diff --git a/pkg/rpc/pb/model_http_firewall_policy.pb.go b/pkg/rpc/pb/model_http_firewall_policy.pb.go
index 32eec9c..1fd3b0a 100644
--- a/pkg/rpc/pb/model_http_firewall_policy.pb.go
+++ b/pkg/rpc/pb/model_http_firewall_policy.pb.go
@@ -30,9 +30,12 @@ type HTTPFirewallPolicy struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	Id   int64  `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"`
-	Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
-	IsOn bool   `protobuf:"varint,3,opt,name=isOn,proto3" json:"isOn,omitempty"`
+	Id           int64  `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"`
+	Name         string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
+	IsOn         bool   `protobuf:"varint,3,opt,name=isOn,proto3" json:"isOn,omitempty"`
+	Description  string `protobuf:"bytes,4,opt,name=description,proto3" json:"description,omitempty"`
+	InboundJSON  []byte `protobuf:"bytes,5,opt,name=inboundJSON,proto3" json:"inboundJSON,omitempty"`
+	OutboundJSON []byte `protobuf:"bytes,6,opt,name=outboundJSON,proto3" json:"outboundJSON,omitempty"`
 }
 
 func (x *HTTPFirewallPolicy) Reset() {
@@ -88,18 +91,45 @@ func (x *HTTPFirewallPolicy) GetIsOn() bool {
 	return false
 }
 
+func (x *HTTPFirewallPolicy) GetDescription() string {
+	if x != nil {
+		return x.Description
+	}
+	return ""
+}
+
+func (x *HTTPFirewallPolicy) GetInboundJSON() []byte {
+	if x != nil {
+		return x.InboundJSON
+	}
+	return nil
+}
+
+func (x *HTTPFirewallPolicy) GetOutboundJSON() []byte {
+	if x != nil {
+		return x.OutboundJSON
+	}
+	return nil
+}
+
 var File_model_http_firewall_policy_proto protoreflect.FileDescriptor
 
 var file_model_http_firewall_policy_proto_rawDesc = []byte{
 	0x0a, 0x20, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x5f, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x66, 0x69, 0x72,
 	0x65, 0x77, 0x61, 0x6c, 0x6c, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x12, 0x02, 0x70, 0x62, 0x22, 0x4c, 0x0a, 0x12, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69,
-	0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x0e, 0x0a, 0x02,
-	0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x02, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04,
-	0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65,
-	0x12, 0x12, 0x0a, 0x04, 0x69, 0x73, 0x4f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x04,
-	0x69, 0x73, 0x4f, 0x6e, 0x42, 0x06, 0x5a, 0x04, 0x2e, 0x2f, 0x70, 0x62, 0x62, 0x06, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x33,
+	0x74, 0x6f, 0x12, 0x02, 0x70, 0x62, 0x22, 0xb4, 0x01, 0x0a, 0x12, 0x48, 0x54, 0x54, 0x50, 0x46,
+	0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x0e, 0x0a,
+	0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x02, 0x69, 0x64, 0x12, 0x12, 0x0a,
+	0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d,
+	0x65, 0x12, 0x12, 0x0a, 0x04, 0x69, 0x73, 0x4f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52,
+	0x04, 0x69, 0x73, 0x4f, 0x6e, 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70,
+	0x74, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x63,
+	0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x20, 0x0a, 0x0b, 0x69, 0x6e, 0x62, 0x6f, 0x75,
+	0x6e, 0x64, 0x4a, 0x53, 0x4f, 0x4e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0b, 0x69, 0x6e,
+	0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4a, 0x53, 0x4f, 0x4e, 0x12, 0x22, 0x0a, 0x0c, 0x6f, 0x75, 0x74,
+	0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4a, 0x53, 0x4f, 0x4e, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0c, 0x52,
+	0x0c, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4a, 0x53, 0x4f, 0x4e, 0x42, 0x06, 0x5a,
+	0x04, 0x2e, 0x2f, 0x70, 0x62, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
diff --git a/pkg/rpc/pb/service_http_firewall_policy.pb.go b/pkg/rpc/pb/service_http_firewall_policy.pb.go
index 8f34d5e..49f9800 100644
--- a/pkg/rpc/pb/service_http_firewall_policy.pb.go
+++ b/pkg/rpc/pb/service_http_firewall_policy.pb.go
@@ -115,6 +115,632 @@ func (x *FindAllEnabledHTTPFirewallPoliciesResponse) GetFirewallPolicies() []*HT
 	return nil
 }
 
+// 创建防火墙策略
+type CreateHTTPFirewallPolicyRequest struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	IsOn               bool     `protobuf:"varint,1,opt,name=isOn,proto3" json:"isOn,omitempty"`
+	Name               string   `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
+	Description        string   `protobuf:"bytes,3,opt,name=description,proto3" json:"description,omitempty"`
+	FirewallGroupCodes []string `protobuf:"bytes,4,rep,name=firewallGroupCodes,proto3" json:"firewallGroupCodes,omitempty"`
+}
+
+func (x *CreateHTTPFirewallPolicyRequest) Reset() {
+	*x = CreateHTTPFirewallPolicyRequest{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_service_http_firewall_policy_proto_msgTypes[2]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *CreateHTTPFirewallPolicyRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*CreateHTTPFirewallPolicyRequest) ProtoMessage() {}
+
+func (x *CreateHTTPFirewallPolicyRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_service_http_firewall_policy_proto_msgTypes[2]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use CreateHTTPFirewallPolicyRequest.ProtoReflect.Descriptor instead.
+func (*CreateHTTPFirewallPolicyRequest) Descriptor() ([]byte, []int) {
+	return file_service_http_firewall_policy_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *CreateHTTPFirewallPolicyRequest) GetIsOn() bool {
+	if x != nil {
+		return x.IsOn
+	}
+	return false
+}
+
+func (x *CreateHTTPFirewallPolicyRequest) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *CreateHTTPFirewallPolicyRequest) GetDescription() string {
+	if x != nil {
+		return x.Description
+	}
+	return ""
+}
+
+func (x *CreateHTTPFirewallPolicyRequest) GetFirewallGroupCodes() []string {
+	if x != nil {
+		return x.FirewallGroupCodes
+	}
+	return nil
+}
+
+type CreateHTTPFirewallPolicyResponse struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	FirewallPolicyId int64 `protobuf:"varint,1,opt,name=firewallPolicyId,proto3" json:"firewallPolicyId,omitempty"`
+}
+
+func (x *CreateHTTPFirewallPolicyResponse) Reset() {
+	*x = CreateHTTPFirewallPolicyResponse{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_service_http_firewall_policy_proto_msgTypes[3]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *CreateHTTPFirewallPolicyResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*CreateHTTPFirewallPolicyResponse) ProtoMessage() {}
+
+func (x *CreateHTTPFirewallPolicyResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_service_http_firewall_policy_proto_msgTypes[3]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use CreateHTTPFirewallPolicyResponse.ProtoReflect.Descriptor instead.
+func (*CreateHTTPFirewallPolicyResponse) Descriptor() ([]byte, []int) {
+	return file_service_http_firewall_policy_proto_rawDescGZIP(), []int{3}
+}
+
+func (x *CreateHTTPFirewallPolicyResponse) GetFirewallPolicyId() int64 {
+	if x != nil {
+		return x.FirewallPolicyId
+	}
+	return 0
+}
+
+// 修改防火墙策略
+type UpdateHTTPFirewallPolicyRequest struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	FirewallPolicyId   int64    `protobuf:"varint,1,opt,name=firewallPolicyId,proto3" json:"firewallPolicyId,omitempty"`
+	IsOn               bool     `protobuf:"varint,2,opt,name=isOn,proto3" json:"isOn,omitempty"`
+	Name               string   `protobuf:"bytes,3,opt,name=name,proto3" json:"name,omitempty"`
+	Description        string   `protobuf:"bytes,4,opt,name=description,proto3" json:"description,omitempty"`
+	FirewallGroupCodes []string `protobuf:"bytes,5,rep,name=firewallGroupCodes,proto3" json:"firewallGroupCodes,omitempty"`
+}
+
+func (x *UpdateHTTPFirewallPolicyRequest) Reset() {
+	*x = UpdateHTTPFirewallPolicyRequest{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_service_http_firewall_policy_proto_msgTypes[4]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *UpdateHTTPFirewallPolicyRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*UpdateHTTPFirewallPolicyRequest) ProtoMessage() {}
+
+func (x *UpdateHTTPFirewallPolicyRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_service_http_firewall_policy_proto_msgTypes[4]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use UpdateHTTPFirewallPolicyRequest.ProtoReflect.Descriptor instead.
+func (*UpdateHTTPFirewallPolicyRequest) Descriptor() ([]byte, []int) {
+	return file_service_http_firewall_policy_proto_rawDescGZIP(), []int{4}
+}
+
+func (x *UpdateHTTPFirewallPolicyRequest) GetFirewallPolicyId() int64 {
+	if x != nil {
+		return x.FirewallPolicyId
+	}
+	return 0
+}
+
+func (x *UpdateHTTPFirewallPolicyRequest) GetIsOn() bool {
+	if x != nil {
+		return x.IsOn
+	}
+	return false
+}
+
+func (x *UpdateHTTPFirewallPolicyRequest) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *UpdateHTTPFirewallPolicyRequest) GetDescription() string {
+	if x != nil {
+		return x.Description
+	}
+	return ""
+}
+
+func (x *UpdateHTTPFirewallPolicyRequest) GetFirewallGroupCodes() []string {
+	if x != nil {
+		return x.FirewallGroupCodes
+	}
+	return nil
+}
+
+// 计算可用的防火墙策略数量
+type CountAllEnabledFirewallPoliciesRequest struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+}
+
+func (x *CountAllEnabledFirewallPoliciesRequest) Reset() {
+	*x = CountAllEnabledFirewallPoliciesRequest{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_service_http_firewall_policy_proto_msgTypes[5]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *CountAllEnabledFirewallPoliciesRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*CountAllEnabledFirewallPoliciesRequest) ProtoMessage() {}
+
+func (x *CountAllEnabledFirewallPoliciesRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_service_http_firewall_policy_proto_msgTypes[5]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use CountAllEnabledFirewallPoliciesRequest.ProtoReflect.Descriptor instead.
+func (*CountAllEnabledFirewallPoliciesRequest) Descriptor() ([]byte, []int) {
+	return file_service_http_firewall_policy_proto_rawDescGZIP(), []int{5}
+}
+
+type CountAllEnabledFirewallPoliciesResponse struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Count int64 `protobuf:"varint,1,opt,name=count,proto3" json:"count,omitempty"`
+}
+
+func (x *CountAllEnabledFirewallPoliciesResponse) Reset() {
+	*x = CountAllEnabledFirewallPoliciesResponse{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_service_http_firewall_policy_proto_msgTypes[6]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *CountAllEnabledFirewallPoliciesResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*CountAllEnabledFirewallPoliciesResponse) ProtoMessage() {}
+
+func (x *CountAllEnabledFirewallPoliciesResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_service_http_firewall_policy_proto_msgTypes[6]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use CountAllEnabledFirewallPoliciesResponse.ProtoReflect.Descriptor instead.
+func (*CountAllEnabledFirewallPoliciesResponse) Descriptor() ([]byte, []int) {
+	return file_service_http_firewall_policy_proto_rawDescGZIP(), []int{6}
+}
+
+func (x *CountAllEnabledFirewallPoliciesResponse) GetCount() int64 {
+	if x != nil {
+		return x.Count
+	}
+	return 0
+}
+
+// 列出单页的防火墙策略
+type ListEnabledFirewallPoliciesRequest struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Offset int64 `protobuf:"varint,1,opt,name=offset,proto3" json:"offset,omitempty"`
+	Size   int64 `protobuf:"varint,2,opt,name=size,proto3" json:"size,omitempty"`
+}
+
+func (x *ListEnabledFirewallPoliciesRequest) Reset() {
+	*x = ListEnabledFirewallPoliciesRequest{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_service_http_firewall_policy_proto_msgTypes[7]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ListEnabledFirewallPoliciesRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ListEnabledFirewallPoliciesRequest) ProtoMessage() {}
+
+func (x *ListEnabledFirewallPoliciesRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_service_http_firewall_policy_proto_msgTypes[7]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ListEnabledFirewallPoliciesRequest.ProtoReflect.Descriptor instead.
+func (*ListEnabledFirewallPoliciesRequest) Descriptor() ([]byte, []int) {
+	return file_service_http_firewall_policy_proto_rawDescGZIP(), []int{7}
+}
+
+func (x *ListEnabledFirewallPoliciesRequest) GetOffset() int64 {
+	if x != nil {
+		return x.Offset
+	}
+	return 0
+}
+
+func (x *ListEnabledFirewallPoliciesRequest) GetSize() int64 {
+	if x != nil {
+		return x.Size
+	}
+	return 0
+}
+
+type ListEnabledFirewallPoliciesResponse struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	FirewallPolicies []*HTTPFirewallPolicy `protobuf:"bytes,1,rep,name=firewallPolicies,proto3" json:"firewallPolicies,omitempty"`
+}
+
+func (x *ListEnabledFirewallPoliciesResponse) Reset() {
+	*x = ListEnabledFirewallPoliciesResponse{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_service_http_firewall_policy_proto_msgTypes[8]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ListEnabledFirewallPoliciesResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ListEnabledFirewallPoliciesResponse) ProtoMessage() {}
+
+func (x *ListEnabledFirewallPoliciesResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_service_http_firewall_policy_proto_msgTypes[8]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ListEnabledFirewallPoliciesResponse.ProtoReflect.Descriptor instead.
+func (*ListEnabledFirewallPoliciesResponse) Descriptor() ([]byte, []int) {
+	return file_service_http_firewall_policy_proto_rawDescGZIP(), []int{8}
+}
+
+func (x *ListEnabledFirewallPoliciesResponse) GetFirewallPolicies() []*HTTPFirewallPolicy {
+	if x != nil {
+		return x.FirewallPolicies
+	}
+	return nil
+}
+
+// 删除某个防火墙策略
+type DeleteFirewallPolicyRequest struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	FirewallPolicyId int64 `protobuf:"varint,1,opt,name=firewallPolicyId,proto3" json:"firewallPolicyId,omitempty"`
+}
+
+func (x *DeleteFirewallPolicyRequest) Reset() {
+	*x = DeleteFirewallPolicyRequest{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_service_http_firewall_policy_proto_msgTypes[9]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *DeleteFirewallPolicyRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*DeleteFirewallPolicyRequest) ProtoMessage() {}
+
+func (x *DeleteFirewallPolicyRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_service_http_firewall_policy_proto_msgTypes[9]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use DeleteFirewallPolicyRequest.ProtoReflect.Descriptor instead.
+func (*DeleteFirewallPolicyRequest) Descriptor() ([]byte, []int) {
+	return file_service_http_firewall_policy_proto_rawDescGZIP(), []int{9}
+}
+
+func (x *DeleteFirewallPolicyRequest) GetFirewallPolicyId() int64 {
+	if x != nil {
+		return x.FirewallPolicyId
+	}
+	return 0
+}
+
+// 查找单个防火墙配置
+type FindEnabledFirewallPolicyConfigRequest struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	FirewallPolicyId int64 `protobuf:"varint,1,opt,name=firewallPolicyId,proto3" json:"firewallPolicyId,omitempty"`
+}
+
+func (x *FindEnabledFirewallPolicyConfigRequest) Reset() {
+	*x = FindEnabledFirewallPolicyConfigRequest{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_service_http_firewall_policy_proto_msgTypes[10]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *FindEnabledFirewallPolicyConfigRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*FindEnabledFirewallPolicyConfigRequest) ProtoMessage() {}
+
+func (x *FindEnabledFirewallPolicyConfigRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_service_http_firewall_policy_proto_msgTypes[10]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use FindEnabledFirewallPolicyConfigRequest.ProtoReflect.Descriptor instead.
+func (*FindEnabledFirewallPolicyConfigRequest) Descriptor() ([]byte, []int) {
+	return file_service_http_firewall_policy_proto_rawDescGZIP(), []int{10}
+}
+
+func (x *FindEnabledFirewallPolicyConfigRequest) GetFirewallPolicyId() int64 {
+	if x != nil {
+		return x.FirewallPolicyId
+	}
+	return 0
+}
+
+type FindEnabledFirewallPolicyConfigResponse struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	FirewallPolicyJSON []byte `protobuf:"bytes,1,opt,name=firewallPolicyJSON,proto3" json:"firewallPolicyJSON,omitempty"`
+}
+
+func (x *FindEnabledFirewallPolicyConfigResponse) Reset() {
+	*x = FindEnabledFirewallPolicyConfigResponse{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_service_http_firewall_policy_proto_msgTypes[11]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *FindEnabledFirewallPolicyConfigResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*FindEnabledFirewallPolicyConfigResponse) ProtoMessage() {}
+
+func (x *FindEnabledFirewallPolicyConfigResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_service_http_firewall_policy_proto_msgTypes[11]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use FindEnabledFirewallPolicyConfigResponse.ProtoReflect.Descriptor instead.
+func (*FindEnabledFirewallPolicyConfigResponse) Descriptor() ([]byte, []int) {
+	return file_service_http_firewall_policy_proto_rawDescGZIP(), []int{11}
+}
+
+func (x *FindEnabledFirewallPolicyConfigResponse) GetFirewallPolicyJSON() []byte {
+	if x != nil {
+		return x.FirewallPolicyJSON
+	}
+	return nil
+}
+
+// 获取防火墙的基本信息
+type FindEnabledFirewallPolicyRequest struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	FirewallPolicyId int64 `protobuf:"varint,1,opt,name=firewallPolicyId,proto3" json:"firewallPolicyId,omitempty"`
+}
+
+func (x *FindEnabledFirewallPolicyRequest) Reset() {
+	*x = FindEnabledFirewallPolicyRequest{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_service_http_firewall_policy_proto_msgTypes[12]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *FindEnabledFirewallPolicyRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*FindEnabledFirewallPolicyRequest) ProtoMessage() {}
+
+func (x *FindEnabledFirewallPolicyRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_service_http_firewall_policy_proto_msgTypes[12]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use FindEnabledFirewallPolicyRequest.ProtoReflect.Descriptor instead.
+func (*FindEnabledFirewallPolicyRequest) Descriptor() ([]byte, []int) {
+	return file_service_http_firewall_policy_proto_rawDescGZIP(), []int{12}
+}
+
+func (x *FindEnabledFirewallPolicyRequest) GetFirewallPolicyId() int64 {
+	if x != nil {
+		return x.FirewallPolicyId
+	}
+	return 0
+}
+
+type FindEnabledFirewallPolicyResponse struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	FirewallPolicy *HTTPFirewallPolicy `protobuf:"bytes,1,opt,name=firewallPolicy,proto3" json:"firewallPolicy,omitempty"`
+}
+
+func (x *FindEnabledFirewallPolicyResponse) Reset() {
+	*x = FindEnabledFirewallPolicyResponse{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_service_http_firewall_policy_proto_msgTypes[13]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *FindEnabledFirewallPolicyResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*FindEnabledFirewallPolicyResponse) ProtoMessage() {}
+
+func (x *FindEnabledFirewallPolicyResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_service_http_firewall_policy_proto_msgTypes[13]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use FindEnabledFirewallPolicyResponse.ProtoReflect.Descriptor instead.
+func (*FindEnabledFirewallPolicyResponse) Descriptor() ([]byte, []int) {
+	return file_service_http_firewall_policy_proto_rawDescGZIP(), []int{13}
+}
+
+func (x *FindEnabledFirewallPolicyResponse) GetFirewallPolicy() *HTTPFirewallPolicy {
+	if x != nil {
+		return x.FirewallPolicy
+	}
+	return nil
+}
+
 var File_service_http_firewall_policy_proto protoreflect.FileDescriptor
 
