实现WAF策略部分功能

pkg/rpc/pb/model_http_firewall_policy.pb.go

@@ -33,6 +33,9 @@ type HTTPFirewallPolicy struct {
 	Id           int64  `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"`
 	Name         string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
 	IsOn         bool   `protobuf:"varint,3,opt,name=isOn,proto3" json:"isOn,omitempty"`
+	Description  string `protobuf:"bytes,4,opt,name=description,proto3" json:"description,omitempty"`
+	InboundJSON  []byte `protobuf:"bytes,5,opt,name=inboundJSON,proto3" json:"inboundJSON,omitempty"`
+	OutboundJSON []byte `protobuf:"bytes,6,opt,name=outboundJSON,proto3" json:"outboundJSON,omitempty"`
 }
 
 func (x *HTTPFirewallPolicy) Reset() {
@@ -88,18 +91,45 @@ func (x *HTTPFirewallPolicy) GetIsOn() bool {
 	return false
 }
 
+func (x *HTTPFirewallPolicy) GetDescription() string {
+	if x != nil {
+		return x.Description
+	}
+	return ""
+}
+
+func (x *HTTPFirewallPolicy) GetInboundJSON() []byte {
+	if x != nil {
+		return x.InboundJSON
+	}
+	return nil
+}
+
+func (x *HTTPFirewallPolicy) GetOutboundJSON() []byte {
+	if x != nil {
+		return x.OutboundJSON
+	}
+	return nil
+}
+
 var File_model_http_firewall_policy_proto protoreflect.FileDescriptor
 
 var file_model_http_firewall_policy_proto_rawDesc = []byte{
 	0x0a, 0x20, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x5f, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x66, 0x69, 0x72,
 	0x65, 0x77, 0x61, 0x6c, 0x6c, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x12, 0x02, 0x70, 0x62, 0x22, 0x4c, 0x0a, 0x12, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69,
+	0x74, 0x6f, 0x12, 0x02, 0x70, 0x62, 0x22, 0xb4, 0x01, 0x0a, 0x12, 0x48, 0x54, 0x54, 0x50, 0x46,
-	0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x0e, 0x0a, 0x02,
+	0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x0e, 0x0a,
-	0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x02, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04,
+	0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x02, 0x69, 0x64, 0x12, 0x12, 0x0a,
-	0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65,
+	0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d,
-	0x12, 0x12, 0x0a, 0x04, 0x69, 0x73, 0x4f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x04,
+	0x65, 0x12, 0x12, 0x0a, 0x04, 0x69, 0x73, 0x4f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52,
-	0x69, 0x73, 0x4f, 0x6e, 0x42, 0x06, 0x5a, 0x04, 0x2e, 0x2f, 0x70, 0x62, 0x62, 0x06, 0x70, 0x72,
+	0x04, 0x69, 0x73, 0x4f, 0x6e, 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70,
-	0x6f, 0x74, 0x6f, 0x33,
+	0x74, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x63,
+	0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x20, 0x0a, 0x0b, 0x69, 0x6e, 0x62, 0x6f, 0x75,
+	0x6e, 0x64, 0x4a, 0x53, 0x4f, 0x4e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0b, 0x69, 0x6e,
+	0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4a, 0x53, 0x4f, 0x4e, 0x12, 0x22, 0x0a, 0x0c, 0x6f, 0x75, 0x74,
+	0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4a, 0x53, 0x4f, 0x4e, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0c, 0x52,
+	0x0c, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4a, 0x53, 0x4f, 0x4e, 0x42, 0x06, 0x5a,
+	0x04, 0x2e, 0x2f, 0x70, 0x62, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (

pkg/rpc/pb/service_server.pb.go

@@ -1872,6 +1872,101 @@ func (x *FindAllEnabledServersWithCachePolicyIdResponse) GetServers() []*Server
 	return nil
 }
 
+// 计算使用某个WAF策略的服务数量
+type CountAllEnabledServersWithHTTPFirewallPolicyIdRequest struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	FirewallPolicyId int64 `protobuf:"varint,1,opt,name=firewallPolicyId,proto3" json:"firewallPolicyId,omitempty"`
+}
+
+func (x *CountAllEnabledServersWithHTTPFirewallPolicyIdRequest) Reset() {
+	*x = CountAllEnabledServersWithHTTPFirewallPolicyIdRequest{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_service_server_proto_msgTypes[34]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *CountAllEnabledServersWithHTTPFirewallPolicyIdRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*CountAllEnabledServersWithHTTPFirewallPolicyIdRequest) ProtoMessage() {}
+
+func (x *CountAllEnabledServersWithHTTPFirewallPolicyIdRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_service_server_proto_msgTypes[34]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use CountAllEnabledServersWithHTTPFirewallPolicyIdRequest.ProtoReflect.Descriptor instead.
