访问日志列表显示WAF相关信息

2025-11-04 05:00:25 +08:00 · 2022-04-21 16:20:03 +08:00
parent dc74884f2d
commit d0b5c7e707
11 changed files with 460 additions and 34 deletions
--- a/internal/web/actions/default/servers/logs/index.go
+++ b/internal/web/actions/default/servers/logs/index.go
@@ -7,6 +7,7 @@ import (
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/iwind/TeaGo/lists"
+	"github.com/iwind/TeaGo/maps"
 	timeutil "github.com/iwind/TeaGo/utils/time"
 	"regexp"
 	"strings"
@@ -59,8 +60,9 @@ func (this *IndexAction) RunGet(params struct {
 	this.Data["slowQueryCost"] = ""
 	this.Data["partition"] = params.Partition

-	day := params.Day
-	ipList := []string{}
+	var day = params.Day
+	var ipList = []string{}
+	var wafMaps = []maps.Map{}

 	if len(day) > 0 && regexp.MustCompile(`\d{4}-\d{2}-\d{2}`).MatchString(day) {
 		day = strings.ReplaceAll(day, "-", "")
@@ -104,11 +106,31 @@ func (this *IndexAction) RunGet(params struct {
 		} else {
 			this.Data["accessLogs"] = resp.HttpAccessLogs
 			for _, accessLog := range resp.HttpAccessLogs {
+				// IP信息集合
 				if len(accessLog.RemoteAddr) > 0 {
 					if !lists.ContainsString(ipList, accessLog.RemoteAddr) {
 						ipList = append(ipList, accessLog.RemoteAddr)
 					}
 				}
+
+				// WAF信息集合
+				if accessLog.FirewallPolicyId > 0 && accessLog.FirewallRuleGroupId > 0 && accessLog.FirewallRuleSetId > 0 {
+					// 检查Set是否已经存在
+					var existSet = false
+					for _, wafMap := range wafMaps {
+						if wafMap.GetInt64("setId") == accessLog.FirewallRuleSetId {
+							existSet = true
+							break
+						}
+					}
+					if !existSet {
+						wafMaps = append(wafMaps, maps.Map{
+							"policyId": accessLog.FirewallPolicyId,
+							"groupId":  accessLog.FirewallRuleGroupId,
+							"setId":    accessLog.FirewallRuleSetId,
+						})
+					}
+				}
 			}
 		}
 		this.Data["hasMore"] = resp.HasMore
@@ -147,7 +169,7 @@ func (this *IndexAction) RunGet(params struct {
 	}

 	// 根据IP查询区域
-	regionMap := map[string]string{} // ip => region
+	var regionMap = map[string]string{} // ip => region
 	if len(ipList) > 0 {
 		resp, err := this.RPC().IPLibraryRPC().LookupIPRegions(this.AdminContext(), &pb.LookupIPRegionsRequest{IpList: ipList})
 		if err != nil {
@@ -162,5 +184,79 @@ func (this *IndexAction) RunGet(params struct {
 	}
 	this.Data["regions"] = regionMap