 var file_service_http_firewall_policy_proto_rawDesc = []byte{
@@ -122,28 +748,149 @@ var file_service_http_firewall_policy_proto_rawDesc = []byte{
 	0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x70,
 	0x72, 0x6f, 0x74, 0x6f, 0x12, 0x02, 0x70, 0x62, 0x1a, 0x20, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x5f,
 	0x68, 0x74, 0x74, 0x70, 0x5f, 0x66, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x5f, 0x70, 0x6f,
-	0x6c, 0x69, 0x63, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x2b, 0x0a, 0x29, 0x46, 0x69,
-	0x6e, 0x64, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x48, 0x54, 0x54, 0x50,
-	0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73,
-	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x70, 0x0a, 0x2a, 0x46, 0x69, 0x6e, 0x64, 0x41,
-	0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x72,
-	0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x52, 0x65, 0x73,
-	0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x42, 0x0a, 0x10, 0x66, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c,
-	0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32,
-	0x16, 0x2e, 0x70, 0x62, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c,
-	0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x10, 0x66, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c,
-	0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x32, 0xa1, 0x01, 0x0a, 0x19, 0x48, 0x54,
-	0x54, 0x50, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79,
-	0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x83, 0x01, 0x0a, 0x22, 0x66, 0x69, 0x6e, 0x64,
-	0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69,
-	0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x12, 0x2d,
-	0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c,
-	0x65, 0x64, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f,
-	0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2e, 0x2e,
-	0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65,
-	0x64, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c,
-	0x69, 0x63, 0x69, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x06, 0x5a,
-	0x04, 0x2e, 0x2f, 0x70, 0x62, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x6c, 0x69, 0x63, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x12, 0x72, 0x70, 0x63, 0x5f,
+	0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x2b,
+	0x0a, 0x29, 0x46, 0x69, 0x6e, 0x64, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64,
+	0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69,
+	0x63, 0x69, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x70, 0x0a, 0x2a, 0x46,
+	0x69, 0x6e, 0x64, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x48, 0x54, 0x54,
+	0x50, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65,
+	0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x42, 0x0a, 0x10, 0x66, 0x69, 0x72,
+	0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x18, 0x01, 0x20,
+	0x03, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x70, 0x62, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x72,
+	0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x10, 0x66, 0x69, 0x72,
+	0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x22, 0x9b, 0x01,
+	0x0a, 0x1f, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x72, 0x65,
+	0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
+	0x74, 0x12, 0x12, 0x0a, 0x04, 0x69, 0x73, 0x4f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52,
+	0x04, 0x69, 0x73, 0x4f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73,
+	0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b,
+	0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x2e, 0x0a, 0x12, 0x66,
+	0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f, 0x64, 0x65,
+	0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x12, 0x66, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c,
+	0x6c, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f, 0x64, 0x65, 0x73, 0x22, 0x4e, 0x0a, 0x20, 0x43,
+	0x72, 0x65, 0x61, 0x74, 0x65, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c,
+	0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12,
+	0x2a, 0x0a, 0x10, 0x66, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63,
+	0x79, 0x49, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x10, 0x66, 0x69, 0x72, 0x65, 0x77,
+	0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49, 0x64, 0x22, 0xc7, 0x01, 0x0a, 0x1f,
+	0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61,
+	0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12,
+	0x2a, 0x0a, 0x10, 0x66, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63,
+	0x79, 0x49, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x10, 0x66, 0x69, 0x72, 0x65, 0x77,
+	0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x69,
+	0x73, 0x4f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x04, 0x69, 0x73, 0x4f, 0x6e, 0x12,
+	0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e,
+	0x61, 0x6d, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69,
+	0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69,
+	0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x2e, 0x0a, 0x12, 0x66, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c,
+	0x6c, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x43, 0x6f, 0x64, 0x65, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28,
+	0x09, 0x52, 0x12, 0x66, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x47, 0x72, 0x6f, 0x75, 0x70,
+	0x43, 0x6f, 0x64, 0x65, 0x73, 0x22, 0x28, 0x0a, 0x26, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c,
+	0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c,
+	0x50, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22,
+	0x3f, 0x0a, 0x27, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c,
+	0x65, 0x64, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x69,
+	0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x63, 0x6f,
+	0x75, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x05, 0x63, 0x6f, 0x75, 0x6e, 0x74,
+	0x22, 0x50, 0x0a, 0x22, 0x4c, 0x69, 0x73, 0x74, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x46,
+	0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x52,
+	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, 0x74,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, 0x74, 0x12, 0x12,
+	0x0a, 0x04, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x04, 0x73, 0x69,
+	0x7a, 0x65, 0x22, 0x69, 0x0a, 0x23, 0x4c, 0x69, 0x73, 0x74, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65,
+	0x64, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65,
+	0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x42, 0x0a, 0x10, 0x66, 0x69, 0x72,
+	0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x18, 0x01, 0x20,
+	0x03, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x70, 0x62, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x72,
+	0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x10, 0x66, 0x69, 0x72,
+	0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x22, 0x49, 0x0a,
+	0x1b, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50,
+	0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x2a, 0x0a, 0x10,
+	0x66, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49, 0x64,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x10, 0x66, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c,
+	0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49, 0x64, 0x22, 0x54, 0x0a, 0x26, 0x46, 0x69, 0x6e, 0x64,
+	0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50,
+	0x6f, 0x6c, 0x69, 0x63, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65,
+	0x73, 0x74, 0x12, 0x2a, 0x0a, 0x10, 0x66, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f,
+	0x6c, 0x69, 0x63, 0x79, 0x49, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x10, 0x66, 0x69,
+	0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49, 0x64, 0x22, 0x59,
+	0x0a, 0x27, 0x46, 0x69, 0x6e, 0x64, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x46, 0x69, 0x72,
+	0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69,
+	0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x2e, 0x0a, 0x12, 0x66, 0x69, 0x72,
+	0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4a, 0x53, 0x4f, 0x4e, 0x18,
+	0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x12, 0x66, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50,
+	0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4a, 0x53, 0x4f, 0x4e, 0x22, 0x4e, 0x0a, 0x20, 0x46, 0x69, 0x6e,
+	0x64, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c,
+	0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x2a, 0x0a,
+	0x10, 0x66, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49,
+	0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x10, 0x66, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c,
+	0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49, 0x64, 0x22, 0x63, 0x0a, 0x21, 0x46, 0x69, 0x6e,
+	0x64, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c,
+	0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x3e,
+	0x0a, 0x0e, 0x66, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x70, 0x62, 0x2e, 0x48, 0x54, 0x54, 0x50,
+	0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x0e,
+	0x66, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x32, 0x80,
+	0x07, 0x0a, 0x19, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50,
+	0x6f, 0x6c, 0x69, 0x63, 0x79, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x83, 0x01, 0x0a,
+	0x22, 0x66, 0x69, 0x6e, 0x64, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x48,
+	0x54, 0x54, 0x50, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63,
+	0x69, 0x65, 0x73, 0x12, 0x2d, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x41, 0x6c, 0x6c,
+	0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x72, 0x65, 0x77,
+	0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65,
+	0x73, 0x74, 0x1a, 0x2e, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x41, 0x6c, 0x6c, 0x45,
+	0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61,
+	0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
+	0x73, 0x65, 0x12, 0x65, 0x0a, 0x18, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x48, 0x54, 0x54, 0x50,
+	0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x23,
+	0x2e, 0x70, 0x62, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69,
+	0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x65, 0x71, 0x75,
+	0x65, 0x73, 0x74, 0x1a, 0x24, 0x2e, 0x70, 0x62, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x48,
+	0x54, 0x54, 0x50, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63,
+	0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x55, 0x0a, 0x18, 0x75, 0x70, 0x64,
+	0x61, 0x74, 0x65, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50,
+	0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x23, 0x2e, 0x70, 0x62, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74,
+	0x65, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c,
+	0x69, 0x63, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x70, 0x62, 0x2e,
+	0x52, 0x50, 0x43, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73,
+	0x12, 0x7a, 0x0a, 0x1f, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62,
+	0x6c, 0x65, 0x64, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63,
+	0x69, 0x65, 0x73, 0x12, 0x2a, 0x2e, 0x70, 0x62, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c,
+	0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c,
+	0x50, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
+	0x2b, 0x2e, 0x70, 0x62, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61,
+	0x62, 0x6c, 0x65, 0x64, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69,
+	0x63, 0x69, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x6e, 0x0a, 0x1b,
+	0x6c, 0x69, 0x73, 0x74, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x46, 0x69, 0x72, 0x65, 0x77,
+	0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x12, 0x26, 0x2e, 0x70, 0x62,
+	0x2e, 0x4c, 0x69, 0x73, 0x74, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x46, 0x69, 0x72, 0x65,
+	0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75,
+	0x65, 0x73, 0x74, 0x1a, 0x27, 0x2e, 0x70, 0x62, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x45, 0x6e, 0x61,
+	0x62, 0x6c, 0x65, 0x64, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69,
+	0x63, 0x69, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x4d, 0x0a, 0x14,
+	0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f,
+	0x6c, 0x69, 0x63, 0x79, 0x12, 0x1f, 0x2e, 0x70, 0x62, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65,
+	0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x65,
+	0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x44, 0x65,
+	0x6c, 0x65, 0x74, 0x65, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x7a, 0x0a, 0x1f, 0x66,
+	0x69, 0x6e, 0x64, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61,
+	0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x2a,
+	0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x46,
+	0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x43, 0x6f, 0x6e,
+	0x66, 0x69, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2b, 0x2e, 0x70, 0x62, 0x2e,
+	0x46, 0x69, 0x6e, 0x64, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x46, 0x69, 0x72, 0x65, 0x77,
+	0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52,
+	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x68, 0x0a, 0x19, 0x66, 0x69, 0x6e, 0x64, 0x45,
+	0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f,
+	0x6c, 0x69, 0x63, 0x79, 0x12, 0x24, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x45, 0x6e,
+	0x61, 0x62, 0x6c, 0x65, 0x64, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c,
+	0x69, 0x63, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x25, 0x2e, 0x70, 0x62, 0x2e,
+	0x46, 0x69, 0x6e, 0x64, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x46, 0x69, 0x72, 0x65, 0x77,
+	0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
+	0x65, 0x42, 0x06, 0x5a, 0x04, 0x2e, 0x2f, 0x70, 0x62, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x33,
 }
 
 var (
@@ -158,21 +905,51 @@ func file_service_http_firewall_policy_proto_rawDescGZIP() []byte {
 	return file_service_http_firewall_policy_proto_rawDescData
 }
 
-var file_service_http_firewall_policy_proto_msgTypes = make([]protoimpl.MessageInfo, 2)
+var file_service_http_firewall_policy_proto_msgTypes = make([]protoimpl.MessageInfo, 14)
 var file_service_http_firewall_policy_proto_goTypes = []interface{}{
 	(*FindAllEnabledHTTPFirewallPoliciesRequest)(nil),  // 0: pb.FindAllEnabledHTTPFirewallPoliciesRequest
 	(*FindAllEnabledHTTPFirewallPoliciesResponse)(nil), // 1: pb.FindAllEnabledHTTPFirewallPoliciesResponse
-	(*HTTPFirewallPolicy)(nil),                         // 2: pb.HTTPFirewallPolicy
+	(*CreateHTTPFirewallPolicyRequest)(nil),            // 2: pb.CreateHTTPFirewallPolicyRequest
+	(*CreateHTTPFirewallPolicyResponse)(nil),           // 3: pb.CreateHTTPFirewallPolicyResponse
+	(*UpdateHTTPFirewallPolicyRequest)(nil),            // 4: pb.UpdateHTTPFirewallPolicyRequest
+	(*CountAllEnabledFirewallPoliciesRequest)(nil),     // 5: pb.CountAllEnabledFirewallPoliciesRequest
+	(*CountAllEnabledFirewallPoliciesResponse)(nil),    // 6: pb.CountAllEnabledFirewallPoliciesResponse
+	(*ListEnabledFirewallPoliciesRequest)(nil),         // 7: pb.ListEnabledFirewallPoliciesRequest
+	(*ListEnabledFirewallPoliciesResponse)(nil),        // 8: pb.ListEnabledFirewallPoliciesResponse
+	(*DeleteFirewallPolicyRequest)(nil),                // 9: pb.DeleteFirewallPolicyRequest
+	(*FindEnabledFirewallPolicyConfigRequest)(nil),     // 10: pb.FindEnabledFirewallPolicyConfigRequest
+	(*FindEnabledFirewallPolicyConfigResponse)(nil),    // 11: pb.FindEnabledFirewallPolicyConfigResponse
+	(*FindEnabledFirewallPolicyRequest)(nil),           // 12: pb.FindEnabledFirewallPolicyRequest
+	(*FindEnabledFirewallPolicyResponse)(nil),          // 13: pb.FindEnabledFirewallPolicyResponse
+	(*HTTPFirewallPolicy)(nil),                         // 14: pb.HTTPFirewallPolicy
+	(*RPCUpdateSuccess)(nil),                           // 15: pb.RPCUpdateSuccess
+	(*RPCDeleteSuccess)(nil),                           // 16: pb.RPCDeleteSuccess
 }
 var file_service_http_firewall_policy_proto_depIdxs = []int32{
-	2, // 0: pb.FindAllEnabledHTTPFirewallPoliciesResponse.firewallPolicies:type_name -> pb.HTTPFirewallPolicy
-	0, // 1: pb.HTTPFirewallPolicyService.findAllEnabledHTTPFirewallPolicies:input_type -> pb.FindAllEnabledHTTPFirewallPoliciesRequest
-	1, // 2: pb.HTTPFirewallPolicyService.findAllEnabledHTTPFirewallPolicies:output_type -> pb.FindAllEnabledHTTPFirewallPoliciesResponse
-	2, // [2:3] is the sub-list for method output_type
-	1, // [1:2] is the sub-list for method input_type
-	1, // [1:1] is the sub-list for extension type_name
-	1, // [1:1] is the sub-list for extension extendee
-	0, // [0:1] is the sub-list for field type_name
+	14, // 0: pb.FindAllEnabledHTTPFirewallPoliciesResponse.firewallPolicies:type_name -> pb.HTTPFirewallPolicy
+	14, // 1: pb.ListEnabledFirewallPoliciesResponse.firewallPolicies:type_name -> pb.HTTPFirewallPolicy
+	14, // 2: pb.FindEnabledFirewallPolicyResponse.firewallPolicy:type_name -> pb.HTTPFirewallPolicy
+	0,  // 3: pb.HTTPFirewallPolicyService.findAllEnabledHTTPFirewallPolicies:input_type -> pb.FindAllEnabledHTTPFirewallPoliciesRequest
+	2,  // 4: pb.HTTPFirewallPolicyService.createHTTPFirewallPolicy:input_type -> pb.CreateHTTPFirewallPolicyRequest
+	4,  // 5: pb.HTTPFirewallPolicyService.updateHTTPFirewallPolicy:input_type -> pb.UpdateHTTPFirewallPolicyRequest
+	5,  // 6: pb.HTTPFirewallPolicyService.countAllEnabledFirewallPolicies:input_type -> pb.CountAllEnabledFirewallPoliciesRequest
+	7,  // 7: pb.HTTPFirewallPolicyService.listEnabledFirewallPolicies:input_type -> pb.ListEnabledFirewallPoliciesRequest
+	9,  // 8: pb.HTTPFirewallPolicyService.deleteFirewallPolicy:input_type -> pb.DeleteFirewallPolicyRequest
+	10, // 9: pb.HTTPFirewallPolicyService.findEnabledFirewallPolicyConfig:input_type -> pb.FindEnabledFirewallPolicyConfigRequest
+	12, // 10: pb.HTTPFirewallPolicyService.findEnabledFirewallPolicy:input_type -> pb.FindEnabledFirewallPolicyRequest
+	1,  // 11: pb.HTTPFirewallPolicyService.findAllEnabledHTTPFirewallPolicies:output_type -> pb.FindAllEnabledHTTPFirewallPoliciesResponse
+	3,  // 12: pb.HTTPFirewallPolicyService.createHTTPFirewallPolicy:output_type -> pb.CreateHTTPFirewallPolicyResponse
+	15, // 13: pb.HTTPFirewallPolicyService.updateHTTPFirewallPolicy:output_type -> pb.RPCUpdateSuccess
+	6,  // 14: pb.HTTPFirewallPolicyService.countAllEnabledFirewallPolicies:output_type -> pb.CountAllEnabledFirewallPoliciesResponse
+	8,  // 15: pb.HTTPFirewallPolicyService.listEnabledFirewallPolicies:output_type -> pb.ListEnabledFirewallPoliciesResponse
+	16, // 16: pb.HTTPFirewallPolicyService.deleteFirewallPolicy:output_type -> pb.RPCDeleteSuccess
+	11, // 17: pb.HTTPFirewallPolicyService.findEnabledFirewallPolicyConfig:output_type -> pb.FindEnabledFirewallPolicyConfigResponse
+	13, // 18: pb.HTTPFirewallPolicyService.findEnabledFirewallPolicy:output_type -> pb.FindEnabledFirewallPolicyResponse
+	11, // [11:19] is the sub-list for method output_type
+	3,  // [3:11] is the sub-list for method input_type
+	3,  // [3:3] is the sub-list for extension type_name
+	3,  // [3:3] is the sub-list for extension extendee
+	0,  // [0:3] is the sub-list for field type_name
 }
 
 func init() { file_service_http_firewall_policy_proto_init() }
@@ -181,6 +958,7 @@ func file_service_http_firewall_policy_proto_init() {
 		return
 	}
 	file_model_http_firewall_policy_proto_init()
+	file_rpc_messages_proto_init()
 	if !protoimpl.UnsafeEnabled {
 		file_service_http_firewall_policy_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*FindAllEnabledHTTPFirewallPoliciesRequest); i {
@@ -206,6 +984,150 @@ func file_service_http_firewall_policy_proto_init() {
 				return nil
 			}
 		}
+		file_service_http_firewall_policy_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*CreateHTTPFirewallPolicyRequest); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_service_http_firewall_policy_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*CreateHTTPFirewallPolicyResponse); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_service_http_firewall_policy_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*UpdateHTTPFirewallPolicyRequest); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_service_http_firewall_policy_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*CountAllEnabledFirewallPoliciesRequest); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_service_http_firewall_policy_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*CountAllEnabledFirewallPoliciesResponse); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_service_http_firewall_policy_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ListEnabledFirewallPoliciesRequest); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_service_http_firewall_policy_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ListEnabledFirewallPoliciesResponse); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_service_http_firewall_policy_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*DeleteFirewallPolicyRequest); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_service_http_firewall_policy_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*FindEnabledFirewallPolicyConfigRequest); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_service_http_firewall_policy_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*FindEnabledFirewallPolicyConfigResponse); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_service_http_firewall_policy_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*FindEnabledFirewallPolicyRequest); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_service_http_firewall_policy_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*FindEnabledFirewallPolicyResponse); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
 	}
 	type x struct{}
 	out := protoimpl.TypeBuilder{
@@ -213,7 +1135,7 @@ func file_service_http_firewall_policy_proto_init() {
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
 			RawDescriptor: file_service_http_firewall_policy_proto_rawDesc,
 			NumEnums:      0,
-			NumMessages:   2,
+			NumMessages:   14,
 			NumExtensions: 0,
 			NumServices:   1,
 		},
@@ -241,6 +1163,20 @@ const _ = grpc.SupportPackageIsVersion6
 type HTTPFirewallPolicyServiceClient interface {
 	// 获取所有可用策略
 	FindAllEnabledHTTPFirewallPolicies(ctx context.Context, in *FindAllEnabledHTTPFirewallPoliciesRequest, opts ...grpc.CallOption) (*FindAllEnabledHTTPFirewallPoliciesResponse, error)
+	// 创建防火墙策略
+	CreateHTTPFirewallPolicy(ctx context.Context, in *CreateHTTPFirewallPolicyRequest, opts ...grpc.CallOption) (*CreateHTTPFirewallPolicyResponse, error)
+	// 修改防火墙策略
+	UpdateHTTPFirewallPolicy(ctx context.Context, in *UpdateHTTPFirewallPolicyRequest, opts ...grpc.CallOption) (*RPCUpdateSuccess, error)
+	// 计算可用的防火墙策略数量
+	CountAllEnabledFirewallPolicies(ctx context.Context, in *CountAllEnabledFirewallPoliciesRequest, opts ...grpc.CallOption) (*CountAllEnabledFirewallPoliciesResponse, error)
+	// 列出单页的防火墙策略
+	ListEnabledFirewallPolicies(ctx context.Context, in *ListEnabledFirewallPoliciesRequest, opts ...grpc.CallOption) (*ListEnabledFirewallPoliciesResponse, error)
+	// 删除某个防火墙策略
+	DeleteFirewallPolicy(ctx context.Context, in *DeleteFirewallPolicyRequest, opts ...grpc.CallOption) (*RPCDeleteSuccess, error)
+	// 查找单个防火墙配置
+	FindEnabledFirewallPolicyConfig(ctx context.Context, in *FindEnabledFirewallPolicyConfigRequest, opts ...grpc.CallOption) (*FindEnabledFirewallPolicyConfigResponse, error)
+	// 获取防火墙的基本信息
+	FindEnabledFirewallPolicy(ctx context.Context, in *FindEnabledFirewallPolicyRequest, opts ...grpc.CallOption) (*FindEnabledFirewallPolicyResponse, error)
 }
 
 type hTTPFirewallPolicyServiceClient struct {
@@ -260,10 +1196,87 @@ func (c *hTTPFirewallPolicyServiceClient) FindAllEnabledHTTPFirewallPolicies(ctx
 	return out, nil
 }
 
