract class BaseService {
 		}
 		return dstIp;
 	}
+	//拦截策略
+	public ProxyObjKeyring convertCallBackProxyObjKeyring(PxyObjKeyring cfg){
+		ProxyObjKeyring proxyObjKeyring=new ProxyObjKeyring();
+		proxyObjKeyring.setId(Long.valueOf(cfg.getCompileId()));
+		proxyObjKeyring.setCfgId(cfg.getCompileId());
+		proxyObjKeyring.setCrl(cfg.getCrl());
+		proxyObjKeyring.setExpireAfter(cfg.getExpireAfter());
+		proxyObjKeyring.setKeyringId(cfg.getCompileId());
+		proxyObjKeyring.setKeyringName(cfg.getCfgDesc());
+		proxyObjKeyring.setKeyringType(cfg.getKeyringType());
+		proxyObjKeyring.setPrivateKeyFile(cfg.getPrivateKeyFile());
+		proxyObjKeyring.setPublicKeyAlgo(cfg.getPublicKeyAlgo());
+		proxyObjKeyring.setPublicKeyFile(cfg.getPublicKeyFile());
+		proxyObjKeyring.setService(cfg.getServiceId());
+		proxyObjKeyring.setIsValid(cfg.getIsValid());
+		proxyObjKeyring.setOpTime(cfg.getAuditTime());
+		return proxyObjKeyring;
+	}
 	//ip转换为callback用ip 
 	public NtcDnsResStrategy convertCallBackDnsResStrategy(DnsResStrategy cfg){
 		NtcDnsResStrategy resStrategy=new NtcDnsResStrategy();
diff --git a/src/main/java/com/nis/web/service/configuration/ProxyFileStrategyService.java b/src/main/java/com/nis/web/service/configuration/ProxyFileStrategyService.java
index 6cd2e7d8c..3fb48378a 100644
--- a/src/main/java/com/nis/web/service/configuration/ProxyFileStrategyService.java
+++ b/src/main/java/com/nis/web/service/configuration/ProxyFileStrategyService.java
@@ -44,6 +44,7 @@ public class ProxyFileStrategyService extends BaseService{
 	public ProxyFileStrategyCfg getCfgById(Long cfgId) {
 		return proxyFileDao.getCfgById(cfgId);
 	}
+	
 	@Transactional(readOnly=false,rollbackFor=RuntimeException.class)
 	public void saveOrUpdate(ProxyFileStrategyCfg entity){
 		Date createTime=new Date();
diff --git a/src/main/java/com/nis/web/service/configuration/PxyObjKeyringService.java b/src/main/java/com/nis/web/service/configuration/PxyObjKeyringService.java
new file mode 100644
index 000000000..0e1a8c394
--- /dev/null
+++ b/src/main/java/com/nis/web/service/configuration/PxyObjKeyringService.java
@@ -0,0 +1,173 @@
+package com.nis.web.service.configuration;
+
+
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+import com.nis.domain.Page;
+import com.nis.domain.callback.ProxyObjKeyring;
+import com.nis.domain.configuration.PxyObjKeyring;
+import com.nis.domain.maat.ToMaatResult;
+import com.nis.exceptions.MaatConvertException;
+import com.nis.util.ConfigServiceUtil;
+import com.nis.util.StringUtil;
+import com.nis.web.dao.configuration.PxyObjKeyringDao;
+import com.nis.web.security.UserUtils;
+import com.nis.web.service.BaseService;
+
+
+
+/**
+ * 拦截证书管理
+ * @author dell
+ *
+ */
+@Service
+public class PxyObjKeyringService extends BaseService{
+	@Autowired
+	protected PxyObjKeyringDao pxyObjKeyringDao;
+	
+	
+	/**
+	 * 查询分页数据
+	 * @param page 分页对象
+	 * @param entity
+	 * @return
+	 */
+	public Page<PxyObjKeyring> findPage(Page<PxyObjKeyring> page, PxyObjKeyring entity) {
+		entity.getSqlMap().put("dsf", configScopeFilter(entity.getCurrentUser(),"r"));
+		entity.setPage(page);
+		List<PxyObjKeyring> list=pxyObjKeyringDao.findPage(entity);
+		page.setList(list);
+		return page;
+	}
+	public List<PxyObjKeyring> findPxyObjKeyrings(Long cfgId,Integer isValid,Integer isAudit,String cfgType) {
+		List<PxyObjKeyring> list=pxyObjKeyringDao.findList(cfgId,isValid,isAudit,cfgType);
+		return list;
+	}
+	
+	public PxyObjKeyring getPxyObjKeyring(Long id,Integer isValid) {
+		List<PxyObjKeyring> list=pxyObjKeyringDao.findList(id,isValid,null,null);
+		PxyObjKeyring dnsResStrategy=null;
+		if(list != null && list.size()>0){
+			dnsResStrategy=list.get(0);
+		}
+		return dnsResStrategy;
+	}
+	@Transactional(readOnly=false,rollbackFor=RuntimeException.class)
+	public void saveOrUpdate(PxyObjKeyring entity){
+		Date createTime=new Date();
+		setAreaEffectiveIds(entity);
+		entity.setIsValid(0);
+		entity.setIsAudit(0);
+		//新增
+		if(StringUtil.isEmpty(entity.getCfgId())){
+			entity.initDefaultValue();
+			entity.setCreatorId(UserUtils.getUser().getId());
+			entity.setCreateTime(createTime);
+			//调用服务接口获取compileId
+			List<Integer> compileIds = new ArrayList<Integer>();
+			try {
+				compileIds = ConfigServiceUtil.getId(1,1);
+			} catch (Exception e) {
+				e.printStackTrace();
+				logger.info("获取编译ID出错");
+				throw new MaatConvertException("<spring:message code=\"request_service_failed\"/>:"+e.getMessage());
+			}
+			if(compileIds != null && compileIds.size() >0  && compileIds.get(0) != 0){
+				entity.setCompileId(compileIds.get(0));
+			}
+			pxyObjKeyringDao.insert(entity);
+			//修改
+		}else{
+			Date editTime=new Date();
+			entity.setEditorId(UserUtils.getUser().getId());
+			entity.setEditTime(editTime);
+			
+			pxyObjKeyringDao.update(entity);
+		}
+	}
+	
+	/**
+	 * 
+	 * @param isAudit
+	 * @param isValid
+	 * @param ids compileIds
+	 */
+	@Transactional(readOnly=false,rollbackFor=RuntimeException.class)
+	public void delete(Integer isAudit,Integer isValid,String ids,Integer functionId){
+		PxyObjKeyring entity = new PxyObjKeyring();
+		String[] idArray = ids.split(",");
+		for(String id :idArray){
+			entity.setCfgId(Long.valueOf(id));
+			entity.setFunctionId(functionId);
+			entity.setIsAudit(isAudit);
+			entity.setIsValid(isValid);
+			entity.setEditorId(UserUtils.getUser().getId());
+			entity.setEditTime(new Date());
+			pxyObjKeyringDao.update(entity);
+		}
+	}
+	/**
+	 * 
+	 * @param isAudit
+	 * @param isValid
+	 * @param ids cfgId
+	 * @param functionId
+	 */
+	@Transactional(readOnly=false,rollbackFor=RuntimeException.class)
+	public void audit(Integer isAudit,Integer isValid,Integer functionId,String id,Date auditTime){
+		PxyObjKeyring cfg=new PxyObjKeyring();
+		cfg.setCfgId(Long.valueOf(id));
+		cfg.setIsValid(isValid);
+		cfg.setIsAudit(isAudit);
+		cfg.setEditTime(auditTime);
+		cfg.setEditorId(UserUtils.getUser().getId());
+		cfg.setAuditorId(UserUtils.getUser().getId());
+		cfg.setAuditTime(auditTime);
+		pxyObjKeyringDao.update(cfg);
+		cfg=getPxyObjKeyring(cfg.getCfgId(), null);
+		String json="";
+		if(cfg.getIsAudit()==1){
+			List<ProxyObjKeyring> resStrategyList=new ArrayList<ProxyObjKeyring>();
+			ProxyObjKeyring resStrategy=convertCallBackProxyObjKeyring(cfg);
+			resStrategyList.add(resStrategy);
+			//调用服务接口下发配置数据
+			json=gsonToJson(resStrategyList);
+			logger.info("拦截策略配置下发配置参数："+json);
+			//调用服务接口下发配置
+			try {
+				ToMaatResult result = ConfigServiceUtil.postCallbackCfg(json);
+				if(result!=null){
+					logger.info("拦截策略配置下发响应信息："+result.getMsg());
+				}
+			} catch (Exception e) {
+				logger.error("拦截策略配置配置下发失败",e);
+				throw e;
+			}
+		}else if(cfg.getIsAudit()==3){
+			List<ProxyObjKeyring> resStrategyList=new ArrayList<>();
+			ProxyObjKeyring ntcPxyObjKeyring=convertCallBackProxyObjKeyring(cfg);
+			resStrategyList.add(ntcPxyObjKeyring);
+			//调用服务接口取消配置
+			json=gsonToJson(resStrategyList);
+			logger.info("拦截策略配置配置参数："+json);
+			//调用服务接口取消配置
+			try {
+				ToMaatResult result = ConfigServiceUtil.put(json, 2);
+				logger.info("拦截策略配置响应信息："+result.getMsg());
+			} catch (Exception e) {
+				e.printStackTrace();
+				logger.info("拦截策略配置配置失败");
+				throw e;
+			}
+		}
+	}
+}