+func (*CountAllEnabledServersWithHTTPFirewallPolicyIdRequest) Descriptor() ([]byte, []int) {
+	return file_service_server_proto_rawDescGZIP(), []int{34}
+}
+
+func (x *CountAllEnabledServersWithHTTPFirewallPolicyIdRequest) GetFirewallPolicyId() int64 {
+	if x != nil {
+		return x.FirewallPolicyId
+	}
+	return 0
+}
+
+type CountAllEnabledServersWithHTTPFirewallPolicyIdResponse struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Count int64 `protobuf:"varint,1,opt,name=count,proto3" json:"count,omitempty"`
+}
+
+func (x *CountAllEnabledServersWithHTTPFirewallPolicyIdResponse) Reset() {
+	*x = CountAllEnabledServersWithHTTPFirewallPolicyIdResponse{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_service_server_proto_msgTypes[35]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *CountAllEnabledServersWithHTTPFirewallPolicyIdResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*CountAllEnabledServersWithHTTPFirewallPolicyIdResponse) ProtoMessage() {}
+
+func (x *CountAllEnabledServersWithHTTPFirewallPolicyIdResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_service_server_proto_msgTypes[35]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use CountAllEnabledServersWithHTTPFirewallPolicyIdResponse.ProtoReflect.Descriptor instead.
+func (*CountAllEnabledServersWithHTTPFirewallPolicyIdResponse) Descriptor() ([]byte, []int) {
+	return file_service_server_proto_rawDescGZIP(), []int{35}
+}
+
+func (x *CountAllEnabledServersWithHTTPFirewallPolicyIdResponse) GetCount() int64 {
+	if x != nil {
+		return x.Count
+	}
+	return 0
+}
+
 var File_service_server_proto protoreflect.FileDescriptor
 
 var file_service_server_proto_rawDesc = []byte{
@@ -2066,136 +2161,158 @@ var file_service_server_proto_rawDesc = []byte{
 	0x68, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
 	0x73, 0x65, 0x12, 0x24, 0x0a, 0x07, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20,
 	0x03, 0x28, 0x0b, 0x32, 0x0a, 0x2e, 0x70, 0x62, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52,
-	0x07, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x32, 0xfe, 0x0f, 0x0a, 0x0d, 0x53, 0x65, 0x72,
+	0x07, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x22, 0x63, 0x0a, 0x35, 0x43, 0x6f, 0x75, 0x6e,
-	0x76, 0x65, 0x72, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x41, 0x0a, 0x0c, 0x63, 0x72,
+	0x74, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65,
-	0x65, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x12, 0x17, 0x2e, 0x70, 0x62, 0x2e,
+	0x72, 0x73, 0x57, 0x69, 0x74, 0x68, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61,
-	0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75,
+	0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
-	0x65, 0x73, 0x74, 0x1a, 0x18, 0x2e, 0x70, 0x62, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x53,
+	0x74, 0x12, 0x2a, 0x0a, 0x10, 0x66, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c,
-	0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x47, 0x0a,
+	0x69, 0x63, 0x79, 0x49, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x10, 0x66, 0x69, 0x72,
-	0x11, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x42, 0x61, 0x73,
+	0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49, 0x64, 0x22, 0x4e, 0x0a,
-	0x69, 0x63, 0x12, 0x1c, 0x2e, 0x70, 0x62, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65,
+	0x36, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64,
-	0x72, 0x76, 0x65, 0x72, 0x42, 0x61, 0x73, 0x69, 0x63, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
+	0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69, 0x74, 0x68, 0x48, 0x54, 0x54, 0x50, 0x46,
-	0x1a, 0x14, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53,
+	0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49, 0x64, 0x52,
-	0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x45, 0x0a, 0x10, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65,
+	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x63, 0x6f, 0x75, 0x6e, 0x74,
-	0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x48, 0x54, 0x54, 0x50, 0x12, 0x1b, 0x2e, 0x70, 0x62, 0x2e,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x05, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x32, 0xa8, 0x11,
-	0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x48, 0x54, 0x54, 0x50,