+func (c *hTTPFirewallPolicyServiceClient) CreateHTTPFirewallPolicy(ctx context.Context, in *CreateHTTPFirewallPolicyRequest, opts ...grpc.CallOption) (*CreateHTTPFirewallPolicyResponse, error) {
+	out := new(CreateHTTPFirewallPolicyResponse)
+	err := c.cc.Invoke(ctx, "/pb.HTTPFirewallPolicyService/createHTTPFirewallPolicy", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *hTTPFirewallPolicyServiceClient) UpdateHTTPFirewallPolicy(ctx context.Context, in *UpdateHTTPFirewallPolicyRequest, opts ...grpc.CallOption) (*RPCUpdateSuccess, error) {
+	out := new(RPCUpdateSuccess)
+	err := c.cc.Invoke(ctx, "/pb.HTTPFirewallPolicyService/updateHTTPFirewallPolicy", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *hTTPFirewallPolicyServiceClient) CountAllEnabledFirewallPolicies(ctx context.Context, in *CountAllEnabledFirewallPoliciesRequest, opts ...grpc.CallOption) (*CountAllEnabledFirewallPoliciesResponse, error) {
+	out := new(CountAllEnabledFirewallPoliciesResponse)
+	err := c.cc.Invoke(ctx, "/pb.HTTPFirewallPolicyService/countAllEnabledFirewallPolicies", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *hTTPFirewallPolicyServiceClient) ListEnabledFirewallPolicies(ctx context.Context, in *ListEnabledFirewallPoliciesRequest, opts ...grpc.CallOption) (*ListEnabledFirewallPoliciesResponse, error) {
+	out := new(ListEnabledFirewallPoliciesResponse)
+	err := c.cc.Invoke(ctx, "/pb.HTTPFirewallPolicyService/listEnabledFirewallPolicies", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *hTTPFirewallPolicyServiceClient) DeleteFirewallPolicy(ctx context.Context, in *DeleteFirewallPolicyRequest, opts ...grpc.CallOption) (*RPCDeleteSuccess, error) {
+	out := new(RPCDeleteSuccess)
+	err := c.cc.Invoke(ctx, "/pb.HTTPFirewallPolicyService/deleteFirewallPolicy", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *hTTPFirewallPolicyServiceClient) FindEnabledFirewallPolicyConfig(ctx context.Context, in *FindEnabledFirewallPolicyConfigRequest, opts ...grpc.CallOption) (*FindEnabledFirewallPolicyConfigResponse, error) {
+	out := new(FindEnabledFirewallPolicyConfigResponse)
+	err := c.cc.Invoke(ctx, "/pb.HTTPFirewallPolicyService/findEnabledFirewallPolicyConfig", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *hTTPFirewallPolicyServiceClient) FindEnabledFirewallPolicy(ctx context.Context, in *FindEnabledFirewallPolicyRequest, opts ...grpc.CallOption) (*FindEnabledFirewallPolicyResponse, error) {
+	out := new(FindEnabledFirewallPolicyResponse)
+	err := c.cc.Invoke(ctx, "/pb.HTTPFirewallPolicyService/findEnabledFirewallPolicy", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
 // HTTPFirewallPolicyServiceServer is the server API for HTTPFirewallPolicyService service.
 type HTTPFirewallPolicyServiceServer interface {
 	// 获取所有可用策略
 	FindAllEnabledHTTPFirewallPolicies(context.Context, *FindAllEnabledHTTPFirewallPoliciesRequest) (*FindAllEnabledHTTPFirewallPoliciesResponse, error)
+	// 创建防火墙策略
+	CreateHTTPFirewallPolicy(context.Context, *CreateHTTPFirewallPolicyRequest) (*CreateHTTPFirewallPolicyResponse, error)
+	// 修改防火墙策略
+	UpdateHTTPFirewallPolicy(context.Context, *UpdateHTTPFirewallPolicyRequest) (*RPCUpdateSuccess, error)
+	// 计算可用的防火墙策略数量
+	CountAllEnabledFirewallPolicies(context.Context, *CountAllEnabledFirewallPoliciesRequest) (*CountAllEnabledFirewallPoliciesResponse, error)
+	// 列出单页的防火墙策略
+	ListEnabledFirewallPolicies(context.Context, *ListEnabledFirewallPoliciesRequest) (*ListEnabledFirewallPoliciesResponse, error)
+	// 删除某个防火墙策略
+	DeleteFirewallPolicy(context.Context, *DeleteFirewallPolicyRequest) (*RPCDeleteSuccess, error)
+	// 查找单个防火墙配置
+	FindEnabledFirewallPolicyConfig(context.Context, *FindEnabledFirewallPolicyConfigRequest) (*FindEnabledFirewallPolicyConfigResponse, error)
+	// 获取防火墙的基本信息
+	FindEnabledFirewallPolicy(context.Context, *FindEnabledFirewallPolicyRequest) (*FindEnabledFirewallPolicyResponse, error)
 }
 
 // UnimplementedHTTPFirewallPolicyServiceServer can be embedded to have forward compatible implementations.
@@ -273,6 +1286,27 @@ type UnimplementedHTTPFirewallPolicyServiceServer struct {
 func (*UnimplementedHTTPFirewallPolicyServiceServer) FindAllEnabledHTTPFirewallPolicies(context.Context, *FindAllEnabledHTTPFirewallPoliciesRequest) (*FindAllEnabledHTTPFirewallPoliciesResponse, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method FindAllEnabledHTTPFirewallPolicies not implemented")
 }
+func (*UnimplementedHTTPFirewallPolicyServiceServer) CreateHTTPFirewallPolicy(context.Context, *CreateHTTPFirewallPolicyRequest) (*CreateHTTPFirewallPolicyResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method CreateHTTPFirewallPolicy not implemented")
+}
+func (*UnimplementedHTTPFirewallPolicyServiceServer) UpdateHTTPFirewallPolicy(context.Context, *UpdateHTTPFirewallPolicyRequest) (*RPCUpdateSuccess, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method UpdateHTTPFirewallPolicy not implemented")
+}
+func (*UnimplementedHTTPFirewallPolicyServiceServer) CountAllEnabledFirewallPolicies(context.Context, *CountAllEnabledFirewallPoliciesRequest) (*CountAllEnabledFirewallPoliciesResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method CountAllEnabledFirewallPolicies not implemented")
+}
+func (*UnimplementedHTTPFirewallPolicyServiceServer) ListEnabledFirewallPolicies(context.Context, *ListEnabledFirewallPoliciesRequest) (*ListEnabledFirewallPoliciesResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method ListEnabledFirewallPolicies not implemented")
+}
+func (*UnimplementedHTTPFirewallPolicyServiceServer) DeleteFirewallPolicy(context.Context, *DeleteFirewallPolicyRequest) (*RPCDeleteSuccess, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method DeleteFirewallPolicy not implemented")
+}
+func (*UnimplementedHTTPFirewallPolicyServiceServer) FindEnabledFirewallPolicyConfig(context.Context, *FindEnabledFirewallPolicyConfigRequest) (*FindEnabledFirewallPolicyConfigResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method FindEnabledFirewallPolicyConfig not implemented")
+}
+func (*UnimplementedHTTPFirewallPolicyServiceServer) FindEnabledFirewallPolicy(context.Context, *FindEnabledFirewallPolicyRequest) (*FindEnabledFirewallPolicyResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method FindEnabledFirewallPolicy not implemented")
+}
 
 func RegisterHTTPFirewallPolicyServiceServer(s *grpc.Server, srv HTTPFirewallPolicyServiceServer) {
 	s.RegisterService(&_HTTPFirewallPolicyService_serviceDesc, srv)
@@ -296,6 +1330,132 @@ func _HTTPFirewallPolicyService_FindAllEnabledHTTPFirewallPolicies_Handler(srv i
 	return interceptor(ctx, in, info, handler)
 }
 
+func _HTTPFirewallPolicyService_CreateHTTPFirewallPolicy_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(CreateHTTPFirewallPolicyRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(HTTPFirewallPolicyServiceServer).CreateHTTPFirewallPolicy(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/pb.HTTPFirewallPolicyService/CreateHTTPFirewallPolicy",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(HTTPFirewallPolicyServiceServer).CreateHTTPFirewallPolicy(ctx, req.(*CreateHTTPFirewallPolicyRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _HTTPFirewallPolicyService_UpdateHTTPFirewallPolicy_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(UpdateHTTPFirewallPolicyRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(HTTPFirewallPolicyServiceServer).UpdateHTTPFirewallPolicy(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/pb.HTTPFirewallPolicyService/UpdateHTTPFirewallPolicy",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(HTTPFirewallPolicyServiceServer).UpdateHTTPFirewallPolicy(ctx, req.(*UpdateHTTPFirewallPolicyRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _HTTPFirewallPolicyService_CountAllEnabledFirewallPolicies_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(CountAllEnabledFirewallPoliciesRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(HTTPFirewallPolicyServiceServer).CountAllEnabledFirewallPolicies(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/pb.HTTPFirewallPolicyService/CountAllEnabledFirewallPolicies",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(HTTPFirewallPolicyServiceServer).CountAllEnabledFirewallPolicies(ctx, req.(*CountAllEnabledFirewallPoliciesRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _HTTPFirewallPolicyService_ListEnabledFirewallPolicies_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ListEnabledFirewallPoliciesRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(HTTPFirewallPolicyServiceServer).ListEnabledFirewallPolicies(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/pb.HTTPFirewallPolicyService/ListEnabledFirewallPolicies",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(HTTPFirewallPolicyServiceServer).ListEnabledFirewallPolicies(ctx, req.(*ListEnabledFirewallPoliciesRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _HTTPFirewallPolicyService_DeleteFirewallPolicy_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(DeleteFirewallPolicyRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(HTTPFirewallPolicyServiceServer).DeleteFirewallPolicy(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/pb.HTTPFirewallPolicyService/DeleteFirewallPolicy",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(HTTPFirewallPolicyServiceServer).DeleteFirewallPolicy(ctx, req.(*DeleteFirewallPolicyRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _HTTPFirewallPolicyService_FindEnabledFirewallPolicyConfig_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(FindEnabledFirewallPolicyConfigRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(HTTPFirewallPolicyServiceServer).FindEnabledFirewallPolicyConfig(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/pb.HTTPFirewallPolicyService/FindEnabledFirewallPolicyConfig",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(HTTPFirewallPolicyServiceServer).FindEnabledFirewallPolicyConfig(ctx, req.(*FindEnabledFirewallPolicyConfigRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _HTTPFirewallPolicyService_FindEnabledFirewallPolicy_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(FindEnabledFirewallPolicyRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(HTTPFirewallPolicyServiceServer).FindEnabledFirewallPolicy(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/pb.HTTPFirewallPolicyService/FindEnabledFirewallPolicy",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(HTTPFirewallPolicyServiceServer).FindEnabledFirewallPolicy(ctx, req.(*FindEnabledFirewallPolicyRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
 var _HTTPFirewallPolicyService_serviceDesc = grpc.ServiceDesc{
 	ServiceName: "pb.HTTPFirewallPolicyService",
 	HandlerType: (*HTTPFirewallPolicyServiceServer)(nil),
@@ -304,6 +1464,34 @@ var _HTTPFirewallPolicyService_serviceDesc = grpc.ServiceDesc{
 			MethodName: "findAllEnabledHTTPFirewallPolicies",
 			Handler:    _HTTPFirewallPolicyService_FindAllEnabledHTTPFirewallPolicies_Handler,
 		},
+		{
+			MethodName: "createHTTPFirewallPolicy",
+			Handler:    _HTTPFirewallPolicyService_CreateHTTPFirewallPolicy_Handler,
+		},
+		{
+			MethodName: "updateHTTPFirewallPolicy",
+			Handler:    _HTTPFirewallPolicyService_UpdateHTTPFirewallPolicy_Handler,
+		},
+		{
+			MethodName: "countAllEnabledFirewallPolicies",
+			Handler:    _HTTPFirewallPolicyService_CountAllEnabledFirewallPolicies_Handler,
+		},
+		{
+			MethodName: "listEnabledFirewallPolicies",
+			Handler:    _HTTPFirewallPolicyService_ListEnabledFirewallPolicies_Handler,
+		},
+		{
+			MethodName: "deleteFirewallPolicy",
+			Handler:    _HTTPFirewallPolicyService_DeleteFirewallPolicy_Handler,
+		},
+		{
+			MethodName: "findEnabledFirewallPolicyConfig",
+			Handler:    _HTTPFirewallPolicyService_FindEnabledFirewallPolicyConfig_Handler,
+		},
+		{
+			MethodName: "findEnabledFirewallPolicy",
+			Handler:    _HTTPFirewallPolicyService_FindEnabledFirewallPolicy_Handler,
+		},
 	},
 	Streams:  []grpc.StreamDesc{},
 	Metadata: "service_http_firewall_policy.proto",
diff --git a/pkg/rpc/pb/service_server.pb.go b/pkg/rpc/pb/service_server.pb.go
index b70bab9..a574d80 100644
--- a/pkg/rpc/pb/service_server.pb.go
+++ b/pkg/rpc/pb/service_server.pb.go
@@ -1872,6 +1872,101 @@ func (x *FindAllEnabledServersWithCachePolicyIdResponse) GetServers() []*Server
 	return nil
 }
 
+// 计算使用某个WAF策略的服务数量
+type CountAllEnabledServersWithHTTPFirewallPolicyIdRequest struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	FirewallPolicyId int64 `protobuf:"varint,1,opt,name=firewallPolicyId,proto3" json:"firewallPolicyId,omitempty"`
+}
+
+func (x *CountAllEnabledServersWithHTTPFirewallPolicyIdRequest) Reset() {
+	*x = CountAllEnabledServersWithHTTPFirewallPolicyIdRequest{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_service_server_proto_msgTypes[34]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *CountAllEnabledServersWithHTTPFirewallPolicyIdRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*CountAllEnabledServersWithHTTPFirewallPolicyIdRequest) ProtoMessage() {}
+
+func (x *CountAllEnabledServersWithHTTPFirewallPolicyIdRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_service_server_proto_msgTypes[34]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use CountAllEnabledServersWithHTTPFirewallPolicyIdRequest.ProtoReflect.Descriptor instead.
+func (*CountAllEnabledServersWithHTTPFirewallPolicyIdRequest) Descriptor() ([]byte, []int) {
+	return file_service_server_proto_rawDescGZIP(), []int{34}
+}
+
+func (x *CountAllEnabledServersWithHTTPFirewallPolicyIdRequest) GetFirewallPolicyId() int64 {
+	if x != nil {
+		return x.FirewallPolicyId
+	}
+	return 0
+}
+
+type CountAllEnabledServersWithHTTPFirewallPolicyIdResponse struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Count int64 `protobuf:"varint,1,opt,name=count,proto3" json:"count,omitempty"`
+}
+
+func (x *CountAllEnabledServersWithHTTPFirewallPolicyIdResponse) Reset() {
+	*x = CountAllEnabledServersWithHTTPFirewallPolicyIdResponse{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_service_server_proto_msgTypes[35]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *CountAllEnabledServersWithHTTPFirewallPolicyIdResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*CountAllEnabledServersWithHTTPFirewallPolicyIdResponse) ProtoMessage() {}
+
+func (x *CountAllEnabledServersWithHTTPFirewallPolicyIdResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_service_server_proto_msgTypes[35]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use CountAllEnabledServersWithHTTPFirewallPolicyIdResponse.ProtoReflect.Descriptor instead.
+func (*CountAllEnabledServersWithHTTPFirewallPolicyIdResponse) Descriptor() ([]byte, []int) {
+	return file_service_server_proto_rawDescGZIP(), []int{35}
+}
+
+func (x *CountAllEnabledServersWithHTTPFirewallPolicyIdResponse) GetCount() int64 {
+	if x != nil {
+		return x.Count
+	}
+	return 0
+}
+
 var File_service_server_proto protoreflect.FileDescriptor
 