+	
+	
\ No newline at end of file
diff --git a/src/main/resources/sql/add_function_region.sql b/src/main/resources/sql/add_function_region.sql
index d4e7b16f6..5ceda8b1c 100644
--- a/src/main/resources/sql/add_function_region.sql
+++ b/src/main/resources/sql/add_function_region.sql
@@ -16,4 +16,10 @@ VALUES
 INSERT INTO function_region_dict
    ()
 VALUES
-   ('subscribe_id', '0', '0,1', '0,1,2', '0,1,2,3', 177, 8, 3, 'NTC_SUBSCRIBE_ID', '', 'HTTP SUBSCRIBE_ID配置', 1, NULL, NULL,NULL , NULL, 1, 3, '', '', '', '', '', '', 7);
\ No newline at end of file
+   ('subscribe_id', '0', '0,1', '0,1,2', '0,1,2,3', 177, 8, 3, 'NTC_SUBSCRIBE_ID', '', 'HTTP SUBSCRIBE_ID配置', 1, NULL, NULL,NULL , NULL, 1, 3, '', '', '', '', '', '', 7);
+   
+   
+INSERT INTO function_region_dict
+   (`config_service_type`, `config_multi_keywords`, `config_expr_type`, `config_hex`, `config_match_method`, `dict_id`, `function_id`, `config_region_code`, `config_region_value`, `config_district`, `config_desc`, `is_valid`, `creator_id`, `create_time`, `editor_id`, `edit_time`, `is_maat`, `region_type`, `config_ip_type`, `config_ip_pattern`, `config_port_pattern`, `config_direction`, `config_protocol`, `config_ip_port_show`, `config_region_sort`)
+VALUES
+   ('', '', '', '', '', 186, 570, 1, 'PXY_OBJ_KEYRING', '', '证书策略配置', 1, NULL, NULL, NULL, NULL, 2, 6, '', '', '', '', '', '', 1);
diff --git a/src/main/resources/sql/add_function_service.sql b/src/main/resources/sql/add_function_service.sql
new file mode 100644
index 000000000..72912cedd
--- /dev/null
+++ b/src/main/resources/sql/add_function_service.sql
@@ -0,0 +1,4 @@
+INSERT INTO function_service_dict
+   (`dict_id`, `function_id`, `protocol_id`, `action`, `action_code`, `service_id`, `service_name`, `service_desc`, `is_valid`, `creator_id`, `create_time`, `editor_id`, `edit_time`, `region_code`)
+VALUES
+   (116, 570, 0, 1, 'monit', 520, 'pxy_intercept_monit_keyring', '', 1, null, null, null, null, '');
\ No newline at end of file
diff --git a/src/main/resources/sql/add_pxy_obj_keyring.sql b/src/main/resources/sql/add_pxy_obj_keyring.sql
new file mode 100644
index 000000000..26749b723
--- /dev/null
+++ b/src/main/resources/sql/add_pxy_obj_keyring.sql
@@ -0,0 +1,31 @@
+CREATE TABLE `pxy_obj_keyring` (
+  `cfg_id` bigint(20) COMMENT '请求策略号',
+  `cfg_desc` varchar(128) COMMENT '钥匙环名称',
+  `cfg_type` varchar(64) COMMENT '内容类型',
+  `keyring_type` varchar(128) COMMENT '证书类型',
+  `private_key_file` varchar(1024) COMMENT '私钥文件',
+  `public_key_file` varchar(1024) COMMENT '公钥文件',
+  `expire_after` int COMMENT '默认为30天，实体证书不可设置，界面填0',
+  `public_key_algo` varchar(64) DEFAULT NULL COMMENT '公钥算法',
+  `crl` varchar(64) DEFAULT NULL COMMENT 'CRL',
+  `action` int(11) NOT NULL COMMENT '阻断',
+  `is_valid` int(11) NOT NULL COMMENT '0无效，1有效，-1删除;1）	未审核时配置可删除;2）	审核通过，此字段置1;3）	取消审核通过，此字段置0',
+  `is_audit` int(11) NOT NULL COMMENT '0未审核，1审核通过，2审核未通过，3取消审核通过;1）	审核未通过，配置可修改;2）	审核通过，配置不可删除，只能取消审核通过',
+  `creator_id` int(11) NOT NULL COMMENT '取自sys_user.id',
+  `create_time` datetime NOT NULL,
+  `editor_id` int(11) DEFAULT NULL COMMENT '取自sys_user.id',
+  `edit_time` datetime DEFAULT NULL,
+  `auditor_id` int(11) DEFAULT NULL COMMENT '取自sys_user.id',
+  `audit_time` datetime DEFAULT NULL,
+  `service_id` int(11) NOT NULL COMMENT '参考系统业务类型管理表',
+  `request_id` int(11) NOT NULL COMMENT '取自request_info.id',
+  `is_area_effective` int(11) NOT NULL DEFAULT 0 COMMENT '0否，1是',
+  `classify` varchar(128) DEFAULT NULL COMMENT '分类id，多个用英文逗号分隔',
+  `attribute` varchar(128) DEFAULT NULL COMMENT '性质id，多个用英文逗号分隔',
+  `lable` varchar(128) DEFAULT NULL COMMENT '标签id,多个用英文逗号分隔',
+  `area_effective_ids` varchar(1024) DEFAULT '' COMMENT '多个英文逗号分隔',
+  `function_id` int(11) NOT NULL,
+  `cfg_region_code` int(11) DEFAULT NULL,
+  `compile_id` int(11) NOT NULL,
+  PRIMARY KEY (`cfg_id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
\ No newline at end of file
diff --git a/src/main/webapp/WEB-INF/views/cfg/intercept/interceptForm.jsp b/src/main/webapp/WEB-INF/views/cfg/intercept/interceptForm.jsp
index ac1864748..0ef46a3b9 100644
--- a/src/main/webapp/WEB-INF/views/cfg/intercept/interceptForm.jsp
+++ b/src/main/webapp/WEB-INF/views/cfg/intercept/interceptForm.jsp
@@ -18,6 +18,7 @@
 						});
 						
 						 $(".action").on("change", function() {
+								 switchAction($("input[name=action]:checked").val());
 							   	//拦截根据action切换动作部分
 							   	setInterceptDefaultInfo("");
 								$("#serviceId").val($(this).attr("serviceId"));
@@ -253,10 +254,13 @@
 									<div class="col-md-6">
 										<div class="form-group">
 											<label class="control-label col-md-3"><spring:message
-													code="policy_name" /></label>
+													code="certificate" /></label>
 											<div class="col-md-6">
 												<select name="userRegion1" class="selectpicker show-tick form-control">
-													<option value="" ><spring:message code="selected"/></option>
+													<option value="" <c:if test="${empty _cfg.userRegion1}">selected</c:if> ><spring:message code="selected"/></option>
+													<c:forEach items="${certificateList}" var="certificate">
+														<option value="${certificate.compileId}" <c:if test="${_cfg.userRegion1==certificate.compileId}">selected</c:if>>${certificate.cfgDesc}</option>
+													</c:forEach>
 								                </select>
 											</div>
 										</div>
@@ -268,7 +272,7 @@
 								        <div class="form-group">
 								            <label class="control-label col-md-3"><font color="red">*</font><spring:message code="ratelimit"/></label>
 								            <div class="col-md-6">
-								            	<input class="form-control required number" range="[0,100]" type="text" name="userRegion2" value="${_cfg.userRegion2 }">
+								            	<input class="form-control required number" range="[0,1]" type="text" name="userRegion2" value="${_cfg.userRegion2 }">
 								            </div>
 								            <div for="userRegion2"></div>
 								        </div>
diff --git a/src/main/webapp/WEB-INF/views/cfg/intercept/interceptList.jsp b/src/main/webapp/WEB-INF/views/cfg/intercept/interceptList.jsp
index d782a612f..1c15a5e45 100644
--- a/src/main/webapp/WEB-INF/views/cfg/intercept/interceptList.jsp
+++ b/src/main/webapp/WEB-INF/views/cfg/intercept/interceptList.jsp
@@ -354,7 +354,9 @@
 								    	${indexCfg.userRegion2 }
 								    </td>
 								    <td>
-								    	${indexCfg.userRegion1 }
+							    		<c:forEach items="${certificateList}" var="certificate">
+											<c:if test="${indexCfg.userRegion1==certificate.compileId}">${certificate.cfgDesc}</c:if>
+										</c:forEach>
 								    </td>
 								    <c:if test="${interceptType eq 'Ip' }">
 									    <td>
diff --git a/src/main/webapp/WEB-INF/views/cfg/intercept/strateagy/form.jsp b/src/main/webapp/WEB-INF/views/cfg/intercept/strateagy/form.jsp
new file mode 100644
index 000000000..ba1967947
--- /dev/null
+++ b/src/main/webapp/WEB-INF/views/cfg/intercept/strateagy/form.jsp
@@ -0,0 +1,321 @@
+<%@ page contentType="text/html;charset=UTF-8"%>
+<%@ include file="/WEB-INF/include/taglib.jsp"%>
+<html>
+<head>
+<title><spring:message code="${cfgName}"></spring:message></title>