+	0x0a, 0x0d, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12,
-	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43,
+	0x41, 0x0a, 0x0c, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x12,
-	0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x47, 0x0a,
+	0x17, 0x2e, 0x70, 0x62, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65,
-	0x11, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x48, 0x54, 0x54,
+	0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x18, 0x2e, 0x70, 0x62, 0x2e, 0x43, 0x72,
-	0x50, 0x53, 0x12, 0x1c, 0x2e, 0x70, 0x62, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65,
+	0x65, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
-	0x72, 0x76, 0x65, 0x72, 0x48, 0x54, 0x54, 0x50, 0x53, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
+	0x73, 0x65, 0x12, 0x47, 0x0a, 0x11, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76,
-	0x1a, 0x14, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53,
+	0x65, 0x72, 0x42, 0x61, 0x73, 0x69, 0x63, 0x12, 0x1c, 0x2e, 0x70, 0x62, 0x2e, 0x55, 0x70, 0x64,
-	0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x43, 0x0a, 0x0f, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65,
+	0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x42, 0x61, 0x73, 0x69, 0x63, 0x52, 0x65,
-	0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x43, 0x50, 0x12, 0x1a, 0x2e, 0x70, 0x62, 0x2e, 0x55,
+	0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x55, 0x70,
-	0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x43, 0x50, 0x52, 0x65,
+	0x64, 0x61, 0x74, 0x65, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x45, 0x0a, 0x10, 0x75,
+	0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x48, 0x54, 0x54, 0x50, 0x12,
+	0x1b, 0x2e, 0x70, 0x62, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65,
+	0x72, 0x48, 0x54, 0x54, 0x50, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x70,
+	0x62, 0x2e, 0x52, 0x50, 0x43, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x75, 0x63, 0x63, 0x65,
+	0x73, 0x73, 0x12, 0x47, 0x0a, 0x11, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76,
+	0x65, 0x72, 0x48, 0x54, 0x54, 0x50, 0x53, 0x12, 0x1c, 0x2e, 0x70, 0x62, 0x2e, 0x55, 0x70, 0x64,
+	0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x48, 0x54, 0x54, 0x50, 0x53, 0x52, 0x65,
 	0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x55, 0x70,
 	0x64, 0x61, 0x74, 0x65, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x43, 0x0a, 0x0f, 0x75,
-	0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x4c, 0x53, 0x12, 0x1a,
+	0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x43, 0x50, 0x12, 0x1a,
 	0x2e, 0x70, 0x62, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72,
-	0x54, 0x4c, 0x53, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x70, 0x62, 0x2e,
+	0x54, 0x43, 0x50, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x70, 0x62, 0x2e,
 	0x52, 0x50, 0x43, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73,
-	0x12, 0x45, 0x0a, 0x10, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72,
+	0x12, 0x43, 0x0a, 0x0f, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72,
-	0x55, 0x6e, 0x69, 0x78, 0x12, 0x1b, 0x2e, 0x70, 0x62, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65,
+	0x54, 0x4c, 0x53, 0x12, 0x1a, 0x2e, 0x70, 0x62, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53,
-	0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x55, 0x6e, 0x69, 0x78, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
+	0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x4c, 0x53, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
-	0x74, 0x1a, 0x14, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65,
+	0x14, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x75,
-	0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x43, 0x0a, 0x0f, 0x75, 0x70, 0x64, 0x61, 0x74,
+	0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x45, 0x0a, 0x10, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53,
-	0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x55, 0x44, 0x50, 0x12, 0x1a, 0x2e, 0x70, 0x62, 0x2e,
+	0x65, 0x72, 0x76, 0x65, 0x72, 0x55, 0x6e, 0x69, 0x78, 0x12, 0x1b, 0x2e, 0x70, 0x62, 0x2e, 0x55,
-	0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x55, 0x44, 0x50, 0x52,