+	// WAF相关
+	var wafInfos = map[int64]maps.Map{}                          // set id => WAF Map
+	var wafPolicyCacheMap = map[int64]*pb.HTTPFirewallPolicy{}   // id => *pb.HTTPFirewallPolicy
+	var wafGroupCacheMap = map[int64]*pb.HTTPFirewallRuleGroup{} // id => *pb.HTTPFirewallRuleGroup
+	var wafSetCacheMap = map[int64]*pb.HTTPFirewallRuleSet{}     // id => *pb.HTTPFirewallRuleSet
+	for _, wafMap := range wafMaps {
+		var policyId = wafMap.GetInt64("policyId")
+		var groupId = wafMap.GetInt64("groupId")
+		var setId = wafMap.GetInt64("setId")
+		if policyId > 0 {
+			pbPolicy, ok := wafPolicyCacheMap[policyId]
+			if !ok {
+				policyResp, err := this.RPC().HTTPFirewallPolicyRPC().FindEnabledHTTPFirewallPolicy(this.AdminContext(), &pb.FindEnabledHTTPFirewallPolicyRequest{HttpFirewallPolicyId: policyId})
+				if err != nil {
+					this.ErrorPage(err)
+					return
+				}
+				pbPolicy = policyResp.HttpFirewallPolicy
+				wafPolicyCacheMap[policyId] = pbPolicy
+			}
+			if pbPolicy != nil {
+				wafMap = maps.Map{
+					"policy": maps.Map{
+						"id":       pbPolicy.Id,
+						"name":     pbPolicy.Name,
+						"serverId": pbPolicy.ServerId,
+					},
+				}
+				if groupId > 0 {
+					pbGroup, ok := wafGroupCacheMap[groupId]
+					if !ok {
+						groupResp, err := this.RPC().HTTPFirewallRuleGroupRPC().FindEnabledHTTPFirewallRuleGroup(this.AdminContext(), &pb.FindEnabledHTTPFirewallRuleGroupRequest{FirewallRuleGroupId: groupId})
+						if err != nil {
+							this.ErrorPage(err)
+							return
+						}
+						pbGroup = groupResp.FirewallRuleGroup
+						wafGroupCacheMap[groupId] = pbGroup
+					}
+
+					if pbGroup != nil {
+						wafMap["group"] = maps.Map{
+							"id":   pbGroup.Id,
+							"name": pbGroup.Name,
+						}
+
+						if setId > 0 {
+							pbSet, ok := wafSetCacheMap[setId]
+							if !ok {
+								setResp, err := this.RPC().HTTPFirewallRuleSetRPC().FindEnabledHTTPFirewallRuleSet(this.AdminContext(), &pb.FindEnabledHTTPFirewallRuleSetRequest{FirewallRuleSetId: setId})
+								if err != nil {
+									this.ErrorPage(err)
+									return
+								}
+								pbSet = setResp.FirewallRuleSet
+								wafSetCacheMap[setId] = pbSet
+							}
+
+							if pbSet != nil {
+								wafMap["set"] = maps.Map{
+									"id":   pbSet.Id,
+									"name": pbSet.Name,
+								}
+							}
+						}
+					}
+				}
+			}
+		}
+
+		wafInfos[setId] = wafMap
+	}
+	this.Data["wafInfos"] = wafInfos
+
 	this.Show()
 }
--- a/internal/web/actions/default/servers/server/log/history.go
+++ b/internal/web/actions/default/servers/server/log/history.go
@@ -4,6 +4,7 @@ import (
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/iwind/TeaGo/lists"
+	"github.com/iwind/TeaGo/maps"
 	timeutil "github.com/iwind/TeaGo/utils/time"
 	"regexp"
 	"strings"
@@ -55,8 +56,9 @@ func (this *HistoryAction) RunGet(params struct {
 	this.Data["nodeId"] = params.NodeId
 	this.Data["partition"] = params.Partition

-	day := params.Day
-	ipList := []string{}
+	var day = params.Day
+	var ipList = []string{}
+	var wafMaps = []maps.Map{}

 	if len(day) > 0 && regexp.MustCompile(`\d{4}-\d{2}-\d{2}`).MatchString(day) {
 		day = strings.ReplaceAll(day, "-", "")
@@ -93,11 +95,31 @@ func (this *HistoryAction) RunGet(params struct {
 		} else {
 			this.Data["accessLogs"] = resp.HttpAccessLogs
 			for _, accessLog := range resp.HttpAccessLogs {
+				// IP
 				if len(accessLog.RemoteAddr) > 0 {
 					if !lists.ContainsString(ipList, accessLog.RemoteAddr) {
 						ipList = append(ipList, accessLog.RemoteAddr)
 					}
 				}
+
+				// WAF信息集合
+				if accessLog.FirewallPolicyId > 0 && accessLog.FirewallRuleGroupId > 0 && accessLog.FirewallRuleSetId > 0 {
+					// 检查Set是否已经存在
+					var existSet = false
+					for _, wafMap := range wafMaps {
+						if wafMap.GetInt64("setId") == accessLog.FirewallRuleSetId {
+							existSet = true
+							break
+						}
+					}
+					if !existSet {
+						wafMaps = append(wafMaps, maps.Map{
+							"policyId": accessLog.FirewallPolicyId,
+							"groupId":  accessLog.FirewallRuleGroupId,
+							"setId":    accessLog.FirewallRuleSetId,
+						})
+					}
+				}
 			}
 		}
 		this.Data["hasMore"] = resp.HasMore
@@ -134,7 +156,7 @@ func (this *HistoryAction) RunGet(params struct {
 	}

 	// 根据IP查询区域
-	regionMap := map[string]string{} // ip => region
+	var regionMap = map[string]string{} // ip => region
 	if len(ipList) > 0 {
 		resp, err := this.RPC().IPLibraryRPC().LookupIPRegions(this.AdminContext(), &pb.LookupIPRegionsRequest{IpList: ipList})
 		if err != nil {
@@ -149,5 +171,79 @@ func (this *HistoryAction) RunGet(params struct {
 	}
 	this.Data["regions"] = regionMap