+<script type="text/javascript">
+$(function(){
+	$("#privateKeyFileInfo,#uploadPrivateKeyFile").on('click', function() {
+		$("#privateKeyFileI").trigger("click");
+	});
+	$("#publicKeyFileInfo,#uploadPublicKeyFile").on('click', function() {
+		$("#publicKeyFileI").trigger("click");
+	});
+	$("#publicKeyFileI").on('change', function() {
+		$("#publicKeyFileInfo").val($("#publicKeyFileI").val());
+	});
+	$("#privateKeyFileI").on('change', function() {
+		$("#privateKeyFileInfo").val($("#privateKeyFileI").val());
+	});
+	switchCfgType();
+	$("input[name=cfgType]").on('change', function() {
+		switchCfgType();
+	});
+	switchKeyringType();
+	$("select[name=keyringType]").on('change', function() {
+		switchKeyringType();
+	});
+	
+	$("#cfgFrom").validate({
+		errorPlacement: function(error,element){
+			if($(element).parents().hasClass("tagsinput")){
+				$(element).parents(".col-md-6").next("div").append(error);
+			}else{
+				$(element).parents(".form-group").find("div[for='"+element.attr("name")+"']").append(error);
+			}
+		},
+		submitHandler: function(form){
+			
+			
+			var publicFile = $("#publicKeyFileI").val();
+			var privateFile = $("#privateKeyFileI").val();
+			var publicKeyFile = $("#publicKeyFile").val();
+			var privateKeyFile = $("#privateKeyFile").val();
+			if((publicFile==null||publicFile=="") && (publicKeyFile==null || publicKeyFile=="")){
+				$("div[for='publicKeyFileI']").append("<label id='level-error' class='error' for='publicKeyFileI'><spring:message code='required'></spring:message></label>");
+				return false;
+			}else if((privateFile==null || privateFile=="") && (privateKeyFile==null || privateKeyFile=="")){
+				$("div[for='privateKeyFileI']").append("<label id='level-error' class='error' for='privateKeyFileI'><spring:message code='required'></spring:message></label>");
+				return false;
+			}else{
+				loading('onloading...');
+				form.submit();
+			}
+		},
+		errorContainer: "#messageBox"
+	});
+});
+var switchCfgType=function(){
+	var cfgType=$("input[name='cfgType']:checked").val()
+	if(cfgType =='ip'){ //不允许选择实体证书
+		$("select[name=keyringType]").find("option[value='end-entity']").attr("disabled",true);
+		$("select[name=keyringType]").selectpicker("refresh");
+	}else{
+		$("select[name=keyringType]").find("option[value='end-entity']").removeAttr("disabled");
+		$("select[name=keyringType]").selectpicker("refresh");
+	}
+}
+var switchKeyringType=function(){
+	var keyringType=$("select[name=keyringType]").val();
+	var expireAfter=$("input[name=expireAfter]").val();
+	if(keyringType =='end-entity'){ //实体证书不允许输入，并且默认0
+		$("input[name=expireAfter]").val(0);
+		$(".expireAfter").addClass("hidden");
+	}else{
+		if(expireAfter == ''){
+			$("input[name=expireAfter]").val(30);
+		}
+		$(".expireAfter").removeClass("hidden");
+	}
+}
+</script>
+</head>
+<body>
+
+<div class="page-content">
+<h3 class="page-title">
+		<spring:message code="pxy_intercept_monit_keyring"></spring:message>
+	</h3>
+	<div class="row">
+		<div class="col-md-12">
+			<div class="portlet box blue">
+                  <div class="portlet-title">
+                     <div class="caption">
+                         <i class="fa fa-gift"></i>
+                        <c:if test="${isAdd eq true}"><spring:message code="add"></spring:message></c:if>
+						<c:if test="${isAdd eq false}"><spring:message code="edit"></spring:message></c:if>
+					</div>
+                  </div>
+                  <div class="portlet-body form">
+                      <!-- BEGIN FORM-->
+                      <form id="cfgFrom" action="${ctx}/proxy/intercept/strateagy/saveOrUpdate" method="post" enctype="multipart/form-data"  class="form-horizontal">
+                       	<input type="hidden" name="functionId" value="${_cfg.functionId}">
+                       	<input type="hidden" id="compileId" name="compileId" value="${_cfg.compileId}">
+                       	<input type="hidden" id="cfgId" name="cfgId" value="${_cfg.cfgId}">
+                       	<input type="hidden" id="isAreaEffective" name="isAreaEffective" value="0">
+                       	<input type="hidden" id="isAdd" name="isAdd" value="${isAdd}">
+                       	<!-- 配置域类型 -->
+                   		<c:forEach items="${regionList}" var="region">
+                   			<c:if test="${_cfg.functionId eq region.functionId}">
+                   				<input type="hidden" name="cfgRegionCode" value="${region.configRegionCode}">
+                   			</c:if>
+                   		</c:forEach>
+                   		<c:forEach items="${serviceList}" var="service">
+                   			<c:if test="${_cfg.functionId eq service.functionId}">
+                   				<input type="hidden" name="serviceId" value="${service.serviceId}">
+                   				<input type="hidden" name="action" value="${service.action}">
+                   			</c:if>
+                   		</c:forEach>
+                          <div class="form-body">
+                              <div class="row">
+								    <div class="col-md-6 hidden">
+								        <div class="form-group">
+								            <label class="control-label col-md-3"><spring:message code="action"/></label>
+								            <div class="col-md-6">
+								            	<c:forEach items="${serviceList}" var="service"
+																		varStatus="satus">
+																		<label class="radio-inline"> <c:if
+																				test="${_cfg.functionId eq service.functionId}">
+																				<input type="radio" name="action"
+																					serviceId="${service.serviceId }"
+																					protocolId="${service.protocolId }"
+																					value="${service.action }" class="required action"
+																					<c:if test="${_cfg.action==service.action || (_cfg.action==null && satus.index==0)}">checked</c:if>>
+																					<c:forEach items="${fns:getDictList('SERVICE_ACTION') }" var="dict">
+																						<c:if test="${dict.itemCode eq service.action }">
+																							<spring:message code="${dict.itemValue }"/>
+																						</c:if>
+																					</c:forEach>
+																			</c:if>
+																		</label>
+																	</c:forEach>
+								            </div>
+								            <div for="action"></div>
+								       </div>
+								   </div>
+								    <div class="col-md-6">
+								        <div class="form-group">
+								            <label class="control-label col-md-3"><spring:message code="cfgType"/></label>
+								            <div class="col-md-6">
+								            <input type="radio" name="cfgType" value="ip" <c:if test="${_cfg.cfgType == 'ip' || empty _cfg.cfgType}">checked="checked"</c:if>> <spring:message code="ip"/> <spring:message code="monit"/>
+								            <input type="radio" name="cfgType" value="domain" <c:if test="${_cfg.cfgType == 'domain' }">checked="checked"</c:if>><spring:message code="domain"/> <spring:message code="monit"/>
+								               </div>
+								            <div for="action"></div>
+								       </div>
+								   </div>
+								</div>
+								<div class="row">
+								 <div class="col-md-6">
+								        <div class="form-group">