 var file_service_server_proto_rawDesc = []byte{
@@ -2066,136 +2161,158 @@ var file_service_server_proto_rawDesc = []byte{
 	0x68, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
 	0x73, 0x65, 0x12, 0x24, 0x0a, 0x07, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20,
 	0x03, 0x28, 0x0b, 0x32, 0x0a, 0x2e, 0x70, 0x62, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52,
-	0x07, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x32, 0xfe, 0x0f, 0x0a, 0x0d, 0x53, 0x65, 0x72,
-	0x76, 0x65, 0x72, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x41, 0x0a, 0x0c, 0x63, 0x72,
-	0x65, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x12, 0x17, 0x2e, 0x70, 0x62, 0x2e,
-	0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75,
-	0x65, 0x73, 0x74, 0x1a, 0x18, 0x2e, 0x70, 0x62, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x53,
-	0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x47, 0x0a,
-	0x11, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x42, 0x61, 0x73,
-	0x69, 0x63, 0x12, 0x1c, 0x2e, 0x70, 0x62, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65,
-	0x72, 0x76, 0x65, 0x72, 0x42, 0x61, 0x73, 0x69, 0x63, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
-	0x1a, 0x14, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53,
-	0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x45, 0x0a, 0x10, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65,
-	0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x48, 0x54, 0x54, 0x50, 0x12, 0x1b, 0x2e, 0x70, 0x62, 0x2e,
-	0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x48, 0x54, 0x54, 0x50,
-	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43,
-	0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x47, 0x0a,
-	0x11, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x48, 0x54, 0x54,
-	0x50, 0x53, 0x12, 0x1c, 0x2e, 0x70, 0x62, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65,
-	0x72, 0x76, 0x65, 0x72, 0x48, 0x54, 0x54, 0x50, 0x53, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
-	0x1a, 0x14, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53,
-	0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x43, 0x0a, 0x0f, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65,
-	0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x43, 0x50, 0x12, 0x1a, 0x2e, 0x70, 0x62, 0x2e, 0x55,
-	0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x43, 0x50, 0x52, 0x65,
+	0x07, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x22, 0x63, 0x0a, 0x35, 0x43, 0x6f, 0x75, 0x6e,
+	0x74, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65,
+	0x72, 0x73, 0x57, 0x69, 0x74, 0x68, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61,
+	0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
+	0x74, 0x12, 0x2a, 0x0a, 0x10, 0x66, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c,
+	0x69, 0x63, 0x79, 0x49, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x10, 0x66, 0x69, 0x72,
+	0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49, 0x64, 0x22, 0x4e, 0x0a,
+	0x36, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64,
+	0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69, 0x74, 0x68, 0x48, 0x54, 0x54, 0x50, 0x46,
+	0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49, 0x64, 0x52,
+	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x63, 0x6f, 0x75, 0x6e, 0x74,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x05, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x32, 0xa8, 0x11,
+	0x0a, 0x0d, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12,
+	0x41, 0x0a, 0x0c, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x12,
+	0x17, 0x2e, 0x70, 0x62, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65,
+	0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x18, 0x2e, 0x70, 0x62, 0x2e, 0x43, 0x72,
+	0x65, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
+	0x73, 0x65, 0x12, 0x47, 0x0a, 0x11, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76,
+	0x65, 0x72, 0x42, 0x61, 0x73, 0x69, 0x63, 0x12, 0x1c, 0x2e, 0x70, 0x62, 0x2e, 0x55, 0x70, 0x64,
+	0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x42, 0x61, 0x73, 0x69, 0x63, 0x52, 0x65,
+	0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x55, 0x70,
+	0x64, 0x61, 0x74, 0x65, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x45, 0x0a, 0x10, 0x75,
+	0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x48, 0x54, 0x54, 0x50, 0x12,
+	0x1b, 0x2e, 0x70, 0x62, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65,
+	0x72, 0x48, 0x54, 0x54, 0x50, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x70,
+	0x62, 0x2e, 0x52, 0x50, 0x43, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x75, 0x63, 0x63, 0x65,
+	0x73, 0x73, 0x12, 0x47, 0x0a, 0x11, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76,
+	0x65, 0x72, 0x48, 0x54, 0x54, 0x50, 0x53, 0x12, 0x1c, 0x2e, 0x70, 0x62, 0x2e, 0x55, 0x70, 0x64,
+	0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x48, 0x54, 0x54, 0x50, 0x53, 0x52, 0x65,
 	0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x55, 0x70,
 	0x64, 0x61, 0x74, 0x65, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x43, 0x0a, 0x0f, 0x75,
-	0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x4c, 0x53, 0x12, 0x1a,
+	0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x43, 0x50, 0x12, 0x1a,
 	0x2e, 0x70, 0x62, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72,
-	0x54, 0x4c, 0x53, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x70, 0x62, 0x2e,
+	0x54, 0x43, 0x50, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x70, 0x62, 0x2e,
 	0x52, 0x50, 0x43, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73,
-	0x12, 0x45, 0x0a, 0x10, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72,
-	0x55, 0x6e, 0x69, 0x78, 0x12, 0x1b, 0x2e, 0x70, 0x62, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65,
-	0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x55, 0x6e, 0x69, 0x78, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
-	0x74, 0x1a, 0x14, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65,
-	0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x43, 0x0a, 0x0f, 0x75, 0x70, 0x64, 0x61, 0x74,
-	0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x55, 0x44, 0x50, 0x12, 0x1a, 0x2e, 0x70, 0x62, 0x2e,
-	0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x55, 0x44, 0x50, 0x52,
+	0x12, 0x43, 0x0a, 0x0f, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72,
+	0x54, 0x4c, 0x53, 0x12, 0x1a, 0x2e, 0x70, 0x62, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53,
+	0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x4c, 0x53, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
+	0x14, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x75,
+	0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x45, 0x0a, 0x10, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53,
+	0x65, 0x72, 0x76, 0x65, 0x72, 0x55, 0x6e, 0x69, 0x78, 0x12, 0x1b, 0x2e, 0x70, 0x62, 0x2e, 0x55,
+	0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x55, 0x6e, 0x69, 0x78, 0x52,
 	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x55,
 	0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x43, 0x0a, 0x0f,
-	0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x57, 0x65, 0x62, 0x12,
+	0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x55, 0x44, 0x50, 0x12,
 	0x1a, 0x2e, 0x70, 0x62, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65,
-	0x72, 0x57, 0x65, 0x62, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x70, 0x62,
+	0x72, 0x55, 0x44, 0x50, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x70, 0x62,
 	0x2e, 0x52, 0x50, 0x43, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73,
-	0x73, 0x12, 0x55, 0x0a, 0x18, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65,
-	0x72, 0x52, 0x65, 0x76, 0x65, 0x72, 0x73, 0x65, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x12, 0x23, 0x2e,
-	0x70, 0x62, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52,
-	0x65, 0x76, 0x65, 0x72, 0x73, 0x65, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65,
-	0x73, 0x74, 0x1a, 0x14, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x55, 0x70, 0x64, 0x61, 0x74,
-	0x65, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x47, 0x0a, 0x11, 0x75, 0x70, 0x64, 0x61,
-	0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x1c, 0x2e,
-	0x70, 0x62, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4e,
-	0x61, 0x6d, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x70, 0x62,
-	0x2e, 0x52, 0x50, 0x43, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73,
-	0x73, 0x12, 0x5f, 0x0a, 0x16, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61,
-	0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x12, 0x21, 0x2e, 0x70, 0x62,
-	0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64,
-	0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x22,
-	0x2e, 0x70, 0x62, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62,
-	0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
-	0x73, 0x65, 0x12, 0x53, 0x0a, 0x12, 0x6c, 0x69, 0x73, 0x74, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65,
-	0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x12, 0x1d, 0x2e, 0x70, 0x62, 0x2e, 0x4c, 0x69,
-	0x73, 0x74, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73,
-	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1e, 0x2e, 0x70, 0x62, 0x2e, 0x4c, 0x69, 0x73,
-	0x74, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x52,
-	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x44, 0x0a, 0x0d, 0x64, 0x69, 0x73, 0x61, 0x62,
-	0x6c, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x12, 0x18, 0x2e, 0x70, 0x62, 0x2e, 0x44, 0x69,
-	0x73, 0x61, 0x62, 0x6c, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65,
-	0x73, 0x74, 0x1a, 0x19, 0x2e, 0x70, 0x62, 0x2e, 0x44, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x53,
-	0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x50, 0x0a,
-	0x11, 0x66, 0x69, 0x6e, 0x64, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76,
-	0x65, 0x72, 0x12, 0x1c, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x45, 0x6e, 0x61, 0x62,
-	0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
-	0x1a, 0x1d, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65,
-	0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12,
-	0x5c, 0x0a, 0x15, 0x66, 0x69, 0x6e, 0x64, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65,
-	0x72, 0x76, 0x65, 0x72, 0x54, 0x79, 0x70, 0x65, 0x12, 0x20, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69,
-	0x6e, 0x64, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54,
-	0x79, 0x70, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x21, 0x2e, 0x70, 0x62, 0x2e,
-	0x46, 0x69, 0x6e, 0x64, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65,
-	0x72, 0x54, 0x79, 0x70, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x86, 0x01,
-	0x0a, 0x23, 0x66, 0x69, 0x6e, 0x64, 0x41, 0x6e, 0x64, 0x49, 0x6e, 0x69, 0x74, 0x53, 0x65, 0x72,
-	0x76, 0x65, 0x72, 0x52, 0x65, 0x76, 0x65, 0x72, 0x73, 0x65, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x43,
-	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x2e, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x41,
-	0x6e, 0x64, 0x49, 0x6e, 0x69, 0x74, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x76, 0x65,
-	0x72, 0x73, 0x65, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65,
-	0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2f, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x41,
-	0x6e, 0x64, 0x49, 0x6e, 0x69, 0x74, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x76, 0x65,
-	0x72, 0x73, 0x65, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65,
-	0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x6b, 0x0a, 0x1a, 0x66, 0x69, 0x6e, 0x64, 0x41, 0x6e,
-	0x64, 0x49, 0x6e, 0x69, 0x74, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x57, 0x65, 0x62, 0x43, 0x6f,
-	0x6e, 0x66, 0x69, 0x67, 0x12, 0x25, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x41, 0x6e,
-	0x64, 0x49, 0x6e, 0x69, 0x74, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x57, 0x65, 0x62, 0x43, 0x6f,
-	0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x26, 0x2e, 0x70, 0x62,
-	0x2e, 0x46, 0x69, 0x6e, 0x64, 0x41, 0x6e, 0x64, 0x49, 0x6e, 0x69, 0x74, 0x53, 0x65, 0x72, 0x76,
-	0x65, 0x72, 0x57, 0x65, 0x62, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f,
-	0x6e, 0x73, 0x65, 0x12, 0x86, 0x01, 0x0a, 0x23, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c,
-	0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69,
-	0x74, 0x68, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x49, 0x64, 0x12, 0x2e, 0x2e, 0x70, 0x62,
-	0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64,
-	0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69, 0x74, 0x68, 0x53, 0x53, 0x4c, 0x43, 0x65,
-	0x72, 0x74, 0x49, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2f, 0x2e, 0x70, 0x62,
-	0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64,
-	0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69, 0x74, 0x68, 0x53, 0x53, 0x4c, 0x43, 0x65,
-	0x72, 0x74, 0x49, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x83, 0x01, 0x0a,
-	0x22, 0x66, 0x69, 0x6e, 0x64, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53,
-	0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69, 0x74, 0x68, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72,
-	0x74, 0x49, 0x64, 0x12, 0x2d, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x41, 0x6c, 0x6c,
-	0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69,
-	0x74, 0x68, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x49, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65,
-	0x73, 0x74, 0x1a, 0x2e, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x41, 0x6c, 0x6c, 0x45,
-	0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69, 0x74,
-	0x68, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x49, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
-	0x73, 0x65, 0x12, 0x92, 0x01, 0x0a, 0x27, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x45,
-	0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69, 0x74,
-	0x68, 0x43, 0x61, 0x63, 0x68, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49, 0x64, 0x12, 0x32,
-	0x2e, 0x70, 0x62, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62,
-	0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69, 0x74, 0x68, 0x43, 0x61,
-	0x63, 0x68, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65,
-	0x73, 0x74, 0x1a, 0x33, 0x2e, 0x70, 0x62, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c,
-	0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69,
-	0x74, 0x68, 0x43, 0x61, 0x63, 0x68, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49, 0x64, 0x52,
-	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x8f, 0x01, 0x0a, 0x26, 0x66, 0x69, 0x6e, 0x64,
-	0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72,
-	0x73, 0x57, 0x69, 0x74, 0x68, 0x43, 0x61, 0x63, 0x68, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79,
-	0x49, 0x64, 0x12, 0x31, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x41, 0x6c, 0x6c, 0x45,
-	0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69, 0x74,
-	0x68, 0x43, 0x61, 0x63, 0x68, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49, 0x64, 0x52, 0x65,
-	0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x32, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x41,
+	0x73, 0x12, 0x43, 0x0a, 0x0f, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65,
+	0x72, 0x57, 0x65, 0x62, 0x12, 0x1a, 0x2e, 0x70, 0x62, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65,
+	0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x57, 0x65, 0x62, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
+	0x1a, 0x14, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53,
+	0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x55, 0x0a, 0x18, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65,
+	0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x76, 0x65, 0x72, 0x73, 0x65, 0x50, 0x72, 0x6f,
+	0x78, 0x79, 0x12, 0x23, 0x2e, 0x70, 0x62, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65,
+	0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x76, 0x65, 0x72, 0x73, 0x65, 0x50, 0x72, 0x6f, 0x78, 0x79,
+	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43,
+	0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x47, 0x0a,
+	0x11, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4e, 0x61, 0x6d,
+	0x65, 0x73, 0x12, 0x1c, 0x2e, 0x70, 0x62, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65,
+	0x72, 0x76, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
+	0x1a, 0x14, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53,
+	0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x5f, 0x0a, 0x16, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x41,
 	0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73,
-	0x57, 0x69, 0x74, 0x68, 0x43, 0x61, 0x63, 0x68, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49,
-	0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x06, 0x5a, 0x04, 0x2e, 0x2f, 0x70,
-	0x62, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x12, 0x21, 0x2e, 0x70, 0x62, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x45, 0x6e,
+	0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x52, 0x65, 0x71, 0x75,
+	0x65, 0x73, 0x74, 0x1a, 0x22, 0x2e, 0x70, 0x62, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c,
+	0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x52,
+	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x53, 0x0a, 0x12, 0x6c, 0x69, 0x73, 0x74, 0x45,
+	0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x12, 0x1d, 0x2e,
+	0x70, 0x62, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65,
+	0x72, 0x76, 0x65, 0x72, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1e, 0x2e, 0x70,
+	0x62, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72,
+	0x76, 0x65, 0x72, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x44, 0x0a, 0x0d,
+	0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x12, 0x18, 0x2e,
+	0x70, 0x62, 0x2e, 0x44, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72,
+	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x19, 0x2e, 0x70, 0x62, 0x2e, 0x44, 0x69, 0x73,
+	0x61, 0x62, 0x6c, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
+	0x73, 0x65, 0x12, 0x50, 0x0a, 0x11, 0x66, 0x69, 0x6e, 0x64, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65,
+	0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x12, 0x1c, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e,
+	0x64, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65,
+	0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1d, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x45,
+	0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70,
+	0x6f, 0x6e, 0x73, 0x65, 0x12, 0x5c, 0x0a, 0x15, 0x66, 0x69, 0x6e, 0x64, 0x45, 0x6e, 0x61, 0x62,
+	0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x79, 0x70, 0x65, 0x12, 0x20, 0x2e,
+	0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65,
+	0x72, 0x76, 0x65, 0x72, 0x54, 0x79, 0x70, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
+	0x21, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64,
+	0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x79, 0x70, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
+	0x73, 0x65, 0x12, 0x86, 0x01, 0x0a, 0x23, 0x66, 0x69, 0x6e, 0x64, 0x41, 0x6e, 0x64, 0x49, 0x6e,
+	0x69, 0x74, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x76, 0x65, 0x72, 0x73, 0x65, 0x50,
+	0x72, 0x6f, 0x78, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x2e, 0x2e, 0x70, 0x62, 0x2e,
+	0x46, 0x69, 0x6e, 0x64, 0x41, 0x6e, 0x64, 0x49, 0x6e, 0x69, 0x74, 0x53, 0x65, 0x72, 0x76, 0x65,
+	0x72, 0x52, 0x65, 0x76, 0x65, 0x72, 0x73, 0x65, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x43, 0x6f, 0x6e,
+	0x66, 0x69, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2f, 0x2e, 0x70, 0x62, 0x2e,
+	0x46, 0x69, 0x6e, 0x64, 0x41, 0x6e, 0x64, 0x49, 0x6e, 0x69, 0x74, 0x53, 0x65, 0x72, 0x76, 0x65,
+	0x72, 0x52, 0x65, 0x76, 0x65, 0x72, 0x73, 0x65, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x43, 0x6f, 0x6e,
+	0x66, 0x69, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x6b, 0x0a, 0x1a, 0x66,
+	0x69, 0x6e, 0x64, 0x41, 0x6e, 0x64, 0x49, 0x6e, 0x69, 0x74, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72,
+	0x57, 0x65, 0x62, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x25, 0x2e, 0x70, 0x62, 0x2e, 0x46,
+	0x69, 0x6e, 0x64, 0x41, 0x6e, 0x64, 0x49, 0x6e, 0x69, 0x74, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72,
+	0x57, 0x65, 0x62, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
+	0x1a, 0x26, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x41, 0x6e, 0x64, 0x49, 0x6e, 0x69,
+	0x74, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x57, 0x65, 0x62, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
+	0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x86, 0x01, 0x0a, 0x23, 0x63, 0x6f, 0x75,
+	0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76,
+	0x65, 0x72, 0x73, 0x57, 0x69, 0x74, 0x68, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x49, 0x64,
+	0x12, 0x2e, 0x2e, 0x70, 0x62, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x45, 0x6e,
+	0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69, 0x74, 0x68,
+	0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x49, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
+	0x1a, 0x2f, 0x2e, 0x70, 0x62, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x45, 0x6e,
+	0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69, 0x74, 0x68,
+	0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x49, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
+	0x65, 0x12, 0x83, 0x01, 0x0a, 0x22, 0x66, 0x69, 0x6e, 0x64, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61,
+	0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69, 0x74, 0x68, 0x53,
+	0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x49, 0x64, 0x12, 0x2d, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69,
+	0x6e, 0x64, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76,
+	0x65, 0x72, 0x73, 0x57, 0x69, 0x74, 0x68, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x49, 0x64,
+	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2e, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e,
+	0x64, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65,
+	0x72, 0x73, 0x57, 0x69, 0x74, 0x68, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x49, 0x64, 0x52,
+	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x92, 0x01, 0x0a, 0x27, 0x63, 0x6f, 0x75, 0x6e,
+	0x74, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65,
+	0x72, 0x73, 0x57, 0x69, 0x74, 0x68, 0x43, 0x61, 0x63, 0x68, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63,
+	0x79, 0x49, 0x64, 0x12, 0x32, 0x2e, 0x70, 0x62, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c,
+	0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57,
+	0x69, 0x74, 0x68, 0x43, 0x61, 0x63, 0x68, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49, 0x64,
+	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x33, 0x2e, 0x70, 0x62, 0x2e, 0x43, 0x6f, 0x75,
+	0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76,
+	0x65, 0x72, 0x73, 0x57, 0x69, 0x74, 0x68, 0x43, 0x61, 0x63, 0x68, 0x65, 0x50, 0x6f, 0x6c, 0x69,
+	0x63, 0x79, 0x49, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x8f, 0x01, 0x0a,
+	0x26, 0x66, 0x69, 0x6e, 0x64, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53,
+	0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69, 0x74, 0x68, 0x43, 0x61, 0x63, 0x68, 0x65, 0x50,
+	0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49, 0x64, 0x12, 0x31, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e,
+	0x64, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65,
+	0x72, 0x73, 0x57, 0x69, 0x74, 0x68, 0x43, 0x61, 0x63, 0x68, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63,
+	0x79, 0x49, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x32, 0x2e, 0x70, 0x62, 0x2e,
+	0x46, 0x69, 0x6e, 0x64, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65,
+	0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69, 0x74, 0x68, 0x43, 0x61, 0x63, 0x68, 0x65, 0x50, 0x6f,
+	0x6c, 0x69, 0x63, 0x79, 0x49, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0xa7,
+	0x01, 0x0a, 0x2e, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c,
+	0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69, 0x74, 0x68, 0x48, 0x54, 0x54,
+	0x50, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49,
+	0x64, 0x12, 0x39, 0x2e, 0x70, 0x62, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x45,
+	0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69, 0x74,
+	0x68, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c,
+	0x69, 0x63, 0x79, 0x49, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x3a, 0x2e, 0x70,
+	0x62, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65,
+	0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69, 0x74, 0x68, 0x48, 0x54, 0x54, 0x50,
+	0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49, 0x64,
+	0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x06, 0x5a, 0x04, 0x2e, 0x2f, 0x70, 0x62,
+	0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
@@ -2210,50 +2327,52 @@ func file_service_server_proto_rawDescGZIP() []byte {
 	return file_service_server_proto_rawDescData
 }
 