+	// WAF相关
+	var wafInfos = map[int64]maps.Map{}                          // set id => WAF Map
+	var wafPolicyCacheMap = map[int64]*pb.HTTPFirewallPolicy{}   // id => *pb.HTTPFirewallPolicy
+	var wafGroupCacheMap = map[int64]*pb.HTTPFirewallRuleGroup{} // id => *pb.HTTPFirewallRuleGroup
+	var wafSetCacheMap = map[int64]*pb.HTTPFirewallRuleSet{}     // id => *pb.HTTPFirewallRuleSet
+	for _, wafMap := range wafMaps {
+		var policyId = wafMap.GetInt64("policyId")
+		var groupId = wafMap.GetInt64("groupId")
+		var setId = wafMap.GetInt64("setId")
+		if policyId > 0 {
+			pbPolicy, ok := wafPolicyCacheMap[policyId]
+			if !ok {
+				policyResp, err := this.RPC().HTTPFirewallPolicyRPC().FindEnabledHTTPFirewallPolicy(this.AdminContext(), &pb.FindEnabledHTTPFirewallPolicyRequest{HttpFirewallPolicyId: policyId})
+				if err != nil {
+					this.ErrorPage(err)
+					return
+				}
+				pbPolicy = policyResp.HttpFirewallPolicy
+				wafPolicyCacheMap[policyId] = pbPolicy
+			}
+			if pbPolicy != nil {
+				wafMap = maps.Map{
+					"policy": maps.Map{
+						"id":       pbPolicy.Id,
+						"name":     pbPolicy.Name,
+						"serverId": pbPolicy.ServerId,
+					},
+				}
+				if groupId > 0 {
+					pbGroup, ok := wafGroupCacheMap[groupId]
+					if !ok {
+						groupResp, err := this.RPC().HTTPFirewallRuleGroupRPC().FindEnabledHTTPFirewallRuleGroup(this.AdminContext(), &pb.FindEnabledHTTPFirewallRuleGroupRequest{FirewallRuleGroupId: groupId})
+						if err != nil {
+							this.ErrorPage(err)
+							return
+						}
+						pbGroup = groupResp.FirewallRuleGroup
+						wafGroupCacheMap[groupId] = pbGroup
+					}
+
+					if pbGroup != nil {
+						wafMap["group"] = maps.Map{
+							"id":   pbGroup.Id,
+							"name": pbGroup.Name,
+						}
+
+						if setId > 0 {
+							pbSet, ok := wafSetCacheMap[setId]
+							if !ok {
+								setResp, err := this.RPC().HTTPFirewallRuleSetRPC().FindEnabledHTTPFirewallRuleSet(this.AdminContext(), &pb.FindEnabledHTTPFirewallRuleSetRequest{FirewallRuleSetId: setId})
+								if err != nil {
+									this.ErrorPage(err)
+									return
+								}
+								pbSet = setResp.FirewallRuleSet
+								wafSetCacheMap[setId] = pbSet
+							}
+
+							if pbSet != nil {
+								wafMap["set"] = maps.Map{
+									"id":   pbSet.Id,
+									"name": pbSet.Name,
+								}
+							}
+						}
+					}
+				}
+			}
+		}
+
+		wafInfos[setId] = wafMap
+	}
+	this.Data["wafInfos"] = wafInfos
+
 	this.Show()
 }
--- a/internal/web/actions/default/servers/server/log/index.go
+++ b/internal/web/actions/default/servers/server/log/index.go
@@ -5,6 +5,7 @@ import (
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/iwind/TeaGo/actions"
 	"github.com/iwind/TeaGo/lists"
+	"github.com/iwind/TeaGo/maps"
 	timeutil "github.com/iwind/TeaGo/utils/time"
 )

@@ -61,7 +62,7 @@ func (this *IndexAction) RunPost(params struct {

 	Must *actions.Must
 }) {
-	isReverse := len(params.RequestId) > 0
+	var isReverse = len(params.RequestId) > 0
 	accessLogsResp, err := this.RPC().HTTPAccessLogRPC().ListHTTPAccessLogs(this.AdminContext(), &pb.ListHTTPAccessLogsRequest{
 		Partition:     params.Partition,
 		ServerId:      params.ServerId,
@@ -80,17 +81,39 @@ func (this *IndexAction) RunPost(params struct {
 		return
 	}