+								            <label class="control-label col-md-3"><font color="red">*</font><spring:message code="keyring_name"/></label>
+								            <div class="col-md-6">
+								                <input class="form-control required" type="text" name="cfgDesc" value="${_cfg.cfgDesc}">
+								            </div>
+										    <div for="cfgDesc"></div>
+								        </div>
+								    </div>
+								 <div class="col-md-6">
+								        <div class="form-group">
+								            <label class="control-label col-md-3"><font color="red">*</font><spring:message code="keyring_type"/></label>
+								            <div class="col-md-6">
+								                 <select name="keyringType" class="selectpicker show-tick form-control">
+													<option value="" <c:if test="${empty cfg.keyringType}">selected</c:if>><spring:message code="select"/></option>
+													<c:forEach items="${fns:getDictList('INTERCEPT_CERTIFICATE_TYPE')}" var="keyringType">
+															<option value="${keyringType.itemCode}" <c:if test="${_cfg.keyringType==keyringType.itemCode}">selected</c:if> ><spring:message code="${keyringType.itemValue}"/></option>
+													</c:forEach>
+													</select>
+								            </div>
+										    <div for="keyringType"></div>
+								        </div>
+								    </div>
+								   
+								</div>
+								<div class="row">
+									<div class="col-md-6">
+										<div class="form-group">
+											<label class="control-label col-md-3"><font
+												color="red">*</font> <spring:message code="file" /></label>
+											<div class="col-md-6">
+												<input id="publicKeyFileI" name="publicKeyFileI" type="file"
+													style="width: 330px; display: none" />
+												<div class="input-group">
+													<input id="publicKeyFileInfo" name="publicKeyFileInfo" readonly="readonly"
+														data-msg-required=""
+														placeholder="<spring:message code="select_file"/>"
+														class="required form-control"
+														style="background-color: transparent" aria-required="true"
+														type="text" value="${_cfg.publicKeyFile }">
+
+													<div class="input-group-btn">
+														<a id="uploadPublicKeyFile" class="btn btn-default btn-search"
+															href="javascript:" style=""><i class="fa fa-search"></i></a>
+													</div>
+													<input id="publicKeyFile" name="publicKeyFile" type="hidden" value="${_cfg.publicKeyFile }"/>
+												</div>
+											</div>
+											<div for="publicKeyFileInfo"></div>
+										</div>
+									</div>
+									<div class="col-md-6">
+										<div class="form-group">
+											<label class="control-label col-md-3"><font
+												color="red">*</font> <spring:message code="file" /></label>
+											<div class="col-md-6">
+												<input id="privateKeyFileI" name="privateKeyFileI" type="file"
+													style="width: 330px; display: none" />
+												<div class="input-group">
+													<input id="privateKeyFileInfo" name="privateKeyFileInfo" readonly="readonly"
+														data-msg-required=""
+														placeholder="<spring:message code="select_file"/>"
+														class="required form-control"
+														style="background-color: transparent" aria-required="true"
+														type="text" value="${_cfg.privateKeyFile }">
+
+													<div class="input-group-btn">
+														<a id="uploadPrivateKeyFile" class="btn btn-default btn-search"
+															href="javascript:" style=""><i class="fa fa-search"></i></a>
+													</div>
+													<input id="privateKeyFile" name="privateKeyFile" type="hidden" value="${_cfg.privateKeyFile }"/>
+												</div>
+											</div>
+											<div for="privateKeyFileInfo"></div>
+										</div>
+									</div>
+								</div>
+								<div class="row ">
+									<div class="col-md-6 expireAfter">
+									        <div class="form-group">
+									            <label class="control-label col-md-3"><font color="red">*</font><spring:message code="expire_after"/></label>
+									            <div class="col-md-6">
+									            	 <input class="form-control required number" type="text" name="expireAfter" value="${_cfg.expireAfter}">
+									            </div>
+											    <div for="expireAfter"></div>
+									        </div>
+								    </div>
+									<c:if test="${!isAdd }">
+										<div class="col-md-6">
+									        <div class="form-group">
+									            <label class="control-label col-md-3"><spring:message code="issuer"/></label>
+									            <div class="col-md-6">
+									            		<label class="">${_cfg.issuer}</label>
+									            </div>
+									        </div>
+								   		 </div>
+									</c:if>
+								</div>
+								<c:if test="${!isAdd }">
+								<div class="row">
+									<div class="col-md-6">
+									        <div class="form-group">
+									            <label class="control-label col-md-3"><spring:message code="subject"/></label>
+									            <div class="col-md-6">
+									            	<label class="">${_cfg.subject}</label>
+									            </div>
+									            </div>
+									        </div>
+								   
+									<div class="col-md-6">
+									        <div class="form-group">
+									            <label class="control-label col-md-3"><spring:message code="VALID"/></label>
+									            <fmt:formatDate var="notBeforeTime" value="${_cfg.notBeforeTime }" pattern="yyyy-MM-dd HH:ss:mm"/>
+									            <fmt:formatDate var="notAfterTime" value="${_cfg.notAfterTime }" pattern="yyyy-MM-dd HH:ss:mm"/>
+									            <label class=" col-md-6">${notBeforeTime }-${notAfterTime }</label>
+									        </div>
+								    </div>
+								     </div>
+								</div>
+								</c:if>
+								<div class="row hidden">
+									<div class="col-md-6">
+									        <div class="form-group">
+									            <label class="control-label col-md-3"><font color="red">*</font><spring:message code="public_key_algo"/></label>
+									            <div class="col-md-6">
+									            	 <input class="form-control required" type="text" name="publicKeyAlgo" value="${_cfg.publicKeyAlgo}">
+									            </div>
+											    <div for="publicKeyAlgo"></div>
+									        </div>
+								    </div>
+									<div class="col-md-6">
+									        <div class="form-group">
+									            <label class="control-label col-md-3"><font color="red">*</font><spring:message code="crl"/></label>
+									            <div class="col-md-6">
+									            	 <input class="form-control required" type="text" name="crl" value="${_cfg.crl}">
+									            </div>
+											    <div for="crl"></div>
+									        </div>
+								    </div>
+								</div>
+                            <%@include file="/WEB-INF/include/form/basicInfo.jsp" %>
+                          </div>
+                          <div class="form-actions">
+                              <div class="row">
+                                  <div class="col-md-6">
+                                      <div class="row">