-var file_service_server_proto_msgTypes = make([]protoimpl.MessageInfo, 34)
+var file_service_server_proto_msgTypes = make([]protoimpl.MessageInfo, 36)
 var file_service_server_proto_goTypes = []interface{}{
-	(*CreateServerRequest)(nil),                             // 0: pb.CreateServerRequest
-	(*CreateServerResponse)(nil),                            // 1: pb.CreateServerResponse
-	(*UpdateServerBasicRequest)(nil),                        // 2: pb.UpdateServerBasicRequest
-	(*UpdateServerHTTPRequest)(nil),                         // 3: pb.UpdateServerHTTPRequest
-	(*UpdateServerHTTPSRequest)(nil),                        // 4: pb.UpdateServerHTTPSRequest
-	(*UpdateServerTCPRequest)(nil),                          // 5: pb.UpdateServerTCPRequest
-	(*UpdateServerTLSRequest)(nil),                          // 6: pb.UpdateServerTLSRequest
-	(*UpdateServerUnixRequest)(nil),                         // 7: pb.UpdateServerUnixRequest
-	(*UpdateServerUDPRequest)(nil),                          // 8: pb.UpdateServerUDPRequest
-	(*UpdateServerWebRequest)(nil),                          // 9: pb.UpdateServerWebRequest
-	(*UpdateServerReverseProxyRequest)(nil),                 // 10: pb.UpdateServerReverseProxyRequest
-	(*UpdateServerNamesRequest)(nil),                        // 11: pb.UpdateServerNamesRequest
-	(*CountAllEnabledServersRequest)(nil),                   // 12: pb.CountAllEnabledServersRequest
-	(*CountAllEnabledServersResponse)(nil),                  // 13: pb.CountAllEnabledServersResponse
-	(*ListEnabledServersRequest)(nil),                       // 14: pb.ListEnabledServersRequest
-	(*ListEnabledServersResponse)(nil),                      // 15: pb.ListEnabledServersResponse
-	(*DisableServerRequest)(nil),                            // 16: pb.DisableServerRequest
-	(*DisableServerResponse)(nil),                           // 17: pb.DisableServerResponse
-	(*FindEnabledServerRequest)(nil),                        // 18: pb.FindEnabledServerRequest
-	(*FindEnabledServerResponse)(nil),                       // 19: pb.FindEnabledServerResponse
-	(*FindEnabledServerTypeRequest)(nil),                    // 20: pb.FindEnabledServerTypeRequest
-	(*FindEnabledServerTypeResponse)(nil),                   // 21: pb.FindEnabledServerTypeResponse
-	(*FindAndInitServerReverseProxyConfigRequest)(nil),      // 22: pb.FindAndInitServerReverseProxyConfigRequest
-	(*FindAndInitServerReverseProxyConfigResponse)(nil),     // 23: pb.FindAndInitServerReverseProxyConfigResponse
-	(*FindAndInitServerWebConfigRequest)(nil),               // 24: pb.FindAndInitServerWebConfigRequest
-	(*FindAndInitServerWebConfigResponse)(nil),              // 25: pb.FindAndInitServerWebConfigResponse
-	(*CountAllEnabledServersWithSSLCertIdRequest)(nil),      // 26: pb.CountAllEnabledServersWithSSLCertIdRequest
-	(*CountAllEnabledServersWithSSLCertIdResponse)(nil),     // 27: pb.CountAllEnabledServersWithSSLCertIdResponse
-	(*FindAllEnabledServersWithSSLCertIdRequest)(nil),       // 28: pb.FindAllEnabledServersWithSSLCertIdRequest
-	(*FindAllEnabledServersWithSSLCertIdResponse)(nil),      // 29: pb.FindAllEnabledServersWithSSLCertIdResponse
-	(*CountAllEnabledServersWithCachePolicyIdRequest)(nil),  // 30: pb.CountAllEnabledServersWithCachePolicyIdRequest
-	(*CountAllEnabledServersWithCachePolicyIdResponse)(nil), // 31: pb.CountAllEnabledServersWithCachePolicyIdResponse
-	(*FindAllEnabledServersWithCachePolicyIdRequest)(nil),   // 32: pb.FindAllEnabledServersWithCachePolicyIdRequest
-	(*FindAllEnabledServersWithCachePolicyIdResponse)(nil),  // 33: pb.FindAllEnabledServersWithCachePolicyIdResponse
-	(*Server)(nil),           // 34: pb.Server
-	(*RPCUpdateSuccess)(nil), // 35: pb.RPCUpdateSuccess
+	(*CreateServerRequest)(nil),                                    // 0: pb.CreateServerRequest
+	(*CreateServerResponse)(nil),                                   // 1: pb.CreateServerResponse
+	(*UpdateServerBasicRequest)(nil),                               // 2: pb.UpdateServerBasicRequest
+	(*UpdateServerHTTPRequest)(nil),                                // 3: pb.UpdateServerHTTPRequest
+	(*UpdateServerHTTPSRequest)(nil),                               // 4: pb.UpdateServerHTTPSRequest
+	(*UpdateServerTCPRequest)(nil),                                 // 5: pb.UpdateServerTCPRequest
+	(*UpdateServerTLSRequest)(nil),                                 // 6: pb.UpdateServerTLSRequest
+	(*UpdateServerUnixRequest)(nil),                                // 7: pb.UpdateServerUnixRequest
+	(*UpdateServerUDPRequest)(nil),                                 // 8: pb.UpdateServerUDPRequest
+	(*UpdateServerWebRequest)(nil),                                 // 9: pb.UpdateServerWebRequest
+	(*UpdateServerReverseProxyRequest)(nil),                        // 10: pb.UpdateServerReverseProxyRequest
+	(*UpdateServerNamesRequest)(nil),                               // 11: pb.UpdateServerNamesRequest
+	(*CountAllEnabledServersRequest)(nil),                          // 12: pb.CountAllEnabledServersRequest
+	(*CountAllEnabledServersResponse)(nil),                         // 13: pb.CountAllEnabledServersResponse
+	(*ListEnabledServersRequest)(nil),                              // 14: pb.ListEnabledServersRequest
+	(*ListEnabledServersResponse)(nil),                             // 15: pb.ListEnabledServersResponse
+	(*DisableServerRequest)(nil),                                   // 16: pb.DisableServerRequest
+	(*DisableServerResponse)(nil),                                  // 17: pb.DisableServerResponse
+	(*FindEnabledServerRequest)(nil),                               // 18: pb.FindEnabledServerRequest
+	(*FindEnabledServerResponse)(nil),                              // 19: pb.FindEnabledServerResponse
+	(*FindEnabledServerTypeRequest)(nil),                           // 20: pb.FindEnabledServerTypeRequest
+	(*FindEnabledServerTypeResponse)(nil),                          // 21: pb.FindEnabledServerTypeResponse
+	(*FindAndInitServerReverseProxyConfigRequest)(nil),             // 22: pb.FindAndInitServerReverseProxyConfigRequest
+	(*FindAndInitServerReverseProxyConfigResponse)(nil),            // 23: pb.FindAndInitServerReverseProxyConfigResponse
+	(*FindAndInitServerWebConfigRequest)(nil),                      // 24: pb.FindAndInitServerWebConfigRequest
+	(*FindAndInitServerWebConfigResponse)(nil),                     // 25: pb.FindAndInitServerWebConfigResponse
+	(*CountAllEnabledServersWithSSLCertIdRequest)(nil),             // 26: pb.CountAllEnabledServersWithSSLCertIdRequest
+	(*CountAllEnabledServersWithSSLCertIdResponse)(nil),            // 27: pb.CountAllEnabledServersWithSSLCertIdResponse
+	(*FindAllEnabledServersWithSSLCertIdRequest)(nil),              // 28: pb.FindAllEnabledServersWithSSLCertIdRequest
+	(*FindAllEnabledServersWithSSLCertIdResponse)(nil),             // 29: pb.FindAllEnabledServersWithSSLCertIdResponse
+	(*CountAllEnabledServersWithCachePolicyIdRequest)(nil),         // 30: pb.CountAllEnabledServersWithCachePolicyIdRequest
+	(*CountAllEnabledServersWithCachePolicyIdResponse)(nil),        // 31: pb.CountAllEnabledServersWithCachePolicyIdResponse
+	(*FindAllEnabledServersWithCachePolicyIdRequest)(nil),          // 32: pb.FindAllEnabledServersWithCachePolicyIdRequest
+	(*FindAllEnabledServersWithCachePolicyIdResponse)(nil),         // 33: pb.FindAllEnabledServersWithCachePolicyIdResponse
+	(*CountAllEnabledServersWithHTTPFirewallPolicyIdRequest)(nil),  // 34: pb.CountAllEnabledServersWithHTTPFirewallPolicyIdRequest
+	(*CountAllEnabledServersWithHTTPFirewallPolicyIdResponse)(nil), // 35: pb.CountAllEnabledServersWithHTTPFirewallPolicyIdResponse
+	(*Server)(nil),           // 36: pb.Server
+	(*RPCUpdateSuccess)(nil), // 37: pb.RPCUpdateSuccess
 }
 var file_service_server_proto_depIdxs = []int32{
-	34, // 0: pb.ListEnabledServersResponse.servers:type_name -> pb.Server
-	34, // 1: pb.FindEnabledServerResponse.server:type_name -> pb.Server
-	34, // 2: pb.FindAllEnabledServersWithSSLCertIdResponse.servers:type_name -> pb.Server
-	34, // 3: pb.FindAllEnabledServersWithCachePolicyIdResponse.servers:type_name -> pb.Server
+	36, // 0: pb.ListEnabledServersResponse.servers:type_name -> pb.Server
+	36, // 1: pb.FindEnabledServerResponse.server:type_name -> pb.Server
+	36, // 2: pb.FindAllEnabledServersWithSSLCertIdResponse.servers:type_name -> pb.Server
+	36, // 3: pb.FindAllEnabledServersWithCachePolicyIdResponse.servers:type_name -> pb.Server
 	0,  // 4: pb.ServerService.createServer:input_type -> pb.CreateServerRequest
 	2,  // 5: pb.ServerService.updateServerBasic:input_type -> pb.UpdateServerBasicRequest
 	3,  // 6: pb.ServerService.updateServerHTTP:input_type -> pb.UpdateServerHTTPRequest
@@ -2276,30 +2395,32 @@ var file_service_server_proto_depIdxs = []int32{
 	28, // 23: pb.ServerService.findAllEnabledServersWithSSLCertId:input_type -> pb.FindAllEnabledServersWithSSLCertIdRequest
 	30, // 24: pb.ServerService.countAllEnabledServersWithCachePolicyId:input_type -> pb.CountAllEnabledServersWithCachePolicyIdRequest
 	32, // 25: pb.ServerService.findAllEnabledServersWithCachePolicyId:input_type -> pb.FindAllEnabledServersWithCachePolicyIdRequest
-	1,  // 26: pb.ServerService.createServer:output_type -> pb.CreateServerResponse
-	35, // 27: pb.ServerService.updateServerBasic:output_type -> pb.RPCUpdateSuccess
-	35, // 28: pb.ServerService.updateServerHTTP:output_type -> pb.RPCUpdateSuccess
-	35, // 29: pb.ServerService.updateServerHTTPS:output_type -> pb.RPCUpdateSuccess
-	35, // 30: pb.ServerService.updateServerTCP:output_type -> pb.RPCUpdateSuccess
-	35, // 31: pb.ServerService.updateServerTLS:output_type -> pb.RPCUpdateSuccess
-	35, // 32: pb.ServerService.updateServerUnix:output_type -> pb.RPCUpdateSuccess
-	35, // 33: pb.ServerService.updateServerUDP:output_type -> pb.RPCUpdateSuccess
-	35, // 34: pb.ServerService.updateServerWeb:output_type -> pb.RPCUpdateSuccess
-	35, // 35: pb.ServerService.updateServerReverseProxy:output_type -> pb.RPCUpdateSuccess
-	35, // 36: pb.ServerService.updateServerNames:output_type -> pb.RPCUpdateSuccess
-	13, // 37: pb.ServerService.countAllEnabledServers:output_type -> pb.CountAllEnabledServersResponse
-	15, // 38: pb.ServerService.listEnabledServers:output_type -> pb.ListEnabledServersResponse
-	17, // 39: pb.ServerService.disableServer:output_type -> pb.DisableServerResponse
-	19, // 40: pb.ServerService.findEnabledServer:output_type -> pb.FindEnabledServerResponse
-	21, // 41: pb.ServerService.findEnabledServerType:output_type -> pb.FindEnabledServerTypeResponse
-	23, // 42: pb.ServerService.findAndInitServerReverseProxyConfig:output_type -> pb.FindAndInitServerReverseProxyConfigResponse
-	25, // 43: pb.ServerService.findAndInitServerWebConfig:output_type -> pb.FindAndInitServerWebConfigResponse
-	27, // 44: pb.ServerService.countAllEnabledServersWithSSLCertId:output_type -> pb.CountAllEnabledServersWithSSLCertIdResponse
-	29, // 45: pb.ServerService.findAllEnabledServersWithSSLCertId:output_type -> pb.FindAllEnabledServersWithSSLCertIdResponse
-	31, // 46: pb.ServerService.countAllEnabledServersWithCachePolicyId:output_type -> pb.CountAllEnabledServersWithCachePolicyIdResponse
-	33, // 47: pb.ServerService.findAllEnabledServersWithCachePolicyId:output_type -> pb.FindAllEnabledServersWithCachePolicyIdResponse
-	26, // [26:48] is the sub-list for method output_type
-	4,  // [4:26] is the sub-list for method input_type
+	34, // 26: pb.ServerService.countAllEnabledServersWithHTTPFirewallPolicyId:input_type -> pb.CountAllEnabledServersWithHTTPFirewallPolicyIdRequest
+	1,  // 27: pb.ServerService.createServer:output_type -> pb.CreateServerResponse
+	37, // 28: pb.ServerService.updateServerBasic:output_type -> pb.RPCUpdateSuccess
+	37, // 29: pb.ServerService.updateServerHTTP:output_type -> pb.RPCUpdateSuccess
+	37, // 30: pb.ServerService.updateServerHTTPS:output_type -> pb.RPCUpdateSuccess
+	37, // 31: pb.ServerService.updateServerTCP:output_type -> pb.RPCUpdateSuccess
+	37, // 32: pb.ServerService.updateServerTLS:output_type -> pb.RPCUpdateSuccess
+	37, // 33: pb.ServerService.updateServerUnix:output_type -> pb.RPCUpdateSuccess
+	37, // 34: pb.ServerService.updateServerUDP:output_type -> pb.RPCUpdateSuccess
+	37, // 35: pb.ServerService.updateServerWeb:output_type -> pb.RPCUpdateSuccess
+	37, // 36: pb.ServerService.updateServerReverseProxy:output_type -> pb.RPCUpdateSuccess
+	37, // 37: pb.ServerService.updateServerNames:output_type -> pb.RPCUpdateSuccess
+	13, // 38: pb.ServerService.countAllEnabledServers:output_type -> pb.CountAllEnabledServersResponse
+	15, // 39: pb.ServerService.listEnabledServers:output_type -> pb.ListEnabledServersResponse
+	17, // 40: pb.ServerService.disableServer:output_type -> pb.DisableServerResponse
+	19, // 41: pb.ServerService.findEnabledServer:output_type -> pb.FindEnabledServerResponse
+	21, // 42: pb.ServerService.findEnabledServerType:output_type -> pb.FindEnabledServerTypeResponse
+	23, // 43: pb.ServerService.findAndInitServerReverseProxyConfig:output_type -> pb.FindAndInitServerReverseProxyConfigResponse
+	25, // 44: pb.ServerService.findAndInitServerWebConfig:output_type -> pb.FindAndInitServerWebConfigResponse
+	27, // 45: pb.ServerService.countAllEnabledServersWithSSLCertId:output_type -> pb.CountAllEnabledServersWithSSLCertIdResponse
+	29, // 46: pb.ServerService.findAllEnabledServersWithSSLCertId:output_type -> pb.FindAllEnabledServersWithSSLCertIdResponse
+	31, // 47: pb.ServerService.countAllEnabledServersWithCachePolicyId:output_type -> pb.CountAllEnabledServersWithCachePolicyIdResponse
+	33, // 48: pb.ServerService.findAllEnabledServersWithCachePolicyId:output_type -> pb.FindAllEnabledServersWithCachePolicyIdResponse
+	35, // 49: pb.ServerService.countAllEnabledServersWithHTTPFirewallPolicyId:output_type -> pb.CountAllEnabledServersWithHTTPFirewallPolicyIdResponse
+	27, // [27:50] is the sub-list for method output_type
+	4,  // [4:27] is the sub-list for method input_type
 	4,  // [4:4] is the sub-list for extension type_name
 	4,  // [4:4] is the sub-list for extension extendee
 	0,  // [0:4] is the sub-list for field type_name
@@ -2721,6 +2842,30 @@ func file_service_server_proto_init() {
 				return nil
 			}
 		}
+		file_service_server_proto_msgTypes[34].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*CountAllEnabledServersWithHTTPFirewallPolicyIdRequest); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_service_server_proto_msgTypes[35].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*CountAllEnabledServersWithHTTPFirewallPolicyIdResponse); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
 	}
 	type x struct{}
 	out := protoimpl.TypeBuilder{
@@ -2728,7 +2873,7 @@ func file_service_server_proto_init() {
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
 			RawDescriptor: file_service_server_proto_rawDesc,
 			NumEnums:      0,
-			NumMessages:   34,
+			NumMessages:   36,
 			NumExtensions: 0,
 			NumServices:   1,
 		},
@@ -2798,6 +2943,8 @@ type ServerServiceClient interface {
 	CountAllEnabledServersWithCachePolicyId(ctx context.Context, in *CountAllEnabledServersWithCachePolicyIdRequest, opts ...grpc.CallOption) (*CountAllEnabledServersWithCachePolicyIdResponse, error)
 	// 查找使用某个缓存策略的所有服务
 	FindAllEnabledServersWithCachePolicyId(ctx context.Context, in *FindAllEnabledServersWithCachePolicyIdRequest, opts ...grpc.CallOption) (*FindAllEnabledServersWithCachePolicyIdResponse, error)
+	// 计算使用某个WAF策略的服务数量
+	CountAllEnabledServersWithHTTPFirewallPolicyId(ctx context.Context, in *CountAllEnabledServersWithHTTPFirewallPolicyIdRequest, opts ...grpc.CallOption) (*CountAllEnabledServersWithHTTPFirewallPolicyIdResponse, error)
 }
 
 type serverServiceClient struct {
@@ -3006,6 +3153,15 @@ func (c *serverServiceClient) FindAllEnabledServersWithCachePolicyId(ctx context
 	return out, nil
 }
 
+func (c *serverServiceClient) CountAllEnabledServersWithHTTPFirewallPolicyId(ctx context.Context, in *CountAllEnabledServersWithHTTPFirewallPolicyIdRequest, opts ...grpc.CallOption) (*CountAllEnabledServersWithHTTPFirewallPolicyIdResponse, error) {
+	out := new(CountAllEnabledServersWithHTTPFirewallPolicyIdResponse)
+	err := c.cc.Invoke(ctx, "/pb.ServerService/countAllEnabledServersWithHTTPFirewallPolicyId", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
 // ServerServiceServer is the server API for ServerService service.
 type ServerServiceServer interface {
 	// 创建服务
@@ -3052,6 +3208,8 @@ type ServerServiceServer interface {
 	CountAllEnabledServersWithCachePolicyId(context.Context, *CountAllEnabledServersWithCachePolicyIdRequest) (*CountAllEnabledServersWithCachePolicyIdResponse, error)
 	// 查找使用某个缓存策略的所有服务
 	FindAllEnabledServersWithCachePolicyId(context.Context, *FindAllEnabledServersWithCachePolicyIdRequest) (*FindAllEnabledServersWithCachePolicyIdResponse, error)
+	// 计算使用某个WAF策略的服务数量
+	CountAllEnabledServersWithHTTPFirewallPolicyId(context.Context, *CountAllEnabledServersWithHTTPFirewallPolicyIdRequest) (*CountAllEnabledServersWithHTTPFirewallPolicyIdResponse, error)
 }
 
 // UnimplementedServerServiceServer can be embedded to have forward compatible implementations.
@@ -3124,6 +3282,9 @@ func (*UnimplementedServerServiceServer) CountAllEnabledServersWithCachePolicyId
 func (*UnimplementedServerServiceServer) FindAllEnabledServersWithCachePolicyId(context.Context, *FindAllEnabledServersWithCachePolicyIdRequest) (*FindAllEnabledServersWithCachePolicyIdResponse, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method FindAllEnabledServersWithCachePolicyId not implemented")
 }
+func (*UnimplementedServerServiceServer) CountAllEnabledServersWithHTTPFirewallPolicyId(context.Context, *CountAllEnabledServersWithHTTPFirewallPolicyIdRequest) (*CountAllEnabledServersWithHTTPFirewallPolicyIdResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method CountAllEnabledServersWithHTTPFirewallPolicyId not implemented")
+}
 
 func RegisterServerServiceServer(s *grpc.Server, srv ServerServiceServer) {
 	s.RegisterService(&_ServerService_serviceDesc, srv)
@@ -3525,6 +3686,24 @@ func _ServerService_FindAllEnabledServersWithCachePolicyId_Handler(srv interface
 	return interceptor(ctx, in, info, handler)
 }
 
+func _ServerService_CountAllEnabledServersWithHTTPFirewallPolicyId_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(CountAllEnabledServersWithHTTPFirewallPolicyIdRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(ServerServiceServer).CountAllEnabledServersWithHTTPFirewallPolicyId(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/pb.ServerService/CountAllEnabledServersWithHTTPFirewallPolicyId",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ServerServiceServer).CountAllEnabledServersWithHTTPFirewallPolicyId(ctx, req.(*CountAllEnabledServersWithHTTPFirewallPolicyIdRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
 var _ServerService_serviceDesc = grpc.ServiceDesc{
 	ServiceName: "pb.ServerService",
 	HandlerType: (*ServerServiceServer)(nil),
@@ -3617,6 +3796,10 @@ var _ServerService_serviceDesc = grpc.ServiceDesc{
 			MethodName: "findAllEnabledServersWithCachePolicyId",
 			Handler:    _ServerService_FindAllEnabledServersWithCachePolicyId_Handler,
 		},
+		{
+			MethodName: "countAllEnabledServersWithHTTPFirewallPolicyId",
+			Handler:    _ServerService_CountAllEnabledServersWithHTTPFirewallPolicyId_Handler,
+		},
 	},
 	Streams:  []grpc.StreamDesc{},
 	Metadata: "service_server.proto",
diff --git a/pkg/rpc/protos/model_http_firewall_policy.proto b/pkg/rpc/protos/model_http_firewall_policy.proto
index d777a2c..ce6984a 100644
--- a/pkg/rpc/protos/model_http_firewall_policy.proto
+++ b/pkg/rpc/protos/model_http_firewall_policy.proto
@@ -7,4 +7,7 @@ message HTTPFirewallPolicy {
 	int64 id = 1;
 	string name = 2;
 	bool isOn = 3;
+	string description = 4;
+	bytes inboundJSON = 5;
+	bytes outboundJSON = 6;
 }
\ No newline at end of file
diff --git a/pkg/rpc/protos/service_http_firewall_policy.proto b/pkg/rpc/protos/service_http_firewall_policy.proto
index bc9cefc..be899f6 100644
--- a/pkg/rpc/protos/service_http_firewall_policy.proto
+++ b/pkg/rpc/protos/service_http_firewall_policy.proto
@@ -4,10 +4,32 @@ option go_package = "./pb";
 package pb;
 
 import "model_http_firewall_policy.proto";
+import "rpc_messages.proto";
 
 service HTTPFirewallPolicyService {
 	// 获取所有可用策略
 	rpc findAllEnabledHTTPFirewallPolicies (FindAllEnabledHTTPFirewallPoliciesRequest) returns (FindAllEnabledHTTPFirewallPoliciesResponse);
+
+	// 创建防火墙策略
+	rpc createHTTPFirewallPolicy (CreateHTTPFirewallPolicyRequest) returns (CreateHTTPFirewallPolicyResponse);
+
+	// 修改防火墙策略
+	rpc updateHTTPFirewallPolicy (UpdateHTTPFirewallPolicyRequest) returns (RPCUpdateSuccess);
+
+	// 计算可用的防火墙策略数量
+	rpc countAllEnabledFirewallPolicies (CountAllEnabledFirewallPoliciesRequest) returns (CountAllEnabledFirewallPoliciesResponse);
+
+	// 列出单页的防火墙策略
+	rpc listEnabledFirewallPolicies (ListEnabledFirewallPoliciesRequest) returns (ListEnabledFirewallPoliciesResponse);
+
+	// 删除某个防火墙策略
+	rpc deleteFirewallPolicy (DeleteFirewallPolicyRequest) returns (RPCDeleteSuccess);
+
+	// 查找单个防火墙配置
+	rpc findEnabledFirewallPolicyConfig (FindEnabledFirewallPolicyConfigRequest) returns (FindEnabledFirewallPolicyConfigResponse);
+
+	// 获取防火墙的基本信息
+	rpc findEnabledFirewallPolicy (FindEnabledFirewallPolicyRequest) returns (FindEnabledFirewallPolicyResponse);
 }
 
 // 获取所有可用策略
@@ -19,3 +41,64 @@ message FindAllEnabledHTTPFirewallPoliciesResponse {
 	repeated HTTPFirewallPolicy firewallPolicies = 1;
 }
 
+// 创建防火墙策略
+message CreateHTTPFirewallPolicyRequest {
+	bool isOn = 1;
+	string name = 2;
+	string description = 3;
+	repeated string firewallGroupCodes = 4;
+}
+
+message CreateHTTPFirewallPolicyResponse {
+	int64 firewallPolicyId = 1;
+}
+
+// 修改防火墙策略
+message UpdateHTTPFirewallPolicyRequest {
+	int64 firewallPolicyId = 1;
+	bool isOn = 2;
+	string name = 3;
+	string description = 4;
+	repeated string firewallGroupCodes = 5;
+}
+
+// 计算可用的防火墙策略数量
+message CountAllEnabledFirewallPoliciesRequest {
+}
+
+message CountAllEnabledFirewallPoliciesResponse {
+	int64 count = 1;
+}
+
+// 列出单页的防火墙策略
+message ListEnabledFirewallPoliciesRequest {
+	int64 offset = 1;
+	int64 size = 2;
+}
+
+message ListEnabledFirewallPoliciesResponse {
+	repeated HTTPFirewallPolicy firewallPolicies = 1;
+}
+
+// 删除某个防火墙策略
+message DeleteFirewallPolicyRequest {
+	int64 firewallPolicyId = 1;
+}
+
+// 查找单个防火墙配置
+message FindEnabledFirewallPolicyConfigRequest {
+	int64 firewallPolicyId = 1;
+}
+
+message FindEnabledFirewallPolicyConfigResponse {
+	bytes firewallPolicyJSON = 1;
+}
+
+// 获取防火墙的基本信息
+message FindEnabledFirewallPolicyRequest {
+	int64 firewallPolicyId = 1;
+}
+
+message FindEnabledFirewallPolicyResponse {
+	HTTPFirewallPolicy firewallPolicy = 1;
+}
\ No newline at end of file
diff --git a/pkg/rpc/protos/service_server.proto b/pkg/rpc/protos/service_server.proto
index 59dff28..5cb0cfa 100644
--- a/pkg/rpc/protos/service_server.proto
+++ b/pkg/rpc/protos/service_server.proto
@@ -72,6 +72,9 @@ service ServerService {
 