-	ipList := []string{}
-	accessLogs := accessLogsResp.HttpAccessLogs
+	var ipList = []string{}
+	var wafMaps = []maps.Map{}
+	
+	var accessLogs = accessLogsResp.HttpAccessLogs
 	if len(accessLogs) == 0 {
 		accessLogs = []*pb.HTTPAccessLog{}
 	} else {
 		for _, accessLog := range accessLogs {
+			// IP
 			if len(accessLog.RemoteAddr) > 0 {
 				if !lists.ContainsString(ipList, accessLog.RemoteAddr) {
 					ipList = append(ipList, accessLog.RemoteAddr)
 				}
 			}
+
+			// WAF信息集合
+			if accessLog.FirewallPolicyId > 0 && accessLog.FirewallRuleGroupId > 0 && accessLog.FirewallRuleSetId > 0 {
+				// 检查Set是否已经存在
+				var existSet = false
+				for _, wafMap := range wafMaps {
+					if wafMap.GetInt64("setId") == accessLog.FirewallRuleSetId {
+						existSet = true
+						break
+					}
+				}
+				if !existSet {
+					wafMaps = append(wafMaps, maps.Map{
+						"policyId": accessLog.FirewallPolicyId,
+						"groupId":  accessLog.FirewallRuleGroupId,
+						"setId":    accessLog.FirewallRuleSetId,
+					})
+				}
+			}
 		}
 	}
 	this.Data["accessLogs"] = accessLogs
@@ -102,7 +125,7 @@ func (this *IndexAction) RunPost(params struct {
 	this.Data["hasMore"] = accessLogsResp.HasMore

 	// 根据IP查询区域
-	regionMap := map[string]string{} // ip => region
+	var regionMap = map[string]string{} // ip => region
 	if len(ipList) > 0 {
 		resp, err := this.RPC().IPLibraryRPC().LookupIPRegions(this.AdminContext(), &pb.LookupIPRegionsRequest{IpList: ipList})
 		if err != nil {
@@ -117,5 +140,79 @@ func (this *IndexAction) RunPost(params struct {
 	}
 	this.Data["regions"] = regionMap

+	// WAF相关
+	var wafInfos = map[int64]maps.Map{}                          // set id => WAF Map
+	var wafPolicyCacheMap = map[int64]*pb.HTTPFirewallPolicy{}   // id => *pb.HTTPFirewallPolicy
+	var wafGroupCacheMap = map[int64]*pb.HTTPFirewallRuleGroup{} // id => *pb.HTTPFirewallRuleGroup
+	var wafSetCacheMap = map[int64]*pb.HTTPFirewallRuleSet{}     // id => *pb.HTTPFirewallRuleSet
+	for _, wafMap := range wafMaps {
+		var policyId = wafMap.GetInt64("policyId")
+		var groupId = wafMap.GetInt64("groupId")
+		var setId = wafMap.GetInt64("setId")
+		if policyId > 0 {
+			pbPolicy, ok := wafPolicyCacheMap[policyId]
+			if !ok {
+				policyResp, err := this.RPC().HTTPFirewallPolicyRPC().FindEnabledHTTPFirewallPolicy(this.AdminContext(), &pb.FindEnabledHTTPFirewallPolicyRequest{HttpFirewallPolicyId: policyId})
+				if err != nil {
+					this.ErrorPage(err)
+					return
+				}
+				pbPolicy = policyResp.HttpFirewallPolicy
+				wafPolicyCacheMap[policyId] = pbPolicy
+			}
+			if pbPolicy != nil {
+				wafMap = maps.Map{
+					"policy": maps.Map{
+						"id":       pbPolicy.Id,
+						"name":     pbPolicy.Name,
+						"serverId": pbPolicy.ServerId,
+					},
+				}
+				if groupId > 0 {
+					pbGroup, ok := wafGroupCacheMap[groupId]
+					if !ok {
+						groupResp, err := this.RPC().HTTPFirewallRuleGroupRPC().FindEnabledHTTPFirewallRuleGroup(this.AdminContext(), &pb.FindEnabledHTTPFirewallRuleGroupRequest{FirewallRuleGroupId: groupId})
+						if err != nil {
+							this.ErrorPage(err)
+							return
+						}
+						pbGroup = groupResp.FirewallRuleGroup
+						wafGroupCacheMap[groupId] = pbGroup
+					}
+
+					if pbGroup != nil {
+						wafMap["group"] = maps.Map{
+							"id":   pbGroup.Id,
+							"name": pbGroup.Name,
+						}
+
+						if setId > 0 {
+							pbSet, ok := wafSetCacheMap[setId]
+							if !ok {
+								setResp, err := this.RPC().HTTPFirewallRuleSetRPC().FindEnabledHTTPFirewallRuleSet(this.AdminContext(), &pb.FindEnabledHTTPFirewallRuleSetRequest{FirewallRuleSetId: setId})
+								if err != nil {
+									this.ErrorPage(err)
+									return
+								}
+								pbSet = setResp.FirewallRuleSet
+								wafSetCacheMap[setId] = pbSet
+							}
+
+							if pbSet != nil {
+								wafMap["set"] = maps.Map{
+									"id":   pbSet.Id,
+									"name": pbSet.Name,
+								}
+							}
+						}
+					}
+				}
+			}
+		}
+
+		wafInfos[setId] = wafMap
+	}
+	this.Data["wafInfos"] = wafInfos
+
 	this.Success()
 }
--- a/internal/web/actions/default/servers/server/log/today.go
+++ b/internal/web/actions/default/servers/server/log/today.go
@@ -4,6 +4,7 @@ import (
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/iwind/TeaGo/lists"
+	"github.com/iwind/TeaGo/maps"
 	timeutil "github.com/iwind/TeaGo/utils/time"
 )