+	0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x55, 0x6e, 0x69, 0x78, 0x52,
 	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x55,
 	0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x43, 0x0a, 0x0f,
-	0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x57, 0x65, 0x62, 0x12,
+	0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x55, 0x44, 0x50, 0x12,
 	0x1a, 0x2e, 0x70, 0x62, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65,
-	0x72, 0x57, 0x65, 0x62, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x70, 0x62,
+	0x72, 0x55, 0x44, 0x50, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x70, 0x62,
 	0x2e, 0x52, 0x50, 0x43, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73,
-	0x73, 0x12, 0x55, 0x0a, 0x18, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65,
+	0x73, 0x12, 0x43, 0x0a, 0x0f, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65,
-	0x72, 0x52, 0x65, 0x76, 0x65, 0x72, 0x73, 0x65, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x12, 0x23, 0x2e,
+	0x72, 0x57, 0x65, 0x62, 0x12, 0x1a, 0x2e, 0x70, 0x62, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65,
-	0x70, 0x62, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52,
+	0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x57, 0x65, 0x62, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
-	0x65, 0x76, 0x65, 0x72, 0x73, 0x65, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65,
+	0x1a, 0x14, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53,
-	0x73, 0x74, 0x1a, 0x14, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x55, 0x70, 0x64, 0x61, 0x74,
+	0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x55, 0x0a, 0x18, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65,
-	0x65, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x47, 0x0a, 0x11, 0x75, 0x70, 0x64, 0x61,
+	0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x76, 0x65, 0x72, 0x73, 0x65, 0x50, 0x72, 0x6f,
-	0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x1c, 0x2e,
+	0x78, 0x79, 0x12, 0x23, 0x2e, 0x70, 0x62, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65,
-	0x70, 0x62, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4e,
+	0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x76, 0x65, 0x72, 0x73, 0x65, 0x50, 0x72, 0x6f, 0x78, 0x79,
-	0x61, 0x6d, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x70, 0x62,
+	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43,
-	0x2e, 0x52, 0x50, 0x43, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73,
+	0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x47, 0x0a,
-	0x73, 0x12, 0x5f, 0x0a, 0x16, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61,
+	0x11, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4e, 0x61, 0x6d,
-	0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x12, 0x21, 0x2e, 0x70, 0x62,
+	0x65, 0x73, 0x12, 0x1c, 0x2e, 0x70, 0x62, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x65,
-	0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64,
+	0x72, 0x76, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
-	0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x22,
+	0x1a, 0x14, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53,
-	0x2e, 0x70, 0x62, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62,
+	0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x5f, 0x0a, 0x16, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x41,
-	0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
-	0x73, 0x65, 0x12, 0x53, 0x0a, 0x12, 0x6c, 0x69, 0x73, 0x74, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65,
-	0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x12, 0x1d, 0x2e, 0x70, 0x62, 0x2e, 0x4c, 0x69,
-	0x73, 0x74, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73,
-	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1e, 0x2e, 0x70, 0x62, 0x2e, 0x4c, 0x69, 0x73,
-	0x74, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x52,
-	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x44, 0x0a, 0x0d, 0x64, 0x69, 0x73, 0x61, 0x62,
-	0x6c, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x12, 0x18, 0x2e, 0x70, 0x62, 0x2e, 0x44, 0x69,
-	0x73, 0x61, 0x62, 0x6c, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65,
-	0x73, 0x74, 0x1a, 0x19, 0x2e, 0x70, 0x62, 0x2e, 0x44, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x53,