 	// 查找使用某个缓存策略的所有服务
 	rpc findAllEnabledServersWithCachePolicyId (FindAllEnabledServersWithCachePolicyIdRequest) returns (FindAllEnabledServersWithCachePolicyIdResponse);
+
+	// 计算使用某个WAF策略的服务数量
+	rpc countAllEnabledServersWithHTTPFirewallPolicyId (CountAllEnabledServersWithHTTPFirewallPolicyIdRequest) returns (CountAllEnabledServersWithHTTPFirewallPolicyIdResponse);
 }
 
 // 创建服务
@@ -258,3 +261,11 @@ message FindAllEnabledServersWithCachePolicyIdResponse {
 	repeated Server servers = 1;
 }
 
+// 计算使用某个WAF策略的服务数量
+message CountAllEnabledServersWithHTTPFirewallPolicyIdRequest {
+	int64 firewallPolicyId = 1;
+}
+
+message CountAllEnabledServersWithHTTPFirewallPolicyIdResponse {
+	int64 count = 1;
+}
\ No newline at end of file
diff --git a/pkg/serverconfigs/firewallconfigs/http_firewall_action_allow.go b/pkg/serverconfigs/firewallconfigs/http_firewall_action_allow.go
new file mode 100644
index 0000000..747b72d
--- /dev/null
+++ b/pkg/serverconfigs/firewallconfigs/http_firewall_action_allow.go
@@ -0,0 +1,4 @@
+package firewallconfigs
+
+type HTTPFirewallAllowAction struct {
+}
diff --git a/pkg/serverconfigs/firewallconfigs/http_firewall_action_block.go b/pkg/serverconfigs/firewallconfigs/http_firewall_action_block.go
new file mode 100644
index 0000000..213b518
--- /dev/null
+++ b/pkg/serverconfigs/firewallconfigs/http_firewall_action_block.go
@@ -0,0 +1,8 @@
+package firewallconfigs
+
+// url client configure
+type HTTPFirewallBlockAction struct {
+	StatusCode int    `yaml:"statusCode" json:"statusCode"`
+	Body       string `yaml:"body" json:"body"` // supports HTML
+	URL        string `yaml:"url" json:"url"`
+}
diff --git a/pkg/serverconfigs/firewallconfigs/http_firewall_action_captcha.go b/pkg/serverconfigs/firewallconfigs/http_firewall_action_captcha.go
new file mode 100644
index 0000000..873591d
--- /dev/null
+++ b/pkg/serverconfigs/firewallconfigs/http_firewall_action_captcha.go
@@ -0,0 +1,4 @@
+package firewallconfigs
+
+type HTTPFirewallCaptchaAction struct {
+}
diff --git a/pkg/serverconfigs/firewallconfigs/http_firewall_action_definition.go b/pkg/serverconfigs/firewallconfigs/http_firewall_action_definition.go
new file mode 100644
index 0000000..9693b47
--- /dev/null
+++ b/pkg/serverconfigs/firewallconfigs/http_firewall_action_definition.go
@@ -0,0 +1,11 @@
+package firewallconfigs
+
+import "reflect"
+
+// action definition
+type HTTPFirewallActionDefinition struct {
+	Name        string
+	Code        HTTPFirewallActionString
+	Description string
+	Type        reflect.Type
+}
diff --git a/pkg/serverconfigs/firewallconfigs/http_firewall_action_go_group.go b/pkg/serverconfigs/firewallconfigs/http_firewall_action_go_group.go
new file mode 100644
index 0000000..c558b19
--- /dev/null
+++ b/pkg/serverconfigs/firewallconfigs/http_firewall_action_go_group.go
@@ -0,0 +1,5 @@
+package firewallconfigs
+
+type HTTPFirewallGoGroupAction struct {
+	GroupId string `yaml:"groupId" json:"groupId"`
+}
diff --git a/pkg/serverconfigs/firewallconfigs/http_firewall_action_go_set.go b/pkg/serverconfigs/firewallconfigs/http_firewall_action_go_set.go
new file mode 100644
index 0000000..e38e5e7
--- /dev/null
+++ b/pkg/serverconfigs/firewallconfigs/http_firewall_action_go_set.go
@@ -0,0 +1,6 @@
+package firewallconfigs
+
+type HTTPFirewallGoSetAction struct {
+	GroupId string `yaml:"groupId" json:"groupId"`
+	SetId   string `yaml:"setId" json:"setId"`
+}
diff --git a/pkg/serverconfigs/firewallconfigs/http_firewall_action_instance.go b/pkg/serverconfigs/firewallconfigs/http_firewall_action_instance.go
new file mode 100644
index 0000000..4bffc2e
--- /dev/null
+++ b/pkg/serverconfigs/firewallconfigs/http_firewall_action_instance.go
@@ -0,0 +1,5 @@
+package firewallconfigs
+
+type Action struct {
+
+}
diff --git a/pkg/serverconfigs/firewallconfigs/http_firewall_action_log.go b/pkg/serverconfigs/firewallconfigs/http_firewall_action_log.go
new file mode 100644
index 0000000..6a67876
--- /dev/null
+++ b/pkg/serverconfigs/firewallconfigs/http_firewall_action_log.go
@@ -0,0 +1,4 @@
+package firewallconfigs
+
+type HTTPFirewallLogAction struct {
+}
diff --git a/pkg/serverconfigs/firewallconfigs/http_firewall_action_type.go b/pkg/serverconfigs/firewallconfigs/http_firewall_action_type.go
new file mode 100644
index 0000000..fc8f676
--- /dev/null
+++ b/pkg/serverconfigs/firewallconfigs/http_firewall_action_type.go
@@ -0,0 +1,12 @@
+package firewallconfigs
+
+type HTTPFirewallActionString = string
+
+const (
+	HTTPFirewallActionLog     = "log"      // allow and log
+	HTTPFirewallActionBlock   = "block"    // block
+	HTTPFirewallActionCaptcha = "captcha"  // block and show captcha
+	HTTPFirewallActionAllow   = "allow"    // allow
+	HTTPFirewallActionGoGroup = "go_group" // go to next rule group
+	HTTPFirewallActionGoSet   = "go_set"   // go to next rule set
+)
diff --git a/pkg/serverconfigs/firewallconfigs/http_firewall_action_utils.go b/pkg/serverconfigs/firewallconfigs/http_firewall_action_utils.go
new file mode 100644
index 0000000..23ae262
--- /dev/null
+++ b/pkg/serverconfigs/firewallconfigs/http_firewall_action_utils.go
@@ -0,0 +1,43 @@
+package firewallconfigs
+
+import (
+	"reflect"
+)
+
+var AllActions = []*HTTPFirewallActionDefinition{
+	{
+		Name: "阻止",
+		Code: HTTPFirewallActionBlock,
+	},
+	{
+		Name: "允许通过",
+		Code: HTTPFirewallActionAllow,
+	},
+	{
+		Name: "允许并记录日志",
+		Code: HTTPFirewallActionLog,
+	},
+	{
+		Name: "Captcha验证码",
+		Code: HTTPFirewallActionCaptcha,
+	},
+	{
+		Name: "跳到下一个规则分组",
+		Code: HTTPFirewallActionGoGroup,
+		Type: reflect.TypeOf(new(HTTPFirewallGoGroupAction)).Elem(),
+	},
+	{
+		Name: "跳到下一个规则集",
+		Code: HTTPFirewallActionGoSet,
+		Type: reflect.TypeOf(new(HTTPFirewallGoSetAction)).Elem(),
+	},
+}
+
+func FindActionName(action HTTPFirewallActionString) string {
+	for _, def := range AllActions {
+		if def.Code == action {
+			return def.Name
+		}
+	}
+	return ""
+}
diff --git a/pkg/serverconfigs/firewallconfigs/http_firewall_action_utils_test.go b/pkg/serverconfigs/firewallconfigs/http_firewall_action_utils_test.go
new file mode 100644
index 0000000..523d4bf
--- /dev/null
+++ b/pkg/serverconfigs/firewallconfigs/http_firewall_action_utils_test.go
@@ -0,0 +1 @@
+package firewallconfigs
diff --git a/pkg/serverconfigs/firewallconfigs/http_firewall_inbound_config.go b/pkg/serverconfigs/firewallconfigs/http_firewall_inbound_config.go
new file mode 100644
index 0000000..dcfcbb4
--- /dev/null
+++ b/pkg/serverconfigs/firewallconfigs/http_firewall_inbound_config.go
@@ -0,0 +1,28 @@
+package firewallconfigs
+
+type HTTPFirewallInboundConfig struct {
+	IsOn      bool                        `yaml:"isOn" json:"isOn"`
+	GroupRefs []*HTTPFirewallRuleGroupRef `yaml:"groupRefs" json:"groupRefs"`
+	Groups    []*HTTPFirewallRuleGroup    `yaml:"groups" json:"groups"`
+}
+
+// 初始化
+func (this *HTTPFirewallInboundConfig) Init() error {
+	for _, group := range this.Groups {
+		err := group.Init()
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// 根据Code查找Group
+func (this *HTTPFirewallInboundConfig) FindGroupWithCode(code string) *HTTPFirewallRuleGroup {
+	for _, group := range this.Groups {
+		if group.Code == code {
+			return group
+		}
+	}
+	return nil
+}
diff --git a/pkg/serverconfigs/firewallconfigs/http_firewall_outbound_config.go b/pkg/serverconfigs/firewallconfigs/http_firewall_outbound_config.go
new file mode 100644
index 0000000..97208ea
--- /dev/null
+++ b/pkg/serverconfigs/firewallconfigs/http_firewall_outbound_config.go
@@ -0,0 +1,28 @@
+package firewallconfigs
+
+type HTTPFirewallOutboundConfig struct {
+	IsOn      bool                        `yaml:"isOn" json:"isOn"`
+	GroupRefs []*HTTPFirewallRuleGroupRef `yaml:"groupRefs" json:"groupRefs"`
+	Groups    []*HTTPFirewallRuleGroup    `yaml:"groups" json:"groups"`
+}
+
+// 初始化
+func (this *HTTPFirewallOutboundConfig) Init() error {
+	for _, group := range this.Groups {
+		err := group.Init()
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// 根据Code查找Group
+func (this *HTTPFirewallOutboundConfig) FindGroupWithCode(code string) *HTTPFirewallRuleGroup {
+	for _, group := range this.Groups {
+		if group.Code == code {
+			return group
+		}
+	}
+	return nil
+}
diff --git a/pkg/serverconfigs/firewallconfigs/http_firewall_policy.go b/pkg/serverconfigs/firewallconfigs/http_firewall_policy.go
new file mode 100644
index 0000000..16fda0d
--- /dev/null
+++ b/pkg/serverconfigs/firewallconfigs/http_firewall_policy.go
@@ -0,0 +1,51 @@
+package firewallconfigs
+
+// 防火墙策略
+type HTTPFirewallPolicy struct {
+	Id          int64                       `yaml:"id" json:"id"`
+	IsOn        bool                        `yaml:"isOn" json:"isOn"`
+	Name        string                      `yaml:"name" json:"name"`
+	Description string                      `yaml:"description" json:"description"`
+	Inbound     *HTTPFirewallInboundConfig  `yaml:"inbound" json:"inbound"`
+	Outbound    *HTTPFirewallOutboundConfig `yaml:"outbound" json:"outbound"`
+}
+
+// 初始化
+func (this *HTTPFirewallPolicy) Init() error {
+	if this.Inbound != nil {
+		err := this.Inbound.Init()
+		if err != nil {
+			return err
+		}
+	}
+	if this.Outbound != nil {
+		err := this.Outbound.Init()
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+// 获取所有分组
+func (this *HTTPFirewallPolicy) AllRuleGroups() []*HTTPFirewallRuleGroup {
+	result := []*HTTPFirewallRuleGroup{}
+	if this.Inbound != nil {
+		result = append(result, this.Inbound.Groups...)
+	}
+	if this.Outbound != nil {
+		result = append(result, this.Outbound.Groups...)
+	}
+	return result
+}
+
+// 根据代号获取分组
+func (this *HTTPFirewallPolicy) FindRuleGroupWithCode(code string) *HTTPFirewallRuleGroup {
+	for _, g := range this.AllRuleGroups() {
+		if g.Code == code {
+			return g
+		}
+	}
+	return nil
+}
diff --git a/pkg/serverconfigs/http_firewall_ref.go b/pkg/serverconfigs/firewallconfigs/http_firewall_ref.go
similarity index 91%
rename from pkg/serverconfigs/http_firewall_ref.go
rename to pkg/serverconfigs/firewallconfigs/http_firewall_ref.go
index 36be19e..4821907 100644
--- a/pkg/serverconfigs/http_firewall_ref.go
+++ b/pkg/serverconfigs/firewallconfigs/http_firewall_ref.go
@@ -1,4 +1,4 @@
-package serverconfigs
+package firewallconfigs
 