+                                          <div class="col-md-offset-3 col-md-8">
+                                              <button id="save" type="submit" class="btn green"><spring:message code="submit"/></button>
+                                              <button id="cancel" type="button" class="btn default"><spring:message code="cancel"/></button>
+                                          </div>
+                                      </div>
+                                  </div>
+                                  <div class="col-md-6"> </div>
+                              </div>
+                          </div>
+                      </form>
+                      <!-- END FORM-->
+                  </div>
+              </div>
+		</div>
+	</div>
+</div>
+</body>
+</html>
\ No newline at end of file
diff --git a/src/main/webapp/WEB-INF/views/cfg/intercept/strateagy/list.jsp b/src/main/webapp/WEB-INF/views/cfg/intercept/strateagy/list.jsp
new file mode 100644
index 000000000..5c081a8f0
--- /dev/null
+++ b/src/main/webapp/WEB-INF/views/cfg/intercept/strateagy/list.jsp
@@ -0,0 +1,428 @@
+<%@ page contentType="text/html;charset=UTF-8"%>
+<%@ include file="/WEB-INF/include/taglib.jsp"%>
+<html>
+<head>
+<title><spring:message code="${cfgName}"></spring:message></title>
+<script>
+ 	$(document).ready(function() {
+ 		//搜索框提示语初始化
+		if("${cfg.cfgDesc}"){
+			$("#intype").val("${cfg.cfgDesc}");
+		}else{
+			$("#intype").attr("placeholder","<spring:message code='input'/> "+$("#seltype").find("option:selected").text());
+		}
+		$("#seltype").change(function(){
+			$("#intype").attr("placeholder","<spring:message code='input'/> "+$(this).find("option:selected").text());
+		});
+ 		//筛选功能初始化
+		filterActionInit();
+		$("#isAudit").change(function(){
+			page();
+		});
+		//reset
+		$("#resetBtn").on("click",function(){
+			$("select.selectpicker").each(function(){
+				$(this).selectpicker('val',$(this).find('option:first').val());
+				$(this).find("option").attr("selected",false);
+				$(this).find("option:first").attr("selected",true);
+			});
+			$(".Wdate").attr("value",'');
+			$("#description").attr("value",'');
+			$("#searchForm")[0].reset();
+		});
+ 	});
+</script>
+</head>
+<body>
+
+<div class="page-content">
+	<div class="theme-panel hidden-xs hidden-sm">
+		
+			<shiro:hasPermission name="proxy:intercept:config">
+				<button type="button" class="btn btn-primary"
+			onClick="javascript:window.location='${ctx}/proxy/intercept/strateagy/form?functionId=${cfg.functionId}'">
+				<i class="fa fa-plus"></i>
+				<spring:message code="add"></spring:message></button>
+			</shiro:hasPermission>
+	</div>
+
+	<h3 class="page-title">
+	<spring:message code="pxy_intercept_monit_keyring"></spring:message>
+		<small><spring:message code="date_list"/></small>
+	</h3>
+	<h5 class="page-header"></h5>
+	<div class="row">
+		<div class="col-md-12">
+			<div class="portlet">
+				<div class="portlet-body">
+					<div class="row" >
+						<form:form id="searchForm" modelAttribute="cfg" action="${ctx}/proxy/intercept/strateagy/list?functionId=${cfg.functionId}" method="post" class="form-search">
+							<input id="functionId" name="functionId" type="hidden" value="${cfg.functionId}"/>
+							<input id="audit" name="audit" type="hidden" value="${audit}"/>
+							<input id="pageNo" name="pageNo" type="hidden" value="${page.pageNo}"/>
+							<input id="pageSize" name="pageSize" type="hidden" value="${page.pageSize}"/>
+							<sys:tableSort id="orderBy" name="orderBy" value="${page.orderBy}"
+						callback="page();" />
+							<!-- 筛选按钮展开状态-->
+							<input id="isFilterAction" name="isFilterAction" type="hidden" value="${cfg.isFilterAction }"/>
+							<!-- 搜索内容与操作按钮栏 -->
+							<div class="col-md-12">
+								<div class="pull-left">
+									<c:set var="state"><spring:message code='state'/></c:set>
+									<form:select path="isAudit" class="selectpicker select2 input-small">
+										<form:option value=""><spring:message code="all_states"/></form:option>
+										<form:option value="0"><spring:message code="created"></spring:message></form:option>
+										<form:option value="1"><spring:message code="approved"></spring:message></form:option>
+										<form:option value="2"><spring:message code="unapproved"></spring:message></form:option>
+										<%-- <form:option value="3"><spring:message code="cancel_approved"></spring:message></form:option> --%>
+									</form:select>
+								</div>
+								
+								<div class="pull-left">
+								
+									<div class="input-group">
+                                         <div class="input-group-btn">
+                                         
+                                        	<form:select path="seltype" class="selectpicker select2 input-small" >
+												<form:option value="cfgDesc"><spring:message code="keyring_name"></spring:message></form:option>
+											</form:select>
+									
+                                         </div>
+                                         
+                                         <input id="intype" class="form-control input-medium" type="text" value="">
+                                  
+                                    </div> 
+								</div>
+								<div class="pull-left">
+									 <button type="button" class="btn blue" onClick="return page()"> <i class="fa fa-search"></i> <spring:message code="search"/>  </button>
+									 <button type="button" class="btn btn-default" id="resetBtn"> <i class="fa fa-refresh"></i> <spring:message code="reset"/>  </button>
+	                                 <button type="button" class="btn btn-default" id="filter-btn"> <spring:message code="filter"/>  <i class="fa fa-angle-double-down"></i></button>
+								</div>
+								 <div class="pull-right">
+							 		<shiro:hasPermission name="proxy:intercept:config">
+							 			<sys:delRow url="${ctx}/proxy/intercept/strateagy/form" id="contentTable" label="update"></sys:delRow>
+                                        <sys:delRow url="${ctx}/proxy/intercept/strateagy/delete?isValid=-1&functionId=${cfg.functionId }" id="contentTable" label="delete"></sys:delRow>
+                                    </shiro:hasPermission>
+							 		<shiro:hasPermission name="proxy:intercept:confirm">
+	                                    <div class="btn-group">
+	                                        <button type="button" class="btn btn-default dropdown-toggle" data-toggle="dropdown">
+	                                            <i class="fa fa-wrench"></i> <spring:message code="examine"></spring:message>
+	                                            <i class="fa fa-angle-down"></i>
+	                                        </button>
+	                                        <ul class="dropdown-menu pull-right">
+	                                            <li><sys:delRow url="${ctx}/proxy/intercept/strateagy/audit?isAudit=1&isValid=1&functionId=${cfg.functionId }" id="contentTable" label="approved"></sys:delRow></li>
+												<li><sys:delRow url="${ctx}/proxy/intercept/strateagy/audit?isAudit=2&isValid=0&functionId=${cfg.functionId }" id="contentTable" label="unapproved"></sys:delRow></li>