-	0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x50, 0x0a,
-	0x11, 0x66, 0x69, 0x6e, 0x64, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76,
-	0x65, 0x72, 0x12, 0x1c, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x45, 0x6e, 0x61, 0x62,
-	0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
-	0x1a, 0x1d, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65,
-	0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12,
-	0x5c, 0x0a, 0x15, 0x66, 0x69, 0x6e, 0x64, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65,
-	0x72, 0x76, 0x65, 0x72, 0x54, 0x79, 0x70, 0x65, 0x12, 0x20, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69,
-	0x6e, 0x64, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54,
-	0x79, 0x70, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x21, 0x2e, 0x70, 0x62, 0x2e,
-	0x46, 0x69, 0x6e, 0x64, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65,
-	0x72, 0x54, 0x79, 0x70, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x86, 0x01,
-	0x0a, 0x23, 0x66, 0x69, 0x6e, 0x64, 0x41, 0x6e, 0x64, 0x49, 0x6e, 0x69, 0x74, 0x53, 0x65, 0x72,
-	0x76, 0x65, 0x72, 0x52, 0x65, 0x76, 0x65, 0x72, 0x73, 0x65, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x43,
-	0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x2e, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x41,
-	0x6e, 0x64, 0x49, 0x6e, 0x69, 0x74, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x76, 0x65,
-	0x72, 0x73, 0x65, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65,
-	0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2f, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x41,
-	0x6e, 0x64, 0x49, 0x6e, 0x69, 0x74, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x76, 0x65,
-	0x72, 0x73, 0x65, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65,
-	0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x6b, 0x0a, 0x1a, 0x66, 0x69, 0x6e, 0x64, 0x41, 0x6e,
-	0x64, 0x49, 0x6e, 0x69, 0x74, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x57, 0x65, 0x62, 0x43, 0x6f,
-	0x6e, 0x66, 0x69, 0x67, 0x12, 0x25, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x41, 0x6e,
-	0x64, 0x49, 0x6e, 0x69, 0x74, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x57, 0x65, 0x62, 0x43, 0x6f,
-	0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x26, 0x2e, 0x70, 0x62,
-	0x2e, 0x46, 0x69, 0x6e, 0x64, 0x41, 0x6e, 0x64, 0x49, 0x6e, 0x69, 0x74, 0x53, 0x65, 0x72, 0x76,
-	0x65, 0x72, 0x57, 0x65, 0x62, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f,
-	0x6e, 0x73, 0x65, 0x12, 0x86, 0x01, 0x0a, 0x23, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c,
-	0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69,
-	0x74, 0x68, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x49, 0x64, 0x12, 0x2e, 0x2e, 0x70, 0x62,
-	0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64,
-	0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69, 0x74, 0x68, 0x53, 0x53, 0x4c, 0x43, 0x65,
-	0x72, 0x74, 0x49, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2f, 0x2e, 0x70, 0x62,
-	0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64,
-	0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69, 0x74, 0x68, 0x53, 0x53, 0x4c, 0x43, 0x65,
-	0x72, 0x74, 0x49, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x83, 0x01, 0x0a,
-	0x22, 0x66, 0x69, 0x6e, 0x64, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53,
-	0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69, 0x74, 0x68, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72,
-	0x74, 0x49, 0x64, 0x12, 0x2d, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x41, 0x6c, 0x6c,
-	0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69,
-	0x74, 0x68, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x49, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65,
-	0x73, 0x74, 0x1a, 0x2e, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x41, 0x6c, 0x6c, 0x45,
-	0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69, 0x74,
-	0x68, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x49, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
-	0x73, 0x65, 0x12, 0x92, 0x01, 0x0a, 0x27, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x45,
-	0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69, 0x74,