@@ -33,7 +34,7 @@ func (this *TodayAction) RunGet(params struct {
 }) {
 	this.Data["pageSize"] = params.PageSize

-	size := int64(params.PageSize)
+	var size = int64(params.PageSize)
 	if size < 1 {
 		size = 20
 	}
@@ -68,17 +69,39 @@ func (this *TodayAction) RunGet(params struct {
 		return
 	}

-	ipList := []string{}
+	var ipList = []string{}
+	var wafMaps = []maps.Map{}
+
 	if len(resp.HttpAccessLogs) == 0 {
 		this.Data["accessLogs"] = []interface{}{}
 	} else {
 		this.Data["accessLogs"] = resp.HttpAccessLogs
 		for _, accessLog := range resp.HttpAccessLogs {
+			// IP
 			if len(accessLog.RemoteAddr) > 0 {
 				if !lists.ContainsString(ipList, accessLog.RemoteAddr) {
 					ipList = append(ipList, accessLog.RemoteAddr)
 				}
 			}
+
+			// WAF信息集合
+			if accessLog.FirewallPolicyId > 0 && accessLog.FirewallRuleGroupId > 0 && accessLog.FirewallRuleSetId > 0 {
+				// 检查Set是否已经存在
+				var existSet = false
+				for _, wafMap := range wafMaps {
+					if wafMap.GetInt64("setId") == accessLog.FirewallRuleSetId {
+						existSet = true
+						break
+					}
+				}
+				if !existSet {
+					wafMaps = append(wafMaps, maps.Map{
+						"policyId": accessLog.FirewallPolicyId,
+						"groupId":  accessLog.FirewallRuleGroupId,
+						"setId":    accessLog.FirewallRuleSetId,
+					})
+				}
+			}
 		}
 	}
 	this.Data["hasMore"] = resp.HasMore
@@ -114,7 +137,7 @@ func (this *TodayAction) RunGet(params struct {
 	}

 	// 根据IP查询区域
-	regionMap := map[string]string{} // ip => region
+	var regionMap = map[string]string{} // ip => region
 	if len(ipList) > 0 {
 		resp, err := this.RPC().IPLibraryRPC().LookupIPRegions(this.AdminContext(), &pb.LookupIPRegionsRequest{IpList: ipList})
 		if err != nil {
@@ -129,5 +152,79 @@ func (this *TodayAction) RunGet(params struct {
 	}
 	this.Data["regions"] = regionMap