+												<li><sys:delRow url="${ctx}/proxy/intercept/strateagy/audit?isAudit=3&isValid=0&functionId=${cfg.functionId }" id="contentTable" label="cancelPass"></sys:delRow></li>            
+				                            </ul>
+				                         </div>
+                                    </shiro:hasPermission>
+                                 	<a class="btn  btn-icon-only btn-default setfields tooltips" 
+                                      		  data-container="body" data-placement="top" data-original-title=<spring:message code="custom_columns"/> href="javascript:;">
+                                             <i class="icon-wrench"></i>
+                                     </a>
+                                 </div>
+							</div>
+							<!-- /搜索内容与操作按钮栏 -->
+							
+							<!-- 筛选搜索内容栏默认隐藏-->
+							<div class="col-md-12 filter-action-select-panle hide" >
+								<div class="row">
+								
+									<div class="col-md-3">
+											
+										<div class="form-group">
+	                                            <label class="control-label"><spring:message code='request_number'/></label>
+	                                            <c:set var="select"><spring:message code='select'/></c:set>
+	                                            <form:select path="requestId" class="selectpicker form-control" data-live-search="true" data-live-search-placeholder="search">
+													<form:option value=""><spring:message code="select"/></form:option>
+													<c:forEach items="${requestInfos}" var="requestInfo" >
+														<form:option value="${requestInfo.id}"><spring:message code="${requestInfo.requestTitle}"></spring:message></form:option>
+													</c:forEach>
+												</form:select>
+											</div>
+                                          
+                                        </div>
+		                                        
+                                        <div class="col-md-3">
+									
+											<div class="form-group">
+	                                            <label class="control-label"><spring:message code='type'/></label>
+	                                            <form:select path="classify" class="selectpicker form-control" data-live-search="true" data-live-search-placeholder="search">
+												<form:option value=""><spring:message code="select"/></form:option>
+												<c:forEach items="${fls}" var="fl" >
+													<form:option value="${fl.serviceDictId}"><spring:message code="${fl.itemValue}"></spring:message></form:option>
+												</c:forEach>
+											</form:select>
+											</div>
+                                          
+                                        </div>
+					
+										<div class="col-md-3">
+									
+											<div class="form-group">
+	                                            <label class="control-label"><spring:message code='attribute'/></label>
+	                                            <c:set var="select"><spring:message code='select'/></c:set>
+	                                            <form:select path="attribute" class="selectpicker form-control" data-live-search="true" data-live-search-placeholder="search">
+													<form:option value=""><spring:message code="select"/></form:option>
+													<c:forEach items="${xzs}" var="xz" >
+														<form:option value="${xz.serviceDictId}"><spring:message code="${xz.itemValue}"></spring:message></form:option>
+													</c:forEach>
+												</form:select>
+											</div>
+                                          
+                                        </div>
+		                                        
+                                        <div class="col-md-3">
+									
+											<div class="form-group">
+	                                            <label class="control-label"><spring:message code='label'/></label>
+	                                            <form:select path="lable" class="selectpicker  form-control" data-live-search="true" data-live-search-placeholder="search">
+													<form:option value=""><spring:message code="select"/></form:option>
+													<c:forEach items="${lables}" var="lable" >
+														<form:option value="${lable.serviceDictId}"><spring:message code="${lable.itemValue}"></spring:message></form:option>
+													</c:forEach>
+												</form:select>
+											</div>
+                                          
+                                        </div>
+									
+								</div>
+								
+								<div class="row">
+									<div class="col-md-2">
+										<div class="form-group">
+											<label><spring:message code="config_time"/>：</label>
+											<input name="search_create_time_start" type="text" readonly="readonly" maxlength="20" class="form-control Wdate"
+											value="<fmt:formatDate value='${cfg.search_create_time_start}' pattern='yyyy-MM-dd HH:mm:ss'/>" onClick="WdatePicker({dateFmt:'yyyy-MM-dd HH:mm:ss',isShowClear:true});"/>
+										</div>
+									</div>
+									
+									<div class="col-md-2">
+										<div class="form-group">
+											<label>&nbsp;</label>
+											<input name="search_create_time_end" type="text" readonly="readonly" maxlength="20" class="form-control Wdate"
+											value="<fmt:formatDate value="${cfg.search_create_time_end}" pattern="yyyy-MM-dd HH:mm:ss"/>" onclick="WdatePicker({dateFmt:'yyyy-MM-dd HH:mm:ss',isShowClear:true});"/>
+										
+										</div>
+									</div>
+									
+									<div class="col-md-2">
+										<div class="form-group">
+											<label><spring:message code="edit_time"/>：</label>
+											<input name="search_edit_time_start" type="text" readonly="readonly" maxlength="20" class="form-control Wdate"
+											value="<fmt:formatDate value="${cfg.search_edit_time_start}" pattern="yyyy-MM-dd HH:mm:ss"/>" onclick="WdatePicker({dateFmt:'yyyy-MM-dd HH:mm:ss',isShowClear:true});"/>
+										
+										</div>
+									</div>
+									
+									<div class="col-md-2">
+										<div class="form-group">
+											<label>&nbsp;</label>
+											<input name="search_edit_time_end" type="text" readonly="readonly" maxlength="20" class="form-control Wdate"
+											value="<fmt:formatDate value="${cfg.search_edit_time_end}" pattern="yyyy-MM-dd HH:mm:ss"/>" onclick="WdatePicker({dateFmt:'yyyy-MM-dd HH:mm:ss',isShowClear:true});"/>
+										
+										</div>
+									</div>
+									
+									<div class="col-md-2">
+										<div class="form-group">
+											<label><spring:message code="audit_time"/>：</label>
+											<input name="search_audit_time_start" type="text" readonly="readonly" maxlength="20" class="form-control Wdate"
+											value="<fmt:formatDate value="${cfg.search_audit_time_start}" pattern="yyyy-MM-dd HH:mm:ss"/>" onclick="WdatePicker({dateFmt:'yyyy-MM-dd HH:mm:ss',isShowClear:true});"/>
+										
+										</div>
+									</div>
+									
+									<div class="col-md-2">
+										<div class="form-group">
+											<label>&nbsp;</label>
+											<input name="search_audit_time_end" type="text" readonly="readonly" maxlength="20" class="form-control Wdate"