 type HTTPFirewallRef struct {
 	IsPrior          bool  `yaml:"isPrior" json:"isPrior"`
diff --git a/pkg/serverconfigs/firewallconfigs/http_firewall_rule.go b/pkg/serverconfigs/firewallconfigs/http_firewall_rule.go
new file mode 100644
index 0000000..c3b65b4
--- /dev/null
+++ b/pkg/serverconfigs/firewallconfigs/http_firewall_rule.go
@@ -0,0 +1,16 @@
+package firewallconfigs
+
+type HTTPFirewallRule struct {
+	Id                int64                  `yaml:"id" json:"id"`
+	IsOn              bool                   `yaml:"isOn" json:"isOn"`
+	Param             string                 `yaml:"param" json:"param"`
+	Operator          string                 `yaml:"operator" json:"operator"`
+	Value             string                 `yaml:"value" json:"value"`
+	IsCaseInsensitive bool                   `yaml:"isCaseInsensitive" json:"isCaseInsensitive"`
+	CheckpointOptions map[string]interface{} `yaml:"checkpointOptions" json:"checkpointOptions"`
+	Description       string                 `yaml:"description" json:"description"`
+}
+
+func (this *HTTPFirewallRule) Init() error {
+	return nil
+}
diff --git a/pkg/serverconfigs/firewallconfigs/http_firewall_rule_group.go b/pkg/serverconfigs/firewallconfigs/http_firewall_rule_group.go
new file mode 100644
index 0000000..c65e6f3
--- /dev/null
+++ b/pkg/serverconfigs/firewallconfigs/http_firewall_rule_group.go
@@ -0,0 +1,28 @@
+package firewallconfigs
+
+// 规则组
+type HTTPFirewallRuleGroup struct {
+	Id          int64                     `yaml:"id" json:"id"`
+	IsOn        bool                      `yaml:"isOn" json:"isOn"`
+	Name        string                    `yaml:"name" json:"name"`
+	Description string                    `yaml:"description" json:"description"`
+	Code        string                    `yaml:"code" json:"code"`
+	SetRefs     []*HTTPFirewallRuleSetRef `yaml:"setRefs" json:"setRefs"`
+	Sets        []*HTTPFirewallRuleSet    `yaml:"sets" json:"sets"`
+}
+
+// 初始化
+func (this *HTTPFirewallRuleGroup) Init() error {
+	for _, set := range this.Sets {
+		err := set.Init()
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// 添加规则集
+func (this *HTTPFirewallRuleGroup) AddRuleSet(ruleSet *HTTPFirewallRuleSet) {
+	this.Sets = append(this.Sets, ruleSet)
+}
diff --git a/pkg/serverconfigs/firewallconfigs/http_firewall_rule_group_ref.go b/pkg/serverconfigs/firewallconfigs/http_firewall_rule_group_ref.go
new file mode 100644
index 0000000..4503e84
--- /dev/null
+++ b/pkg/serverconfigs/firewallconfigs/http_firewall_rule_group_ref.go
@@ -0,0 +1,6 @@
+package firewallconfigs
+
+type HTTPFirewallRuleGroupRef struct {
+	IsOn    bool  `yaml:"isOn" json:"isOn"`
+	GroupId int64 `yaml:"groupId" json:"groupId"`
+}
diff --git a/pkg/serverconfigs/firewallconfigs/http_firewall_rule_operator.go b/pkg/serverconfigs/firewallconfigs/http_firewall_rule_operator.go
new file mode 100644
index 0000000..4d4acf4
--- /dev/null
+++ b/pkg/serverconfigs/firewallconfigs/http_firewall_rule_operator.go
@@ -0,0 +1,219 @@
+package firewallconfigs
+
+type HTTPFirewallRuleOperator = string
+type HTTPFirewallRuleCaseInsensitive = string
+
+const (
+	HTTPFirewallRuleOperatorGt           HTTPFirewallRuleOperator = "gt"
+	HTTPFirewallRuleOperatorGte          HTTPFirewallRuleOperator = "gte"
+	HTTPFirewallRuleOperatorLt           HTTPFirewallRuleOperator = "lt"
+	HTTPFirewallRuleOperatorLte          HTTPFirewallRuleOperator = "lte"
+	HTTPFirewallRuleOperatorEq           HTTPFirewallRuleOperator = "eq"
+	HTTPFirewallRuleOperatorNeq          HTTPFirewallRuleOperator = "neq"
+	HTTPFirewallRuleOperatorEqString     HTTPFirewallRuleOperator = "eq string"
+	HTTPFirewallRuleOperatorNeqString    HTTPFirewallRuleOperator = "neq string"
+	HTTPFirewallRuleOperatorMatch        HTTPFirewallRuleOperator = "match"
+	HTTPFirewallRuleOperatorNotMatch     HTTPFirewallRuleOperator = "not match"
+	HTTPFirewallRuleOperatorContains     HTTPFirewallRuleOperator = "contains"
+	HTTPFirewallRuleOperatorNotContains  HTTPFirewallRuleOperator = "not contains"
+	HTTPFirewallRuleOperatorPrefix       HTTPFirewallRuleOperator = "prefix"
+	HTTPFirewallRuleOperatorSuffix       HTTPFirewallRuleOperator = "suffix"
+	HTTPFirewallRuleOperatorHasKey       HTTPFirewallRuleOperator = "has key" // has key in slice or map
+	HTTPFirewallRuleOperatorVersionGt    HTTPFirewallRuleOperator = "version gt"
+	HTTPFirewallRuleOperatorVersionLt    HTTPFirewallRuleOperator = "version lt"
+	HTTPFirewallRuleOperatorVersionRange HTTPFirewallRuleOperator = "version range"
+
+	// ip
+	HTTPFirewallRuleOperatorEqIP       HTTPFirewallRuleOperator = "eq ip"
+	HTTPFirewallRuleOperatorGtIP       HTTPFirewallRuleOperator = "gt ip"
+	HTTPFirewallRuleOperatorGteIP      HTTPFirewallRuleOperator = "gte ip"
+	HTTPFirewallRuleOperatorLtIP       HTTPFirewallRuleOperator = "lt ip"
+	HTTPFirewallRuleOperatorLteIP      HTTPFirewallRuleOperator = "lte ip"
+	HTTPFirewallRuleOperatorIPRange    HTTPFirewallRuleOperator = "ip range"
+	HTTPFirewallRuleOperatorNotIPRange HTTPFirewallRuleOperator = "not ip range"
+	HTTPFirewallRuleOperatorIPMod10    HTTPFirewallRuleOperator = "ip mod 10"
+	HTTPFirewallRuleOperatorIPMod100   HTTPFirewallRuleOperator = "ip mod 100"
+	HTTPFirewallRuleOperatorIPMod      HTTPFirewallRuleOperator = "ip mod"
+
+	HTTPFirewallRuleCaseInsensitiveNone = "none"
+	HTTPFirewallRuleCaseInsensitiveYes  = "yes"
+	HTTPFirewallRuleCaseInsensitiveNo   = "no"
+)
+
+type RuleOperatorDefinition struct {
+	Name            string
+	Code            string
+	Description     string
+	CaseInsensitive HTTPFirewallRuleCaseInsensitive // default caseInsensitive setting
+}
+
+var AllRuleOperators = []*RuleOperatorDefinition{
+	{
+		Name:            "数值大于",
+		Code:            HTTPFirewallRuleOperatorGt,
+		Description:     "使用数值对比大于",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone,
+	},
+	{
+		Name:            "数值大于等于",
+		Code:            HTTPFirewallRuleOperatorGte,
+		Description:     "使用数值对比大于等于",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone,
+	},
+	{
+		Name:            "数值小于",
+		Code:            HTTPFirewallRuleOperatorLt,
+		Description:     "使用数值对比小于",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone,
+	},
+	{
+		Name:            "数值小于等于",
+		Code:            HTTPFirewallRuleOperatorLte,
+		Description:     "使用数值对比小于等于",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone,
+	},
+	{
+		Name:            "数值等于",
+		Code:            HTTPFirewallRuleOperatorEq,
+		Description:     "使用数值对比等于",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone,
+	},
+	{
+		Name:            "数值不等于",
+		Code:            HTTPFirewallRuleOperatorNeq,
+		Description:     "使用数值对比不等于",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone,
+	},
+	{
+		Name:            "字符串等于",
+		Code:            HTTPFirewallRuleOperatorEqString,
+		Description:     "使用字符串对比等于",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
+	},
+	{
+		Name:            "字符串不等于",
+		Code:            HTTPFirewallRuleOperatorNeqString,
+		Description:     "使用字符串对比不等于",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
+	},
+	{
+		Name:            "正则匹配",
+		Code:            HTTPFirewallRuleOperatorMatch,
+		Description:     "使用正则表达式匹配，在头部使用(?i)表示不区分大小写，<a href=\"http://teaos.cn/doc/regexp/Regexp.md\" target=\"_blank\">正则表达式语法 &raquo;</a>",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveYes,
+	},
+	{
+		Name:            "正则不匹配",
+		Code:            HTTPFirewallRuleOperatorNotMatch,
+		Description:     "使用正则表达式不匹配，在头部使用(?i)表示不区分大小写，<a href=\"http://teaos.cn/doc/regexp/Regexp.md\" target=\"_blank\">正则表达式语法 &raquo;</a>",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveYes,
+	},
+	{
+		Name:            "包含字符串",
+		Code:            HTTPFirewallRuleOperatorContains,
+		Description:     "包含某个字符串",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
+	},
+	{
+		Name:            "不包含字符串",
+		Code:            HTTPFirewallRuleOperatorNotContains,
+		Description:     "不包含某个字符串",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
+	},
+	{
+		Name:            "包含前缀",
+		Code:            HTTPFirewallRuleOperatorPrefix,
+		Description:     "包含某个前缀",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
+	},
+	{
+		Name:            "包含后缀",
+		Code:            HTTPFirewallRuleOperatorSuffix,
+		Description:     "包含某个后缀",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
+	},
+	{
+		Name:            "包含索引",
+		Code:            HTTPFirewallRuleOperatorHasKey,
+		Description:     "对于一组数据拥有某个键值或者索引",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
+	},
+	{
+		Name:            "版本号大于",
+		Code:            HTTPFirewallRuleOperatorVersionGt,
+		Description:     "对比版本号大于",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
+	},
+	{
+		Name:            "版本号小于",
+		Code:            HTTPFirewallRuleOperatorVersionLt,
+		Description:     "对比版本号小于",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
+	},
+	{
+		Name:            "版本号范围",
+		Code:            HTTPFirewallRuleOperatorVersionRange,
+		Description:     "判断版本号在某个范围内，格式为version1,version2",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
+	},
+	{
+		Name:            "IP等于",
+		Code:            HTTPFirewallRuleOperatorEqIP,
+		Description:     "将参数转换为IP进行对比",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
+	},
+	{
+		Name:            "IP大于",
+		Code:            HTTPFirewallRuleOperatorGtIP,
+		Description:     "将参数转换为IP进行对比",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
+	},
+	{
+		Name:            "IP大于等于",
+		Code:            HTTPFirewallRuleOperatorGteIP,
+		Description:     "将参数转换为IP进行对比",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
+	},
+	{
+		Name:            "IP小于",
+		Code:            HTTPFirewallRuleOperatorLtIP,
+		Description:     "将参数转换为IP进行对比",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
+	},
+	{
+		Name:            "IP小于等于",
+		Code:            HTTPFirewallRuleOperatorLteIP,
+		Description:     "将参数转换为IP进行对比",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
+	},
+	{
+		Name:            "IP范围",
+		Code:            HTTPFirewallRuleOperatorIPRange,
+		Description:     "IP在某个范围之内，范围格式可以是英文逗号分隔的ip1,ip2，或者CIDR格式的ip/bits",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
+	},
+	{
+		Name:            "不在IP范围",
+		Code:            HTTPFirewallRuleOperatorNotIPRange,
+		Description:     "IP不在某个范围之内，范围格式可以是英文逗号分隔的ip1,ip2，或者CIDR格式的ip/bits",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
+	},
+	{
+		Name:            "IP取模10",
+		Code:            HTTPFirewallRuleOperatorIPMod10,
+		Description:     "对IP参数值取模，除数为10，对比值为余数",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
+	},
+	{
+		Name:            "IP取模100",
+		Code:            HTTPFirewallRuleOperatorIPMod100,
+		Description:     "对IP参数值取模，除数为100，对比值为余数",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
+	},
+	{
+		Name:            "IP取模",
+		Code:            HTTPFirewallRuleOperatorIPMod,
+		Description:     "对IP参数值取模，对比值格式为：除数,余数，比如10,1",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
+	},
+}
diff --git a/pkg/serverconfigs/firewallconfigs/http_firewall_rule_operator_test.go b/pkg/serverconfigs/firewallconfigs/http_firewall_rule_operator_test.go
new file mode 100644
index 0000000..cdeef45
--- /dev/null
+++ b/pkg/serverconfigs/firewallconfigs/http_firewall_rule_operator_test.go
@@ -0,0 +1,19 @@
+package firewallconfigs
+
+import (
+	"fmt"
+	"strings"
+	"testing"
+)
+
+func TestRuleOperator_Markdown(t *testing.T) {
+	result := []string{}
+	for _, def := range AllRuleOperators {
+		row := "## " + def.Name + "\n"
+		row += "符号：`" + def.Code + "`\n"
+		row += "描述：" + def.Description + "\n"
+		result = append(result, row)
+	}
+
+	fmt.Print(strings.Join(result, "\n") + "\n")
+}
diff --git a/pkg/serverconfigs/firewallconfigs/http_firewall_rule_ref.go b/pkg/serverconfigs/firewallconfigs/http_firewall_rule_ref.go
new file mode 100644
index 0000000..ee9d59a
--- /dev/null
+++ b/pkg/serverconfigs/firewallconfigs/http_firewall_rule_ref.go
@@ -0,0 +1,6 @@
+package firewallconfigs
+
+type HTTPFirewallRuleRef struct {
+	IsOn   bool  `yaml:"isOn" json:"isOn"`
+	RuleId int64 `yaml:"ruleId" json:"ruleId"`
+}
diff --git a/pkg/serverconfigs/firewallconfigs/http_firewall_rule_set.go b/pkg/serverconfigs/firewallconfigs/http_firewall_rule_set.go
new file mode 100644
index 0000000..b78b7f1
--- /dev/null
+++ b/pkg/serverconfigs/firewallconfigs/http_firewall_rule_set.go
@@ -0,0 +1,33 @@
+package firewallconfigs
+
+import "github.com/iwind/TeaGo/maps"
+
+// 规则集定义
+type HTTPFirewallRuleSet struct {
+	Id            int64                  `yaml:"id" json:"id"`
+	IsOn          bool                   `yaml:"isOn" json:"isOn"`
+	Name          string                 `yaml:"name" json:"name"`
+	Code          string                 `yaml:"code" json:"code"`
+	Description   string                 `yaml:"description" json:"description"`
+	Connector     string                 `yaml:"connector" json:"connector"`
+	RuleRefs      []*HTTPFirewallRuleRef `yaml:"ruleRefs" json:"ruleRefs"`
+	Rules         []*HTTPFirewallRule    `yaml:"rules" json:"rules"`
+	Action        string                 `yaml:"action" json:"action"`
+	ActionOptions maps.Map               `yaml:"actionOptions" json:"actionOptions"`
+}
+
+// 初始化
+func (this *HTTPFirewallRuleSet) Init() error {
+	for _, rule := range this.Rules {
+		err := rule.Init()
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// 添加规则
+func (this *HTTPFirewallRuleSet) AddRule(rule *HTTPFirewallRule) {
+	this.Rules = append(this.Rules, rule)
+}
diff --git a/pkg/serverconfigs/firewallconfigs/http_firewall_rule_set_ref.go b/pkg/serverconfigs/firewallconfigs/http_firewall_rule_set_ref.go
new file mode 100644
index 0000000..775965f
--- /dev/null
+++ b/pkg/serverconfigs/firewallconfigs/http_firewall_rule_set_ref.go
@@ -0,0 +1,6 @@
+package firewallconfigs
+
+type HTTPFirewallRuleSetRef struct {
+	IsOn  bool  `yaml:"isOn" json:"isOn"`
+	SetId int64 `yaml:"setId" json:"setId"`
+}
diff --git a/pkg/serverconfigs/firewallconfigs/http_firewall_template.go b/pkg/serverconfigs/firewallconfigs/http_firewall_template.go
new file mode 100644
index 0000000..2d9ef53
--- /dev/null
+++ b/pkg/serverconfigs/firewallconfigs/http_firewall_template.go
@@ -0,0 +1,511 @@
+package firewallconfigs
+
+type HTTPFirewallRuleConnector = string
+
+const (
+	HTTPFirewallRuleConnectorAnd = "and"
+	HTTPFirewallRuleConnectorOr  = "or"
+)
+
+func HTTPFirewallTemplate() *HTTPFirewallPolicy {
+	policy := &HTTPFirewallPolicy{}
+	policy.IsOn = true
+	policy.Inbound = &HTTPFirewallInboundConfig{}
+	policy.Outbound = &HTTPFirewallOutboundConfig{}
+
+	// black list
+	{
+		group := &HTTPFirewallRuleGroup{}
+		group.IsOn = false
+		group.Name = "白名单"
+		group.Code = "whiteList"
+		group.Description = "在此名单中的IP地址可以直接跳过防火墙设置"
+
+		{
+
+			set := &HTTPFirewallRuleSet{}
+			set.IsOn = true
+			set.Name = "IP白名单"
+			set.Code = "9001"
+			set.Connector = HTTPFirewallRuleConnectorOr
+			set.Action = HTTPFirewallActionAllow
+			set.AddRule(&HTTPFirewallRule{
+				IsOn:              true,
+				Param:             "${remoteAddr}",
+				Operator:          HTTPFirewallRuleOperatorMatch,
+				Value:             `127\.0\.0\.1|0\.0\.0\.0`,
+				IsCaseInsensitive: false,
+			})
+			group.AddRuleSet(set)
+		}
+
+		policy.Inbound.Groups = append(policy.Inbound.Groups, group)
+	}
+
+	// black list
+	{
+		group := &HTTPFirewallRuleGroup{}
+		group.IsOn = false
+		group.Name = "黑名单"
+		group.Code = "blackList"
+		group.Description = "在此名单中的IP地址直接阻止"
+
+		{
+
+			set := &HTTPFirewallRuleSet{}
+			set.IsOn = true
+			set.Name = "IP黑名单"
+			set.Code = "10001"
+			set.Connector = HTTPFirewallRuleConnectorOr
+			set.Action = HTTPFirewallActionBlock
+			set.AddRule(&HTTPFirewallRule{
+				IsOn:              true,
+				Param:             "${remoteAddr}",
+				Operator:          HTTPFirewallRuleOperatorMatch,
+				Value:             `1\.1\.1\.1|2\.2\.2\.2`,
+				IsCaseInsensitive: false,
+			})
+			group.AddRuleSet(set)
+		}
+
+		policy.Inbound.Groups = append(policy.Inbound.Groups, group)
+	}
+
+	// xss
+	{
+		group := &HTTPFirewallRuleGroup{}
+		group.IsOn = true
+		group.Name = "XSS"
+		group.Code = "xss"
+		group.Description = "防跨站脚本攻击（Cross Site Scripting）"
+
+		{
+			set := &HTTPFirewallRuleSet{}
+			set.IsOn = true
+			set.Name = "Javascript事件"
+			set.Code = "1001"
+			set.Connector = HTTPFirewallRuleConnectorOr
+			set.Action = HTTPFirewallActionBlock
+			set.AddRule(&HTTPFirewallRule{
+				IsOn:              true,
+				Param:             "${requestURI}",
+				Operator:          HTTPFirewallRuleOperatorMatch,
+				Value:             `(onmouseover|onmousemove|onmousedown|onmouseup|onerror|onload|onclick|ondblclick|onkeydown|onkeyup|onkeypress)\s*=`, // TODO more keywords here
+				IsCaseInsensitive: true,
+			})
+			group.AddRuleSet(set)
+		}
+
+		{
+			set := &HTTPFirewallRuleSet{}
+			set.IsOn = true
+			set.Name = "Javascript函数"
+			set.Code = "1002"
+			set.Connector = HTTPFirewallRuleConnectorOr
+			set.Action = HTTPFirewallActionBlock
+			set.AddRule(&HTTPFirewallRule{
+				IsOn:              true,
+				Param:             "${requestURI}",
+				Operator:          HTTPFirewallRuleOperatorMatch,
+				Value:             `(alert|eval|prompt|confirm)\s*\(`, // TODO more keywords here
+				IsCaseInsensitive: true,
+			})
+			group.AddRuleSet(set)
+		}
+
+		{
+			set := &HTTPFirewallRuleSet{}
+			set.IsOn = true
+			set.Name = "HTML标签"
+			set.Code = "1003"
+			set.Connector = HTTPFirewallRuleConnectorOr
+			set.Action = HTTPFirewallActionBlock
+			set.AddRule(&HTTPFirewallRule{
+				IsOn:              true,
+				Param:             "${requestURI}",
+				Operator:          HTTPFirewallRuleOperatorMatch,
+				Value:             `<(script|iframe|link)`, // TODO more keywords here
+				IsCaseInsensitive: true,
+			})
+			group.AddRuleSet(set)
+		}
+
+		policy.Inbound.Groups = append(policy.Inbound.Groups, group)
+	}
+
+	// upload
+	{
+		group := &HTTPFirewallRuleGroup{}
+		group.IsOn = true
+		group.Name = "文件上传"
+		group.Code = "upload"
+		group.Description = "防止上传可执行脚本文件到服务器"
+
+		{
+			set := &HTTPFirewallRuleSet{}
+			set.IsOn = true
+			set.Name = "上传文件扩展名"
+			set.Code = "2001"
+			set.Connector = HTTPFirewallRuleConnectorOr
+			set.Action = HTTPFirewallActionBlock
+			set.AddRule(&HTTPFirewallRule{
+				IsOn:              true,
+				Param:             "${requestUpload.ext}",
+				Operator:          HTTPFirewallRuleOperatorMatch,
+				Value:             `\.(php|jsp|aspx|asp|exe|asa|rb|py)\b`, // TODO more keywords here
+				IsCaseInsensitive: true,
+			})
+			group.AddRuleSet(set)
+		}
+
+		policy.Inbound.Groups = append(policy.Inbound.Groups, group)
+	}
+
+	// web shell
+	{
+		group := &HTTPFirewallRuleGroup{}
+		group.IsOn = true
+		group.Name = "Web Shell"
+		group.Code = "webShell"
+		group.Description = "防止远程执行服务器命令"
+
+		{
+			set := &HTTPFirewallRuleSet{}
+			set.IsOn = true
+			set.Name = "Web Shell"
+			set.Code = "3001"
+			set.Connector = HTTPFirewallRuleConnectorOr
+			set.Action = HTTPFirewallActionBlock
+			set.AddRule(&HTTPFirewallRule{
+				IsOn:              true,
+				Param:             "${requestAll}",
+				Operator:          HTTPFirewallRuleOperatorMatch,
+				Value:             `\b(eval|system|exec|execute|passthru|shell_exec|phpinfo)\s*\(`, // TODO more keywords here
+				IsCaseInsensitive: true,
+			})
+			group.AddRuleSet(set)
+		}
+
+		policy.Inbound.Groups = append(policy.Inbound.Groups, group)
+	}
+
+	// command injection
+	{
+		group := &HTTPFirewallRuleGroup{}
+		group.IsOn = true
+		group.Name = "命令注入"
+		group.Code = "commandInjection"
+
+		{
+			set := &HTTPFirewallRuleSet{}
+			set.IsOn = true
+			set.Name = "命令注入"
+			set.Code = "4001"
+			set.Connector = HTTPFirewallRuleConnectorOr
+			set.Action = HTTPFirewallActionBlock
+			set.AddRule(&HTTPFirewallRule{
+				IsOn:              true,
+				Param:             "${requestURI}",
+				Operator:          HTTPFirewallRuleOperatorMatch,
+				Value:             `\b(pwd|ls|ll|whoami|id|net\s+user)\s*$`, // TODO more keywords here
+				IsCaseInsensitive: false,
+			})
+			set.AddRule(&HTTPFirewallRule{
+				IsOn:              true,
+				Param:             "${requestBody}",
+				Operator:          HTTPFirewallRuleOperatorMatch,
+				Value:             `\b(pwd|ls|ll|whoami|id|net\s+user)\s*$`, // TODO more keywords here
+				IsCaseInsensitive: false,
+			})
+			group.AddRuleSet(set)
+		}
+
+		policy.Inbound.Groups = append(policy.Inbound.Groups, group)
+	}
+
+	// path traversal
+	{
+		group := &HTTPFirewallRuleGroup{}
+		group.IsOn = true
+		group.Name = "路径穿越"
+		group.Code = "pathTraversal"
+		group.Description = "防止读取网站目录之外的其他系统文件"
+
+		{
+			set := &HTTPFirewallRuleSet{}
+			set.IsOn = true
+			set.Name = "路径穿越"
+			set.Code = "5001"
+			set.Connector = HTTPFirewallRuleConnectorOr
+			set.Action = HTTPFirewallActionBlock
+			set.AddRule(&HTTPFirewallRule{
+				IsOn:              true,
+				Param:             "${requestURI}",
+				Operator:          HTTPFirewallRuleOperatorMatch,
+				Value:             `((\.+)(/+)){2,}`, // TODO more keywords here
+				IsCaseInsensitive: false,
+			})
+			group.AddRuleSet(set)
+		}
+
+		policy.Inbound.Groups = append(policy.Inbound.Groups, group)
+	}
+
+	// special dirs
+	{
+		group := &HTTPFirewallRuleGroup{}
+		group.IsOn = true
+		group.Name = "特殊目录"
+		group.Code = "denyDirs"
+		group.Description = "防止通过Web访问到一些特殊目录"
+
+		{
+			set := &HTTPFirewallRuleSet{}
+			set.IsOn = true
+			set.Name = "特殊目录"
+			set.Code = "6001"
+			set.Connector = HTTPFirewallRuleConnectorOr
+			set.Action = HTTPFirewallActionBlock
+			set.AddRule(&HTTPFirewallRule{
+				IsOn:              true,
+				Param:             "${requestPath}",
+				Operator:          HTTPFirewallRuleOperatorMatch,
+				Value:             `/\.(git|svn|htaccess|idea)\b`, // TODO more keywords here
+				IsCaseInsensitive: true,
+			})
+			group.AddRuleSet(set)
+		}
+
+		policy.Inbound.Groups = append(policy.Inbound.Groups, group)
+	}
+
+	// sql injection
+	{
+		group := &HTTPFirewallRuleGroup{}
+		group.IsOn = true
+		group.Name = "SQL注入"
+		group.Code = "sqlInjection"
+		group.Description = "防止SQL注入漏洞"
+
+		{
+			set := &HTTPFirewallRuleSet{}
+			set.IsOn = true
+			set.Name = "Union SQL Injection"
+			set.Code = "7001"
+			set.Connector = HTTPFirewallRuleConnectorOr
+			set.Action = HTTPFirewallActionBlock
+
+			set.AddRule(&HTTPFirewallRule{
+				IsOn:              true,
+				Param:             "${requestAll}",
+				Operator:          HTTPFirewallRuleOperatorMatch,
+				Value:             `union[\s/\*]+select`,
+				IsCaseInsensitive: true,
+			})
+
+			group.AddRuleSet(set)
+		}
+
+		{
+			set := &HTTPFirewallRuleSet{}
+			set.IsOn = true
+			set.Name = "SQL注释"
+			set.Code = "7002"
+			set.Connector = HTTPFirewallRuleConnectorOr
+			set.Action = HTTPFirewallActionBlock
+
+			set.AddRule(&HTTPFirewallRule{
+				IsOn:              true,
+				Param:             "${requestAll}",
+				Operator:          HTTPFirewallRuleOperatorMatch,
+				Value:             `/\*(!|\x00)`,
+				IsCaseInsensitive: true,
+			})
+
+			group.AddRuleSet(set)
+		}
+
+		{
+			set := &HTTPFirewallRuleSet{}
+			set.IsOn = true
+			set.Name = "SQL条件"
+			set.Code = "7003"
+			set.Connector = HTTPFirewallRuleConnectorOr
+			set.Action = HTTPFirewallActionBlock
+
+			set.AddRule(&HTTPFirewallRule{
+				IsOn:              true,
+				Param:             "${requestAll}",
+				Operator:          HTTPFirewallRuleOperatorMatch,
+				Value:             `\s(and|or|rlike)\s+(if|updatexml)\s*\(`,
+				IsCaseInsensitive: true,
+			})
+			set.AddRule(&HTTPFirewallRule{
+				IsOn:              true,
+				Param:             "${requestAll}",
+				Operator:          HTTPFirewallRuleOperatorMatch,
+				Value:             `\s+(and|or|rlike)\s+(select|case)\s+`,
+				IsCaseInsensitive: true,
+			})
+			set.AddRule(&HTTPFirewallRule{
+				IsOn:              true,
+				Param:             "${requestAll}",
+				Operator:          HTTPFirewallRuleOperatorMatch,
+				Value:             `\s+(and|or|procedure)\s+[\w\p{L}]+\s*=\s*[\w\p{L}]+(\s|$|--|#)`,
+				IsCaseInsensitive: true,
+			})
+			set.AddRule(&HTTPFirewallRule{
+				IsOn:              true,
+				Param:             "${requestAll}",
+				Operator:          HTTPFirewallRuleOperatorMatch,
+				Value:             `\(\s*case\s+when\s+[\w\p{L}]+\s*=\s*[\w\p{L}]+\s+then\s+`,
+				IsCaseInsensitive: true,
+			})
+
+			group.AddRuleSet(set)
+		}
+
+		{
+			set := &HTTPFirewallRuleSet{}
+			set.IsOn = true
+			set.Name = "SQL函数"
+			set.Code = "7004"
+			set.Connector = HTTPFirewallRuleConnectorOr
+			set.Action = HTTPFirewallActionBlock
+
+			set.AddRule(&HTTPFirewallRule{
+				IsOn:              true,
+				Param:             "${requestAll}",
+				Operator:          HTTPFirewallRuleOperatorMatch,
+				Value:             `(updatexml|extractvalue|ascii|ord|char|chr|count|concat|rand|floor|substr|length|len|user|database|benchmark|analyse)\s*\(`,
+				IsCaseInsensitive: true,
+			})
+
+			group.AddRuleSet(set)
+		}
+
+		{
+			set := &HTTPFirewallRuleSet{}
+			set.IsOn = true
+			set.Name = "SQL附加语句"
+			set.Code = "7005"
+			set.Connector = HTTPFirewallRuleConnectorOr
+			set.Action = HTTPFirewallActionBlock
+
+			set.AddRule(&HTTPFirewallRule{
+				IsOn:              true,
+				Param:             "${requestAll}",
+				Operator:          HTTPFirewallRuleOperatorMatch,
+				Value:             `;\s*(declare|use|drop|create|exec|delete|update|insert)\s`,
+				IsCaseInsensitive: true,
+			})
+
+			group.AddRuleSet(set)
+		}
+
+		policy.Inbound.Groups = append(policy.Inbound.Groups, group)
+	}
+
+	// bot
+	{
+		group := &HTTPFirewallRuleGroup{}
+		group.IsOn = true
+		group.Name = "网络爬虫"
+		group.Code = "bot"
+		group.Description = "禁止一些网络爬虫"
+
+		{
+			set := &HTTPFirewallRuleSet{}
+			set.IsOn = true
+			set.Name = "常见网络爬虫"
+			set.Code = "20001"
+			set.Connector = HTTPFirewallRuleConnectorOr
+			set.Action = HTTPFirewallActionBlock
+
+			set.AddRule(&HTTPFirewallRule{
+				IsOn:              true,
+				Param:             "${userAgent}",
+				Operator:          HTTPFirewallRuleOperatorMatch,
+				Value:             `Googlebot|AdsBot|bingbot|BingPreview|facebookexternalhit|Slurp|Sogou|proximic|Baiduspider|yandex|twitterbot|spider|python`,
+				IsCaseInsensitive: true,
+			})
+
+			group.AddRuleSet(set)
+		}
+
+		policy.Inbound.Groups = append(policy.Inbound.Groups, group)
+	}
+
+	// cc
+	{
+		group := &HTTPFirewallRuleGroup{}
+		group.IsOn = true
+		group.Name = "CC攻击"
+		group.Description = "Challenge Collapsar，防止短时间大量请求涌入，请谨慎开启和设置"
+		group.Code = "cc"
+
+		{
+			set := &HTTPFirewallRuleSet{}
+			set.IsOn = true
+			set.Name = "CC请求数"
+			set.Description = "限制单IP在一定时间内的请求数"
+			set.Code = "8001"
+			set.Connector = HTTPFirewallRuleConnectorAnd
+			set.Action = HTTPFirewallActionBlock
+			set.AddRule(&HTTPFirewallRule{
+				IsOn:     true,
+				Param:    "${cc.requests}",
+				Operator: HTTPFirewallRuleOperatorGt,
+				Value:    "1000",
+				CheckpointOptions: map[string]interface{}{
+					"period": "60",
+				},
+				IsCaseInsensitive: false,
+			})
+			set.AddRule(&HTTPFirewallRule{
+				IsOn:              true,
+				Param:             "${remoteAddr}",
+				Operator:          HTTPFirewallRuleOperatorNotIPRange,
+				Value:             `127.0.0.1/8`,
+				IsCaseInsensitive: false,
+			})
+			set.AddRule(&HTTPFirewallRule{
+				IsOn:              true,
+				Param:             "${remoteAddr}",
+				Operator:          HTTPFirewallRuleOperatorNotIPRange,
+				Value:             `192.168.0.1/16`,
+				IsCaseInsensitive: false,
+			})
+			set.AddRule(&HTTPFirewallRule{
+				IsOn:              true,
+				Param:             "${remoteAddr}",
+				Operator:          HTTPFirewallRuleOperatorNotIPRange,
+				Value:             `10.0.0.1/8`,
+				IsCaseInsensitive: false,
+			})
+			set.AddRule(&HTTPFirewallRule{
+				IsOn:              true,
+				Param:             "${remoteAddr}",
+				Operator:          HTTPFirewallRuleOperatorNotIPRange,
+				Value:             `172.16.0.1/12`,
+				IsCaseInsensitive: false,
+			})
+
+			group.AddRuleSet(set)
+		}
+
+		policy.Inbound.Groups = append(policy.Inbound.Groups, group)
+	}
+
+	// custom
+	{
+		group := &HTTPFirewallRuleGroup{}
+		group.IsOn = true
+		group.Name = "自定义规则分组"
+		group.Description = "我的自定义规则分组，可以将自定义的规则放在这个分组下"
+		group.Code = "custom"
+		policy.Inbound.Groups = append(policy.Inbound.Groups, group)
+	}
+
+	return policy
+}
diff --git a/pkg/serverconfigs/http_web_config.go b/pkg/serverconfigs/http_web_config.go
index bda1940..8bc18aa 100644
--- a/pkg/serverconfigs/http_web_config.go
+++ b/pkg/serverconfigs/http_web_config.go
@@ -1,28 +1,32 @@
 package serverconfigs
 