+	// WAF相关
+	var wafInfos = map[int64]maps.Map{}                          // set id => WAF Map
+	var wafPolicyCacheMap = map[int64]*pb.HTTPFirewallPolicy{}   // id => *pb.HTTPFirewallPolicy
+	var wafGroupCacheMap = map[int64]*pb.HTTPFirewallRuleGroup{} // id => *pb.HTTPFirewallRuleGroup
+	var wafSetCacheMap = map[int64]*pb.HTTPFirewallRuleSet{}     // id => *pb.HTTPFirewallRuleSet
+	for _, wafMap := range wafMaps {
+		var policyId = wafMap.GetInt64("policyId")
+		var groupId = wafMap.GetInt64("groupId")
+		var setId = wafMap.GetInt64("setId")
+		if policyId > 0 {
+			pbPolicy, ok := wafPolicyCacheMap[policyId]
+			if !ok {
+				policyResp, err := this.RPC().HTTPFirewallPolicyRPC().FindEnabledHTTPFirewallPolicy(this.AdminContext(), &pb.FindEnabledHTTPFirewallPolicyRequest{HttpFirewallPolicyId: policyId})
+				if err != nil {
+					this.ErrorPage(err)
+					return
+				}
+				pbPolicy = policyResp.HttpFirewallPolicy
+				wafPolicyCacheMap[policyId] = pbPolicy
+			}
+			if pbPolicy != nil {
+				wafMap = maps.Map{
+					"policy": maps.Map{
+						"id":       pbPolicy.Id,
+						"name":     pbPolicy.Name,
+						"serverId": pbPolicy.ServerId,
+					},
+				}
+				if groupId > 0 {
+					pbGroup, ok := wafGroupCacheMap[groupId]
+					if !ok {
+						groupResp, err := this.RPC().HTTPFirewallRuleGroupRPC().FindEnabledHTTPFirewallRuleGroup(this.AdminContext(), &pb.FindEnabledHTTPFirewallRuleGroupRequest{FirewallRuleGroupId: groupId})
+						if err != nil {
+							this.ErrorPage(err)
+							return
+						}
+						pbGroup = groupResp.FirewallRuleGroup
+						wafGroupCacheMap[groupId] = pbGroup
+					}
+
+					if pbGroup != nil {
+						wafMap["group"] = maps.Map{
+							"id":   pbGroup.Id,
+							"name": pbGroup.Name,
+						}
+
+						if setId > 0 {
+							pbSet, ok := wafSetCacheMap[setId]
+							if !ok {
+								setResp, err := this.RPC().HTTPFirewallRuleSetRPC().FindEnabledHTTPFirewallRuleSet(this.AdminContext(), &pb.FindEnabledHTTPFirewallRuleSetRequest{FirewallRuleSetId: setId})
+								if err != nil {
+									this.ErrorPage(err)
+									return
+								}
+								pbSet = setResp.FirewallRuleSet
+								wafSetCacheMap[setId] = pbSet
+							}
+
+							if pbSet != nil {
+								wafMap["set"] = maps.Map{
+									"id":   pbSet.Id,
+									"name": pbSet.Name,
+								}
+							}
+						}
+					}
+				}
+			}
+		}
+
+		wafInfos[setId] = wafMap
+	}
+	this.Data["wafInfos"] = wafInfos
+
 	this.Show()
 }
--- a/web/public/js/components/common/labels.js
+++ b/web/public/js/components/common/labels.js
@@ -14,6 +14,11 @@ Vue.component("code-label", {
 	template: `<span class="ui label basic tiny" style="padding: 3px;margin-left:2px;margin-right:2px" @click.prevent="click"><slot></slot></span>`
 })