+											value="<fmt:formatDate value="${cfg.search_audit_time_end}" pattern="yyyy-MM-dd HH:mm:ss"/>" onclick="WdatePicker({dateFmt:'yyyy-MM-dd HH:mm:ss',isShowClear:true});"/>
+										
+										</div>
+									</div>
+								</div>
+								
+							
+							</div> 
+							
+							<!-- /筛选搜索内容栏    结束-->
+						</form:form>
+					</div>
+					<div class="table-responsive">
+					<sys:message content="${message}" />
+						<table id="contentTable" class="table table-striped table-bordered table-condensed text-nowrap">
+							<thead>
+								<tr>
+									<th><input type="checkbox" class="i-checks" id="checkAll"></th>
+									<%-- <th><spring:message code="seq"/></th> --%>
+									<th><spring:message code="cfg_type"/></th>
+									<th><spring:message code="keyring_name"/></th>
+									<th><spring:message code="keyring_type"/></th>
+									<th><spring:message code="private_key_file"/></th>
+									<th><spring:message code="public_key_file"/></th>
+									<th><spring:message code="expire_after"/></th>
+									<th><spring:message code="issuer"/></th>
+									<th><spring:message code="subject"/></th>
+									<th><spring:message code="notBeforeTime"/></th>
+									<th><spring:message code="notAfterTime"/></th>
+									<th><spring:message code="is_audit"/></th>
+									<%-- <th><spring:message code="whether_area_block"/></th> --%>
+									<th><spring:message code="letter"/></th>
+									<th><spring:message code="classification"/></th>
+									<th><spring:message code="attribute"/></th>
+									<th><spring:message code="label"/></th>
+									<th><spring:message code="valid_identifier"/></th>
+									<th><spring:message code="creator"/></th>
+									<th class="sort-column r.create_time"><spring:message code="config_time"/></th>
+									<th><spring:message code="editor"/></th>
+									<th class="sort-column r.edit_time"><spring:message code="edit_time"/></th>
+									<th><spring:message code="auditor"/></th>
+									<th class="sort-column r.audit_time"><spring:message code="audit_time"/></th>
+									<%-- <th><spring:message code="operation"></spring:message></th> --%>
+								</tr>
+							</thead>
+							<tbody>
+								<c:forEach items="${page.list }" var="cfg" varStatus="status" step="1">
+									<tr>
+									<td>
+										<input type="checkbox" class="i-checks" serviceId="${cfg.serviceId}" id="${cfg.cfgId}" value="${cfg.isAudit}">
+									</td>
+									<td>
+									<c:if test="${cfg.cfgType eq 'ip'}"><spring:message code="ip"/> <spring:message code="monit"/> </c:if>
+									<c:if test="${cfg.cfgType eq 'domain'}"><spring:message code="domain"/> <spring:message code="monit"/></c:if>
+									</td>
+									<td>${cfg.cfgDesc }</td>
+									<td>
+										<c:forEach items="${fns:getDictList('INTERCEPT_CERTIFICATE_TYPE') }" var="dict">
+											<c:if test="${dict.itemCode eq cfg.keyringType }">
+												<spring:message code="${dict.itemValue }"/>
+											</c:if>
+										</c:forEach>
+									</td>
+									<td>
+										<a href="${cfg.privateKeyFile }" target="_blank" data-original-title="${cfg.privateKeyFile }"
+										 class="tooltips" data-flag="false" data-html="true" data-placement="top">
+											${fn:substring(cfg.privateKeyFile,0,20) }
+										</a>
+									</td>
+									<td>
+										<a href="${cfg.publicKeyFile }" target="_blank" data-original-title="${cfg.publicKeyFile }"
+										 class="tooltips" data-flag="false" data-html="true" data-placement="top">
+											${fn:substring(cfg.publicKeyFile,0,20) }
+										</a>
+									</td>
+									<td>${cfg.expireAfter }</td>
+									<td>
+										<a href="javascript:void(0)" target="_blank" data-original-title="${cfg.issuer }"
+										 class="tooltips" data-flag="false" data-html="true" data-placement="top">
+											${fn:substring(cfg.issuer,0,20) }
+										</a>
+									</td>
+									<td>
+										<a href="javascript:void(0)" target="_blank" data-original-title="${cfg.subject }"
+										 class="tooltips" data-flag="false" data-html="true" data-placement="top">
+											${fn:substring(cfg.subject,0,20) }
+										</a>
+									</td>
+									<td>
+										<fmt:formatDate var="notBeforeTime" value="${cfg.notBeforeTime }" pattern="yyyy-MM-dd HH:ss:mm"/>
+										${notBeforeTime }
+									</td>
+									<td>
+										<fmt:formatDate var="notAfterTime" value="${cfg.notAfterTime }" pattern="yyyy-MM-dd HH:ss:mm"/>
+										${notAfterTime }
+									</td>
+									<td>
+										<c:choose>
+											<c:when test="${cfg.isAudit eq '0'}"><span class="label label-danger"><spring:message code="created"></spring:message></span></c:when>
+											<c:when test="${cfg.isAudit eq '1'}"><span class="label label-success"><spring:message code="approved"></spring:message></span></c:when>
+											<c:when test="${cfg.isAudit eq '2'}"><span class="label label-warning"><spring:message code="unapproved"></spring:message></span></c:when>
+											<c:when test="${cfg.isAudit eq '3'}"><span class="label label-warning"><spring:message code="cancel_approved"></spring:message></span></c:when>
+										</c:choose>
+									</td>
+									<td>${cfg.requestName }</td>
+									<td >
+										<c:set var="classify"></c:set>
+										<c:forEach items="${fn:split(cfg.classify,',')}" var="classifyId" varStatus="status">
+											<c:forEach items="${fls}" var="fl">
+												<c:if test="${classifyId eq fn:trim(fl.serviceDictId)}">
+												<c:if test="${status.index+1 eq 1}">
+													<c:set var="classify" value="${fl.itemValue}"></c:set>
+												</c:if>
+												<c:if test="${status.index+1 ne 1}">
+													<c:set var="classify" value="${classify},${fl.itemValue}"></c:set>
+												</c:if>
+												</c:if>
+											</c:forEach>
+										</c:forEach>
+										<a href="javascript:;" data-original-title="${classify}"
+										 class="tooltips" data-flag="false" data-html="true" data-placement="top">
+											${fns:abbr(classify,20)}
+										</a>
+									</td>
+									<td>
+										<c:set var="attribute"></c:set>
+										<c:forEach items="${fn:split(cfg.attribute,',')}" var="attributeId" varStatus="status">
+											<c:forEach items="${xzs}" var="xz">
+												<c:if test="${attributeId eq fn:trim(xz.serviceDictId)}">
+												<c:if test="${status.index+1 eq 1}">
+													<c:set var="attribute" value="${xz.itemValue}"></c:set>
+												</c:if>
+												<c:if test="${status.index+1 ne 1}">
+													<c:set var="attribute" value="${attribute},${xz.itemValue}"></c:set>
+												</c:if>
+												</c:if>
+											</c:forEach>
+										</c:forEach>
+										<a href="javascript:;" data-original-title="${attribute}"
+										 class="tooltips" data-flag="false" data-html="true" data-placement="top">
+											${fns:abbr(attribute,20)}
+										</a>
+									</td>
+									<td>
+										<c:set var="lableInfo"></c:set>
+										<c:forEach items="${fn:split(cfg.lable,',')}" var="lableId" varStatus="status">
+											<c:forEach items="${lables}" var="lable">
+												<c:if test="${lableId eq fn:trim(lable.serviceDictId)}">
+												<c:if test="${status.index+1 eq 1}">