-	0x68, 0x43, 0x61, 0x63, 0x68, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49, 0x64, 0x12, 0x32,
-	0x2e, 0x70, 0x62, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62,
-	0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69, 0x74, 0x68, 0x43, 0x61,
-	0x63, 0x68, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65,
-	0x73, 0x74, 0x1a, 0x33, 0x2e, 0x70, 0x62, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c,
-	0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69,
-	0x74, 0x68, 0x43, 0x61, 0x63, 0x68, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49, 0x64, 0x52,
-	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x8f, 0x01, 0x0a, 0x26, 0x66, 0x69, 0x6e, 0x64,
-	0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72,
-	0x73, 0x57, 0x69, 0x74, 0x68, 0x43, 0x61, 0x63, 0x68, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79,
-	0x49, 0x64, 0x12, 0x31, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x41, 0x6c, 0x6c, 0x45,
-	0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69, 0x74,
-	0x68, 0x43, 0x61, 0x63, 0x68, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49, 0x64, 0x52, 0x65,
-	0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x32, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x41,
 	0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73,
-	0x57, 0x69, 0x74, 0x68, 0x43, 0x61, 0x63, 0x68, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49,
+	0x12, 0x21, 0x2e, 0x70, 0x62, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x45, 0x6e,
-	0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x06, 0x5a, 0x04, 0x2e, 0x2f, 0x70,
+	0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x52, 0x65, 0x71, 0x75,
-	0x62, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x65, 0x73, 0x74, 0x1a, 0x22, 0x2e, 0x70, 0x62, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c,
+	0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x52,
+	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x53, 0x0a, 0x12, 0x6c, 0x69, 0x73, 0x74, 0x45,
+	0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x12, 0x1d, 0x2e,
+	0x70, 0x62, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65,
+	0x72, 0x76, 0x65, 0x72, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1e, 0x2e, 0x70,
+	0x62, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72,
+	0x76, 0x65, 0x72, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x44, 0x0a, 0x0d,
+	0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x12, 0x18, 0x2e,
+	0x70, 0x62, 0x2e, 0x44, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72,
+	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x19, 0x2e, 0x70, 0x62, 0x2e, 0x44, 0x69, 0x73,
+	0x61, 0x62, 0x6c, 0x65, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
+	0x73, 0x65, 0x12, 0x50, 0x0a, 0x11, 0x66, 0x69, 0x6e, 0x64, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65,
+	0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x12, 0x1c, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e,
+	0x64, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65,
+	0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1d, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x45,
+	0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70,
+	0x6f, 0x6e, 0x73, 0x65, 0x12, 0x5c, 0x0a, 0x15, 0x66, 0x69, 0x6e, 0x64, 0x45, 0x6e, 0x61, 0x62,
+	0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x79, 0x70, 0x65, 0x12, 0x20, 0x2e,
+	0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65,
+	0x72, 0x76, 0x65, 0x72, 0x54, 0x79, 0x70, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
+	0x21, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64,
+	0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x79, 0x70, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
+	0x73, 0x65, 0x12, 0x86, 0x01, 0x0a, 0x23, 0x66, 0x69, 0x6e, 0x64, 0x41, 0x6e, 0x64, 0x49, 0x6e,
+	0x69, 0x74, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x76, 0x65, 0x72, 0x73, 0x65, 0x50,
+	0x72, 0x6f, 0x78, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x2e, 0x2e, 0x70, 0x62, 0x2e,
+	0x46, 0x69, 0x6e, 0x64, 0x41, 0x6e, 0x64, 0x49, 0x6e, 0x69, 0x74, 0x53, 0x65, 0x72, 0x76, 0x65,
+	0x72, 0x52, 0x65, 0x76, 0x65, 0x72, 0x73, 0x65, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x43, 0x6f, 0x6e,