+Vue.component("code-label-plain", {
+	template: `<span class="ui label basic tiny" style="padding: 3px;margin-left:2px;margin-right:2px"><slot></slot></span>`
+})
+
+
 // tiny标签
 Vue.component("tiny-label", {
 	template: `<span class="ui label tiny" style="margin-bottom: 0.5em"><slot></slot></span>`
--- a/web/public/js/components/server/http-access-log-box.js
+++ b/web/public/js/components/server/http-access-log-box.js
@@ -52,9 +52,25 @@ Vue.component("http-access-log-box", {
 		}
 	},
 	template: `<div style="word-break: break-all" :style="{'color': (accessLog.status >= 400) ? '#dc143c' : ''}" ref="box">
-	<a v-if="accessLog.node != null && accessLog.node.nodeCluster != null" :href="'/clusters/cluster/node?nodeId=' + accessLog.node.id + '&clusterId=' + accessLog.node.nodeCluster.id" title="点击查看节点详情" target="_top"><span class="grey">[{{accessLog.node.name}}<span v-if="!accessLog.node.name.endsWith('节点')">节点</span>]</span></a>
-	<a :href="'/servers/server/log?serverId=' + accessLog.serverId" title="点击到网站服务" v-if="vShowServerLink"><span class="grey">[服务]</span></a>
-	<span v-if="accessLog.region != null && accessLog.region.length > 0" class="grey"><ip-box :v-ip="accessLog.remoteAddr">[{{accessLog.region}}]</ip-box></span> <ip-box><keyword :v-word="vKeyword">{{accessLog.remoteAddr}}</keyword></ip-box> [{{accessLog.timeLocal}}] <em>&quot;<keyword :v-word="vKeyword">{{accessLog.requestMethod}}</keyword> {{accessLog.scheme}}://<keyword :v-word="vKeyword">{{accessLog.host}}</keyword><keyword :v-word="vKeyword">{{accessLog.requestURI}}</keyword> <a :href="accessLog.scheme + '://' + accessLog.host + accessLog.requestURI" target="_blank" title="新窗口打开" class="disabled"><i class="external icon tiny"></i> </a> {{accessLog.proto}}&quot; </em> <keyword :v-word="vKeyword">{{accessLog.status}}</keyword> <code-label v-if="accessLog.attrs != null && (accessLog.attrs['cache.status'] == 'HIT' || accessLog.attrs['cache.status'] == 'STALE')">cache {{accessLog.attrs['cache.status'].toLowerCase()}}</code-label> <code-label v-if="accessLog.firewallActions != null && accessLog.firewallActions.length > 0">waf {{accessLog.firewallActions}}</code-label> <span v-if="accessLog.tags != null && accessLog.tags.length > 0">- <code-label v-for="tag in accessLog.tags" :key="tag">{{tag}}</code-label></span> - 耗时:{{formatCost(accessLog.requestTime)}} ms <span v-if="accessLog.humanTime != null && accessLog.humanTime.length > 0" class="grey small">&nbsp; ({{accessLog.humanTime}})</span>
-	&nbsp; <a href="" @click.prevent="showLog" title="查看详情"><i class="icon expand"></i></a>
+	<div>
+		<a v-if="accessLog.node != null && accessLog.node.nodeCluster != null" :href="'/clusters/cluster/node?nodeId=' + accessLog.node.id + '&clusterId=' + accessLog.node.nodeCluster.id" title="点击查看节点详情" target="_top"><span class="grey">[{{accessLog.node.name}}<span v-if="!accessLog.node.name.endsWith('节点')">节点</span>]</span></a>
+		<a :href="'/servers/server/log?serverId=' + accessLog.serverId" title="点击到网站服务" v-if="vShowServerLink"><span class="grey">[服务]</span></a>
+		<span v-if="accessLog.region != null && accessLog.region.length > 0" class="grey"><ip-box :v-ip="accessLog.remoteAddr">[{{accessLog.region}}]</ip-box></span> <ip-box><keyword :v-word="vKeyword">{{accessLog.remoteAddr}}</keyword></ip-box> [{{accessLog.timeLocal}}] <em>&quot;<keyword :v-word="vKeyword">{{accessLog.requestMethod}}</keyword> {{accessLog.scheme}}://<keyword :v-word="vKeyword">{{accessLog.host}}</keyword><keyword :v-word="vKeyword">{{accessLog.requestURI}}</keyword> <a :href="accessLog.scheme + '://' + accessLog.host + accessLog.requestURI" target="_blank" title="新窗口打开" class="disabled"><i class="external icon tiny"></i> </a> {{accessLog.proto}}&quot; </em> <keyword :v-word="vKeyword">{{accessLog.status}}</keyword> <code-label v-if="accessLog.attrs != null && (accessLog.attrs['cache.status'] == 'HIT' || accessLog.attrs['cache.status'] == 'STALE')">cache {{accessLog.attrs['cache.status'].toLowerCase()}}</code-label> <code-label v-if="accessLog.firewallActions != null && accessLog.firewallActions.length > 0">waf {{accessLog.firewallActions}}</code-label> <span v-if="accessLog.tags != null && accessLog.tags.length > 0">- <code-label v-for="tag in accessLog.tags" :key="tag">{{tag}}</code-label></span>
+		
+		<span  v-if="accessLog.wafInfo != null">
+			<a :href="(accessLog.wafInfo.policy.serverId == 0) ? '/servers/components/waf/group?firewallPolicyId=' +  accessLog.firewallPolicyId + '&type=inbound&groupId=' + accessLog.firewallRuleGroupId+ '#set' + accessLog.firewallRuleSetId : '/servers/server/settings/waf/group?serverId=' + accessLog.serverId + '&firewallPolicyId=' + accessLog.firewallPolicyId + '&type=inbound&groupId=' + accessLog.firewallRuleGroupId + '#set' + accessLog.firewallRuleSetId" target="_blank">
+				<code-label-plain>
+					<span class="red">
+						WAF --
+						<span v-if="accessLog.wafInfo.group != null">{{accessLog.wafInfo.group.name}} --</span>
+						<span v-if="accessLog.wafInfo.set != null">{{accessLog.wafInfo.set.name}}</span>
+					</span>
+				</code-label-plain>
+			</a>
+		</span>
+			
+		<span v-if="accessLog.requestTime != null"> - 耗时:{{formatCost(accessLog.requestTime)}} ms </span><span v-if="accessLog.humanTime != null && accessLog.humanTime.length > 0" class="grey small">&nbsp; ({{accessLog.humanTime}})</span>
+		&nbsp; <a href="" @click.prevent="showLog" title="查看详情"><i class="icon expand"></i></a>
+	</div>
 </div>`
 })
--- a/web/public/js/components/server/http-access-log-config-box.js
+++ b/web/public/js/components/server/http-access-log-config-box.js
@@ -54,13 +54,12 @@ Vue.component("http-access-log-config-box", {
 		<prior-checkbox :v-config="accessLog" v-if="vIsLocation || vIsGroup"></prior-checkbox>
 		<tbody v-show="(!vIsLocation && !vIsGroup) || accessLog.isPrior">
 			<tr>
-				<td class="title">是否开启访问日志存储</td>
+				<td class="title">开启访问日志</td>
 				<td>
 					<div class="ui checkbox">
 						<input type="checkbox" v-model="accessLog.isOn"/>
 						<label></label>
 					</div>
-					<p class="comment">关闭访问日志，并不影响统计的运行。</p>
 				</td>
 			</tr>
 		</tbody>
@@ -123,7 +122,7 @@ Vue.component("http-access-log-config-box", {
        <h4>WAF相关</h4>
        <table class="ui table definition selectable">
            <tr>
-                <td class="title">是否只记录WAF相关日志</td>
+                <td class="title">只记录WAF相关日志</td>
                <td>
                    <checkbox v-model="accessLog.firewallOnly"></checkbox>
                    <p class="comment">选中后只记录WAF相关的日志。通过此选项可有效减少访问日志数量，降低网络带宽和存储压力。</p>
--- a/web/views/@default/servers/logs/index.js
+++ b/web/views/@default/servers/logs/index.js
@@ -1,17 +1,22 @@
 Tea.context(function () {
-    this.$delay(function () {
-        let that = this
-        teaweb.datepicker("day-input", function (day) {
-            that.day = day
-        })
-    })
+	this.$delay(function () {
+		let that = this
+		teaweb.datepicker("day-input", function (day) {
+			that.day = day
+		})
+	})