+													<c:set var="lableInfo" value="${lable.itemValue}"></c:set>
+												</c:if>
+												<c:if test="${status.index+1 ne 1}">
+													<c:set var="lableInfo" value="${lableInfo},${lable.itemValue}"></c:set>
+												</c:if>
+												</c:if>
+											</c:forEach>
+										</c:forEach>
+										<a href="javascript:;" data-original-title="${lableInfo}"
+										 class="tooltips" data-flag="false" data-html="true" data-placement="top">
+											${fns:abbr(lableInfo,20)}
+										</a>
+									</td>
+									<%-- <td>${cfg.areaEffectiveIds }</td> --%>
+									<td>
+										<c:if test="${cfg.isValid==0}"><spring:message code="no"/></c:if>
+										<c:if test="${cfg.isValid==1}"><spring:message code="yes"/></c:if>
+										<c:if test="${cfg.isValid==-1}"><spring:message code="deleted"/></c:if>
+									</td>
+									
+									<td>${cfg.creatorName }</td>
+									<td><fmt:formatDate value="${cfg.createTime }" pattern="yyyy-MM-dd HH:mm:ss"/></td>
+									<td>${cfg.editorName }</td>
+									<td><fmt:formatDate value="${cfg.editTime }" pattern="yyyy-MM-dd HH:mm:ss"/></td>
+									<td>${cfg.auditorName }</td>
+									<td><fmt:formatDate value="${cfg.auditTime }" pattern="yyyy-MM-dd HH:mm:ss"/></td>
+								
+								</tr>
+								</c:forEach>
+							</tbody>
+						</table>
+						<div class="page">${page}</div>
+					</div>
+					
+				</div>
+			</div>
+</div>
+
+</body>
+</html>
\ No newline at end of file
diff --git a/src/main/webapp/WEB-INF/views/cfg/maintenance/dnsResStrategy/list.jsp b/src/main/webapp/WEB-INF/views/cfg/maintenance/dnsResStrategy/list.jsp
index 30f2d0782..f38aa4611 100644
--- a/src/main/webapp/WEB-INF/views/cfg/maintenance/dnsResStrategy/list.jsp
+++ b/src/main/webapp/WEB-INF/views/cfg/maintenance/dnsResStrategy/list.jsp
@@ -267,7 +267,6 @@
 									<th><spring:message code="max_ttl"/></th>
 									<th><spring:message code="block_type"/></th>
 									<th><spring:message code="is_audit"/></th>
-									<th><spring:message code="log_total"/></th>
 									<th><spring:message code="whether_area_block"/></th>
 									<th><spring:message code="letter"/></th>
 									<th><spring:message code="classification"/></th>
@@ -320,7 +319,6 @@
 											<c:when test="${cfg.isAudit eq '3'}"><span class="label label-warning"><spring:message code="cancel_approved"></spring:message></span></c:when>
 										</c:choose>
 									</td>
-									<td functionId="${cfg.functionId}" compileId="${cfg.compileId}" action="${cfg.action}"><div class="loading-total"></div></td>
 									<td>
 										<c:if test="${cfg.isAreaEffective==0}"><spring:message code="no"/></c:if>
 										<c:if test="${cfg.isAreaEffective==1}">
diff --git a/src/main/webapp/static/global/scripts/common.js b/src/main/webapp/static/global/scripts/common.js
index 701bf2f8b..2e6356f4a 100644
--- a/src/main/webapp/static/global/scripts/common.js
+++ b/src/main/webapp/static/global/scripts/common.js
@@ -476,7 +476,11 @@ var setInterceptDefaultInfo=function(cfgId){
 		$(".ratelimitAction").addClass("hidden");
 		$(".replaceAction").addClass("hidden");
 		if(interceptRatelimitIp == 'intercept_ratelimit_ip'){
-			//TODO隐藏不可选IP 协议
+			$("select[name='"+protocolNamePrefix+"protocol']").find("option[value=0]").removeAttr("disabled");
+			$("select[name='"+protocolNamePrefix+"protocol']").find("option[value=6]").removeAttr("disabled");
+			$("select[name='"+protocolNamePrefix+"protocol']").find("option[value=17]").removeAttr("disabled");
+			$("select[name='"+protocolNamePrefix+"protocol']").find("option[value=1]").attr("disabled",true);
+			$("select[name='"+protocolNamePrefix+"protocol']").selectpicker("refresh");
 		}
 		if(interceptReplacePktBin == 'intercept_replace_pkt_bin'){
 			$("."+interceptReplacePktBin).addClass("hidden");
@@ -488,7 +492,11 @@ var setInterceptDefaultInfo=function(cfgId){
 		$(".ratelimitAction").removeClass("hidden");
 		$(".replaceAction").addClass("hidden");
 		if(interceptRatelimitIp == 'intercept_ratelimit_ip'){	
-			//TODO隐藏不可选IP 协议
+			$("select[name='"+protocolNamePrefix+"protocol']").find("option[value=0]").removeAttr("disabled");
+			$("select[name='"+protocolNamePrefix+"protocol']").find("option[value=6]").removeAttr("disabled");
+			$("select[name='"+protocolNamePrefix+"protocol']").find("option[value=17]").removeAttr("disabled");
+			$("select[name='"+protocolNamePrefix+"protocol']").find("option[value=1]").attr("disabled",true);
+			$("select[name='"+protocolNamePrefix+"protocol']").selectpicker("refresh");
 		}
 		if(interceptReplacePktBin == 'intercept_replace_pkt_bin'){
 			$("."+interceptReplacePktBin).addClass("hidden");
@@ -500,7 +508,11 @@ var setInterceptDefaultInfo=function(cfgId){
 		$(".ratelimitAction").addClass("hidden");
 		$(".replaceAction").removeClass("hidden");
 		if(interceptRatelimitIp == 'intercept_ratelimit_ip'){
-			//TODO隐藏不可选IP 协议
+			$("select[name='"+protocolNamePrefix+"protocol']").find("option[value=0]").attr("disabled",true);
+			$("select[name='"+protocolNamePrefix+"protocol']").find("option[value=6]").attr("disabled",true);
+			$("select[name='"+protocolNamePrefix+"protocol']").find("option[value=17]").removeAttr("disabled");
+			$("select[name='"+protocolNamePrefix+"protocol']").find("option[value=1]").removeAttr("disabled");
+			$("select[name='"+protocolNamePrefix+"protocol']").selectpicker("refresh");
 		}
 		if(interceptReplacePktBin == 'intercept_replace_pkt_bin' && cfgId == ""){
 			$("."+interceptReplacePktBin).removeClass("hidden");
@@ -514,7 +526,11 @@ var setInterceptDefaultInfo=function(cfgId){
 		$(".ratelimitAction").addClass("hidden");
 		$(".replaceAction").addClass("hidden");
 		if(interceptRatelimitIp == 'intercept_ratelimit'){
-			//TODO隐藏不可选IP 协议
+			$("select[name='"+protocolNamePrefix+"protocol']").find("option[value=0]").removeAttr("disabled");
+			$("select[name='"+protocolNamePrefix+"protocol']").find("option[value=6]").removeAttr("disabled");
+			$("select[name='"+protocolNamePrefix+"protocol']").find("option[value=17]").removeAttr("disabled");
+			$("select[name='"+protocolNamePrefix+"protocol']").find("option[value=1]").attr("disabled",true);
+			$("select[name='"+protocolNamePrefix+"protocol']").selectpicker("refresh");
 		}
 		if(interceptReplacePktBin == 'intercept_replace_pkt_bin'){
 			$("."+interceptReplacePktBin).addClass("hidden");
@@ -648,6 +664,7 @@ var switchIpType=function(obj){
 	}
 }
 var switchAction=function(action){
+	/********************dns reject时选择策略**********************/
 	if(action == 16){ //reject
 		$(".policy").find("input,select,div,button").each(function(){
 			$(this).removeAttr("disabled");
@@ -660,6 +677,16 @@ var switchAction=function(action){
 			$(this).addClass("hidden");
 		})
 	}
+	
+	/*************************action切换时，隐藏白名单和drop的是否记录日志*****************************/
+	//drop whitelist
+	if(action == 32 || action==128){
+		$(".doLog").addClass("hidden");
+		$("input[name=doLog][value=0]").prop("checked",true);
+	}else{
+		$(".doLog").removeClass("hidden");
+		$("input[name=doLog][value=2]").prop("checked",true);
+	}
 }
 //ipType、ipPattern、portPattern选项变化时调用此方法，添加默认值
 var switchIpInfo=function(obj){