-import "github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/shared"
+import (
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/shared"
+)
 
 type HTTPWebConfig struct {
-	Id                 int64                      `yaml:"id" json:"id"`                                 // ID
-	IsOn               bool                       `yaml:"isOn" json:"isOn"`                             // 是否启用
-	Locations          []*HTTPLocationConfig      `yaml:"locations" json:"locations"`                   // 路径规则 TODO
-	LocationRefs       []*HTTPLocationRef         `yaml:"locationRefs" json:"locationRefs"`             // 路径规则应用
-	GzipRef            *HTTPGzipRef               `yaml:"gzipRef" json:"gzipRef"`                       // Gzip引用
-	Gzip               *HTTPGzipConfig            `yaml:"gzip" json:"gzip"`                             // Gzip配置
-	Charset            *HTTPCharsetConfig         `yaml:"charset" json:"charset"`                       // 字符编码
-	Shutdown           *HTTPShutdownConfig        `yaml:"shutdown" json:"shutdown"`                     // 临时关闭配置
-	Pages              []*HTTPPageConfig          `yaml:"pages" json:"pages"`                           // 特殊页面配置
-	RedirectToHttps    *HTTPRedirectToHTTPSConfig `yaml:"redirectToHTTPS" json:"redirectToHTTPS"`       // 是否自动跳转到Https
-	Root               *HTTPRootConfig            `yaml:"root" json:"root"`                             // 资源根目录 TODO
-	MaxRequestBodySize string                     `yaml:"maxRequestBodySize" json:"maxRequestBodySize"` // 请求body最大尺寸 TODO 需要实现
-	AccessLogRef       *HTTPAccessLogRef          `yaml:"accessLog" json:"accessLog"`                   // 访问日志配置
-	StatRef            *HTTPStatRef               `yaml:"statRef" json:"statRef"`                       // 统计配置
-	Cache              *HTTPCacheConfig           `yaml:"cache" json:"cache"`
-	FirewallRef        *HTTPFirewallRef           `yaml:"firewallRef" json:"firewallRef"`   // 防火墙设置
-	WebsocketRef       *HTTPWebsocketRef          `yaml:"websocketRef" json:"websocketRef"` // Websocket应用配置
-	Websocket          *HTTPWebsocketConfig       `yaml:"websocket" json:"websocket"`       // Websocket配置
-	RewriteRefs        []*HTTPRewriteRef          `yaml:"rewriteRefs" json:"rewriteRefs"`   // 重写规则配置
-	RewriteRules       []*HTTPRewriteRule         `yaml:"rewriteRules" json:"rewriteRules"` // 重写规则
+	Id                 int64                               `yaml:"id" json:"id"`                                 // ID
+	IsOn               bool                                `yaml:"isOn" json:"isOn"`                             // 是否启用
+	Locations          []*HTTPLocationConfig               `yaml:"locations" json:"locations"`                   // 路径规则 TODO
+	LocationRefs       []*HTTPLocationRef                  `yaml:"locationRefs" json:"locationRefs"`             // 路径规则应用
+	GzipRef            *HTTPGzipRef                        `yaml:"gzipRef" json:"gzipRef"`                       // Gzip引用
+	Gzip               *HTTPGzipConfig                     `yaml:"gzip" json:"gzip"`                             // Gzip配置
+	Charset            *HTTPCharsetConfig                  `yaml:"charset" json:"charset"`                       // 字符编码
+	Shutdown           *HTTPShutdownConfig                 `yaml:"shutdown" json:"shutdown"`                     // 临时关闭配置
+	Pages              []*HTTPPageConfig                   `yaml:"pages" json:"pages"`                           // 特殊页面配置
+	RedirectToHttps    *HTTPRedirectToHTTPSConfig          `yaml:"redirectToHTTPS" json:"redirectToHTTPS"`       // 是否自动跳转到Https
+	Root               *HTTPRootConfig                     `yaml:"root" json:"root"`                             // 资源根目录 TODO
+	MaxRequestBodySize string                              `yaml:"maxRequestBodySize" json:"maxRequestBodySize"` // 请求body最大尺寸 TODO 需要实现
+	AccessLogRef       *HTTPAccessLogRef                   `yaml:"accessLog" json:"accessLog"`                   // 访问日志配置
+	StatRef            *HTTPStatRef                        `yaml:"statRef" json:"statRef"`                       // 统计配置
+	Cache              *HTTPCacheConfig                    `yaml:"cache" json:"cache"`
+	FirewallRef        *firewallconfigs.HTTPFirewallRef    `yaml:"firewallRef" json:"firewallRef"`       // 防火墙设置
+	FirewallPolicy     *firewallconfigs.HTTPFirewallPolicy `yaml:"firewallPolicy" json:"firewallPolicy"` // 防火墙策略
+	WebsocketRef       *HTTPWebsocketRef                   `yaml:"websocketRef" json:"websocketRef"`     // Websocket应用配置
+	Websocket          *HTTPWebsocketConfig                `yaml:"websocket" json:"websocket"`           // Websocket配置
+	RewriteRefs        []*HTTPRewriteRef                   `yaml:"rewriteRefs" json:"rewriteRefs"`       // 重写规则配置
+	RewriteRules       []*HTTPRewriteRule                  `yaml:"rewriteRules" json:"rewriteRules"`     // 重写规则
 
 	RequestHeaderPolicyRef  *shared.HTTPHeaderPolicyRef `yaml:"requestHeaderPolicyRef" json:"requestHeaderPolicyRef"`   // 请求Header
 	RequestHeaderPolicy     *shared.HTTPHeaderPolicy    `yaml:"requestHeaderPolicy" json:"requestHeaderPolicy"`         // 请求Header策略
@@ -125,6 +129,12 @@ func (this *HTTPWebConfig) Init() error {
 			return err
 		}
 	}
+	if this.FirewallPolicy != nil {
+		err := this.FirewallPolicy.Init()
+		if err != nil {
+			return err
+		}
+	}
 
 	// websocket
 	if this.WebsocketRef != nil {
diff --git a/pkg/serverconfigs/shared/ip_range.go b/pkg/serverconfigs/shared/ip_range.go
new file mode 100644
index 0000000..5484594
--- /dev/null
+++ b/pkg/serverconfigs/shared/ip_range.go
@@ -0,0 +1,147 @@
+package shared
+
+import (
+	"bytes"
+	"errors"
+	"github.com/iwind/TeaGo/utils/string"
+	"net"
+	"regexp"
+	"strings"
+)
+
+// IP Range类型
+type IPRangeType = int
+
+const (
+	IPRangeTypeRange    IPRangeType = 1
+	IPRangeTypeCIDR     IPRangeType = 2
+	IPRangeTypeAll      IPRangeType = 3
+	IPRangeTypeWildcard IPRangeType = 4 // 通配符，可以使用*
+)
+
+// IP Range
+type IPRangeConfig struct {
+	Id string `yaml:"id" json:"id"`
+
+	Type IPRangeType `yaml:"type" json:"type"`
+
+	Param  string `yaml:"param" json:"param"`
+	CIDR   string `yaml:"cidr" json:"cidr"`
+	IPFrom string `yaml:"ipFrom" json:"ipFrom"`
+	IPTo   string `yaml:"ipTo" json:"ipTo"`
+
+	cidr   *net.IPNet
+	ipFrom net.IP
+	ipTo   net.IP
+	reg    *regexp.Regexp
+}
+
+// 获取新对象
+func NewIPRangeConfig() *IPRangeConfig {
+	return &IPRangeConfig{
+		Id: stringutil.Rand(16),
+	}
+}
+
+// 从字符串中分析
+func ParseIPRange(s string) (*IPRangeConfig, error) {
+	if len(s) == 0 {
+		return nil, errors.New("invalid ip range")
+	}
+
+	ipRange := &IPRangeConfig{}
+
+	if s == "*" || s == "all" || s == "ALL" || s == "0.0.0.0" {
+		ipRange.Type = IPRangeTypeAll
+		return ipRange, nil
+	}
+
+	if strings.Contains(s, "/") {
+		ipRange.Type = IPRangeTypeCIDR
+		ipRange.CIDR = strings.Replace(s, " ", "", -1)
+	} else if strings.Contains(s, "-") {
+		ipRange.Type = IPRangeTypeRange
+		pieces := strings.SplitN(s, "-", 2)
+		ipRange.IPFrom = strings.TrimSpace(pieces[0])
+		ipRange.IPTo = strings.TrimSpace(pieces[1])
+	} else if strings.Contains(s, ",") {
+		ipRange.Type = IPRangeTypeRange
+		pieces := strings.SplitN(s, ",", 2)
+		ipRange.IPFrom = strings.TrimSpace(pieces[0])
+		ipRange.IPTo = strings.TrimSpace(pieces[1])
+	} else if strings.Contains(s, "*") {
+		ipRange.Type = IPRangeTypeWildcard
+		s = "^" + strings.Replace(regexp.QuoteMeta(s), `\*`, `\d+`, -1) + "$"
+		ipRange.reg = regexp.MustCompile(s)
+	} else {
+		ipRange.Type = IPRangeTypeRange
+		ipRange.IPFrom = s
+		ipRange.IPTo = s
+	}
+
+	err := ipRange.Validate()
+	if err != nil {
+		return nil, err
+	}
+	return ipRange, nil
+}
+
+// 校验
+func (this *IPRangeConfig) Validate() error {
+	if this.Type == IPRangeTypeCIDR {
+		if len(this.CIDR) == 0 {
+			return errors.New("cidr should not be empty")
+		}
+
+		_, cidr, err := net.ParseCIDR(this.CIDR)
+		if err != nil {
+			return err
+		}
+		this.cidr = cidr
+	}
+
+	if this.Type == IPRangeTypeRange {
+		this.ipFrom = net.ParseIP(this.IPFrom)
+		this.ipTo = net.ParseIP(this.IPTo)
+
+		if this.ipFrom.To4() == nil && this.ipFrom.To16() == nil {
+			return errors.New("from ip should in IPv4 or IPV6 format")
+		}
+
+		if this.ipTo.To4() == nil && this.ipTo.To16() == nil {
+			return errors.New("to ip should in IPv4 or IPV6 format")
+		}
+	}
+
+	return nil
+}
+
+// 是否包含某个IP
+func (this *IPRangeConfig) Contains(ipString string) bool {
+	ip := net.ParseIP(ipString)
+	if ip.To4() == nil {
+		return false
+	}
+	if this.Type == IPRangeTypeCIDR {
+		if this.cidr == nil {
+			return false
+		}
+		return this.cidr.Contains(ip)
+	}
+	if this.Type == IPRangeTypeRange {
+		if this.ipFrom == nil || this.ipTo == nil {
+			return false
+		}
+		return bytes.Compare(ip, this.ipFrom) >= 0 && bytes.Compare(ip, this.ipTo) <= 0
+	}
+	if this.Type == IPRangeTypeWildcard {
+		if this.reg == nil {
+			return false
+		}
+		return this.reg.MatchString(ipString)
+	}
+	if this.Type == IPRangeTypeAll {
+		return true
+	}
+	return false
+}
diff --git a/pkg/serverconfigs/shared/ip_range_test.go b/pkg/serverconfigs/shared/ip_range_test.go
new file mode 100644
index 0000000..1046979
--- /dev/null
+++ b/pkg/serverconfigs/shared/ip_range_test.go
@@ -0,0 +1,125 @@
+package shared
+
+import (
+	"github.com/iwind/TeaGo/assert"
+	"testing"
+)
+
+func TestGeoConfig_Contains(t *testing.T) {
+	a := assert.NewAssertion(t)
+
+	{
+		geo := NewIPRangeConfig()
+		geo.Type = IPRangeTypeRange
+		geo.IPFrom = "192.168.1.100"
+		geo.IPTo = "192.168.1.110"
+		a.IsNil(geo.Validate())
+		a.IsTrue(geo.Contains("192.168.1.100"))
+		a.IsTrue(geo.Contains("192.168.1.101"))
+		a.IsTrue(geo.Contains("192.168.1.110"))
+		a.IsFalse(geo.Contains("192.168.1.111"))
+	}
+
+	{
+		geo := NewIPRangeConfig()
+		geo.Type = IPRangeTypeCIDR
+		geo.CIDR = "192.168.1.1/24"
+		a.IsNil(geo.Validate())
+		a.IsTrue(geo.Contains("192.168.1.100"))
+		a.IsFalse(geo.Contains("192.168.2.100"))
+	}
+
+	{
+		geo := NewIPRangeConfig()
+		geo.Type = IPRangeTypeCIDR
+		geo.CIDR = "192.168.1.1/16"
+		a.IsNil(geo.Validate())
+		a.IsTrue(geo.Contains("192.168.2.100"))
+	}
+}
+
+func TestParseIPRange(t *testing.T) {
+	a := assert.NewAssertion(t)
+
+	{
+		_, err := ParseIPRange("")
+		a.IsNotNil(err)
+	}
+
+	{
+		r, err := ParseIPRange("192.168.1.100")
+		a.IsNil(err)
+		a.IsTrue(r.IPFrom == r.IPTo)
+		a.IsTrue(r.IPFrom == "192.168.1.100")
+		a.IsTrue(r.Contains("192.168.1.100"))
+		a.IsFalse(r.Contains("192.168.1.99"))
+	}
+
+	{
+		r, err := ParseIPRange("192.168.1.100/24")
+		a.IsNil(err)
+		a.IsTrue(r.CIDR == "192.168.1.100/24")
+		a.IsTrue(r.Contains("192.168.1.100"))
+		a.IsTrue(r.Contains("192.168.1.99"))
+		a.IsFalse(r.Contains("192.168.2.100"))
+	}
+
+	{
+		r, err := ParseIPRange("192.168.1.100, 192.168.1.200")
+		a.IsNil(err)
+		a.IsTrue(r.IPFrom == "192.168.1.100")
+		a.IsTrue(r.IPTo == "192.168.1.200")
+		a.IsTrue(r.Contains("192.168.1.100"))
+		a.IsTrue(r.Contains("192.168.1.150"))
+		a.IsFalse(r.Contains("192.168.2.100"))
+	}
+
+	{
+		r, err := ParseIPRange("192.168.1.100-192.168.1.200")
+		a.IsNil(err)
+		a.IsTrue(r.IPFrom == "192.168.1.100")
+		a.IsTrue(r.IPTo == "192.168.1.200")
+		a.IsTrue(r.Contains("192.168.1.100"))
+		a.IsTrue(r.Contains("192.168.1.150"))
+		a.IsFalse(r.Contains("192.168.2.100"))
+	}
+
+	{
+		r, err := ParseIPRange("all")
+		a.IsNil(err)
+		a.IsTrue(r.Type == IPRangeTypeAll)
+		a.IsTrue(r.Contains("192.168.1.100"))
+		a.IsTrue(r.Contains("192.168.1.150"))
+		a.IsTrue(r.Contains("192.168.2.100"))
+	}
+
+	{
+		r, err := ParseIPRange("192.168.1.*")
+		a.IsNil(err)
+		if r != nil {
+			a.IsTrue(r.Type == IPRangeTypeWildcard)
+			a.IsTrue(r.Contains("192.168.1.100"))
+			a.IsFalse(r.Contains("192.168.2.100"))
+		}
+	}
+
+	{
+		r, err := ParseIPRange("192.168.*.*")
+		a.IsNil(err)
+		if r != nil {
+			a.IsTrue(r.Type == IPRangeTypeWildcard)
+			a.IsTrue(r.Contains("192.168.1.100"))
+			a.IsTrue(r.Contains("192.168.2.100"))
+		}
+	}
+}
+
+func BenchmarkIPRangeConfig_Contains(b *testing.B) {
+	r, err := ParseIPRange("192.168.1.*")
+	if err != nil {
+		b.Fatal(err)
+	}
+	for i := 0; i < b.N; i++ {
+		_ = r.Contains("192.168.1.100")
+	}
+}