-    let that = this
-    this.accessLogs.forEach(function (accessLog) {
-        if (typeof (that.regions[accessLog.remoteAddr]) == "string") {
-            accessLog.region = that.regions[accessLog.remoteAddr]
-        } else {
-            accessLog.region = ""
-        }
-    })
+	let that = this
+	this.accessLogs.forEach(function (accessLog) {
+		if (typeof (that.regions[accessLog.remoteAddr]) == "string") {
+			accessLog.region = that.regions[accessLog.remoteAddr]
+		} else {
+			accessLog.region = ""
+		}
+		if (accessLog.firewallRuleSetId > 0 && typeof (that.wafInfos[accessLog.firewallRuleSetId]) == "object") {
+			accessLog.wafInfo = that.wafInfos[accessLog.firewallRuleSetId]
+		} else {
+			accessLog.wafInfo = null
+		}
+	})
 })
--- a/web/views/@default/servers/server/log/history.js
+++ b/web/views/@default/servers/server/log/history.js
@@ -13,5 +13,10 @@ Tea.context(function () {
        } else {
            accessLog.region = ""
        }
+		if (accessLog.firewallRuleSetId > 0 && typeof (that.wafInfos[accessLog.firewallRuleSetId]) == "object") {
+			accessLog.wafInfo = that.wafInfos[accessLog.firewallRuleSetId]
+		} else {
+			accessLog.wafInfo = null
+		}
    })
 })
--- a/web/views/@default/servers/server/log/index.js
+++ b/web/views/@default/servers/server/log/index.js
@@ -30,6 +30,11 @@ Tea.context(function () {
 					} else {
 						accessLog.region = ""
 					}
+					if (accessLog.firewallRuleSetId > 0 && typeof (resp.data.wafInfos[accessLog.firewallRuleSetId]) == "object") {
+						accessLog.wafInfo = resp.data.wafInfos[accessLog.firewallRuleSetId]
+					} else {
+						accessLog.wafInfo = null
+					}
 				})

 				let max = 100
--- a/web/views/@default/servers/server/log/today.js
+++ b/web/views/@default/servers/server/log/today.js
@@ -6,5 +6,10 @@ Tea.context(function () {
        } else {
            accessLog.region = ""
        }
+		if (accessLog.firewallRuleSetId > 0 && typeof (that.wafInfos[accessLog.firewallRuleSetId]) == "object") {
+			accessLog.wafInfo = that.wafInfos[accessLog.firewallRuleSetId]
+		} else {
+			accessLog.wafInfo = null
+		}
    })
 })