+	0x66, 0x69, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2f, 0x2e, 0x70, 0x62, 0x2e,
+	0x46, 0x69, 0x6e, 0x64, 0x41, 0x6e, 0x64, 0x49, 0x6e, 0x69, 0x74, 0x53, 0x65, 0x72, 0x76, 0x65,
+	0x72, 0x52, 0x65, 0x76, 0x65, 0x72, 0x73, 0x65, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x43, 0x6f, 0x6e,
+	0x66, 0x69, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x6b, 0x0a, 0x1a, 0x66,
+	0x69, 0x6e, 0x64, 0x41, 0x6e, 0x64, 0x49, 0x6e, 0x69, 0x74, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72,
+	0x57, 0x65, 0x62, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x25, 0x2e, 0x70, 0x62, 0x2e, 0x46,
+	0x69, 0x6e, 0x64, 0x41, 0x6e, 0x64, 0x49, 0x6e, 0x69, 0x74, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72,
+	0x57, 0x65, 0x62, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
+	0x1a, 0x26, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x41, 0x6e, 0x64, 0x49, 0x6e, 0x69,
+	0x74, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x57, 0x65, 0x62, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
+	0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x86, 0x01, 0x0a, 0x23, 0x63, 0x6f, 0x75,
+	0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76,
+	0x65, 0x72, 0x73, 0x57, 0x69, 0x74, 0x68, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x49, 0x64,
+	0x12, 0x2e, 0x2e, 0x70, 0x62, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x45, 0x6e,
+	0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69, 0x74, 0x68,
+	0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x49, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
+	0x1a, 0x2f, 0x2e, 0x70, 0x62, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x45, 0x6e,
+	0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69, 0x74, 0x68,
+	0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x49, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
+	0x65, 0x12, 0x83, 0x01, 0x0a, 0x22, 0x66, 0x69, 0x6e, 0x64, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61,
+	0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69, 0x74, 0x68, 0x53,
+	0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x49, 0x64, 0x12, 0x2d, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69,
+	0x6e, 0x64, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76,
+	0x65, 0x72, 0x73, 0x57, 0x69, 0x74, 0x68, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x49, 0x64,
+	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2e, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e,
+	0x64, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65,
+	0x72, 0x73, 0x57, 0x69, 0x74, 0x68, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x49, 0x64, 0x52,
+	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x92, 0x01, 0x0a, 0x27, 0x63, 0x6f, 0x75, 0x6e,
+	0x74, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65,
+	0x72, 0x73, 0x57, 0x69, 0x74, 0x68, 0x43, 0x61, 0x63, 0x68, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63,
+	0x79, 0x49, 0x64, 0x12, 0x32, 0x2e, 0x70, 0x62, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c,
+	0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57,
+	0x69, 0x74, 0x68, 0x43, 0x61, 0x63, 0x68, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49, 0x64,
+	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x33, 0x2e, 0x70, 0x62, 0x2e, 0x43, 0x6f, 0x75,
+	0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76,
+	0x65, 0x72, 0x73, 0x57, 0x69, 0x74, 0x68, 0x43, 0x61, 0x63, 0x68, 0x65, 0x50, 0x6f, 0x6c, 0x69,
+	0x63, 0x79, 0x49, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x8f, 0x01, 0x0a,
+	0x26, 0x66, 0x69, 0x6e, 0x64, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53,
+	0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69, 0x74, 0x68, 0x43, 0x61, 0x63, 0x68, 0x65, 0x50,
+	0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49, 0x64, 0x12, 0x31, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e,
+	0x64, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65,
+	0x72, 0x73, 0x57, 0x69, 0x74, 0x68, 0x43, 0x61, 0x63, 0x68, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63,
+	0x79, 0x49, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x32, 0x2e, 0x70, 0x62, 0x2e,
+	0x46, 0x69, 0x6e, 0x64, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65,
+	0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69, 0x74, 0x68, 0x43, 0x61, 0x63, 0x68, 0x65, 0x50, 0x6f,
+	0x6c, 0x69, 0x63, 0x79, 0x49, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0xa7,
+	0x01, 0x0a, 0x2e, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c,
+	0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69, 0x74, 0x68, 0x48, 0x54, 0x54,
+	0x50, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49,
+	0x64, 0x12, 0x39, 0x2e, 0x70, 0x62, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x45,
+	0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69, 0x74,
+	0x68, 0x48, 0x54, 0x54, 0x50, 0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c,
+	0x69, 0x63, 0x79, 0x49, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x3a, 0x2e, 0x70,
+	0x62, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65,
+	0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x57, 0x69, 0x74, 0x68, 0x48, 0x54, 0x54, 0x50,
+	0x46, 0x69, 0x72, 0x65, 0x77, 0x61, 0x6c, 0x6c, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x49, 0x64,
+	0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x06, 0x5a, 0x04, 0x2e, 0x2f, 0x70, 0x62,
+	0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
@@ -2210,7 +2327,7 @@ func file_service_server_proto_rawDescGZIP() []byte {
 	return file_service_server_proto_rawDescData
 }
 
-var file_service_server_proto_msgTypes = make([]protoimpl.MessageInfo, 34)
+var file_service_server_proto_msgTypes = make([]protoimpl.MessageInfo, 36)
 var file_service_server_proto_goTypes = []interface{}{
 	(*CreateServerRequest)(nil),                                    // 0: pb.CreateServerRequest
 	(*CreateServerResponse)(nil),                                   // 1: pb.CreateServerResponse
@@ -2246,14 +2363,16 @@ var file_service_server_proto_goTypes = []interface{}{
 	(*CountAllEnabledServersWithCachePolicyIdResponse)(nil),        // 31: pb.CountAllEnabledServersWithCachePolicyIdResponse
 	(*FindAllEnabledServersWithCachePolicyIdRequest)(nil),          // 32: pb.FindAllEnabledServersWithCachePolicyIdRequest
 	(*FindAllEnabledServersWithCachePolicyIdResponse)(nil),         // 33: pb.FindAllEnabledServersWithCachePolicyIdResponse
-	(*Server)(nil),           // 34: pb.Server
+	(*CountAllEnabledServersWithHTTPFirewallPolicyIdRequest)(nil),  // 34: pb.CountAllEnabledServersWithHTTPFirewallPolicyIdRequest
-	(*RPCUpdateSuccess)(nil), // 35: pb.RPCUpdateSuccess
+	(*CountAllEnabledServersWithHTTPFirewallPolicyIdResponse)(nil), // 35: pb.CountAllEnabledServersWithHTTPFirewallPolicyIdResponse
+	(*Server)(nil),           // 36: pb.Server
+	(*RPCUpdateSuccess)(nil), // 37: pb.RPCUpdateSuccess
 }
 var file_service_server_proto_depIdxs = []int32{
-	34, // 0: pb.ListEnabledServersResponse.servers:type_name -> pb.Server
+	36, // 0: pb.ListEnabledServersResponse.servers:type_name -> pb.Server
-	34, // 1: pb.FindEnabledServerResponse.server:type_name -> pb.Server
+	36, // 1: pb.FindEnabledServerResponse.server:type_name -> pb.Server
-	34, // 2: pb.FindAllEnabledServersWithSSLCertIdResponse.servers:type_name -> pb.Server
+	36, // 2: pb.FindAllEnabledServersWithSSLCertIdResponse.servers:type_name -> pb.Server
-	34, // 3: pb.FindAllEnabledServersWithCachePolicyIdResponse.servers:type_name -> pb.Server
+	36, // 3: pb.FindAllEnabledServersWithCachePolicyIdResponse.servers:type_name -> pb.Server
 	0,  // 4: pb.ServerService.createServer:input_type -> pb.CreateServerRequest
 	2,  // 5: pb.ServerService.updateServerBasic:input_type -> pb.UpdateServerBasicRequest
 	3,  // 6: pb.ServerService.updateServerHTTP:input_type -> pb.UpdateServerHTTPRequest
@@ -2276,30 +2395,32 @@ var file_service_server_proto_depIdxs = []int32{
 	28, // 23: pb.ServerService.findAllEnabledServersWithSSLCertId:input_type -> pb.FindAllEnabledServersWithSSLCertIdRequest
 	30, // 24: pb.ServerService.countAllEnabledServersWithCachePolicyId:input_type -> pb.CountAllEnabledServersWithCachePolicyIdRequest
 	32, // 25: pb.ServerService.findAllEnabledServersWithCachePolicyId:input_type -> pb.FindAllEnabledServersWithCachePolicyIdRequest
-	1,  // 26: pb.ServerService.createServer:output_type -> pb.CreateServerResponse
+	34, // 26: pb.ServerService.countAllEnabledServersWithHTTPFirewallPolicyId:input_type -> pb.CountAllEnabledServersWithHTTPFirewallPolicyIdRequest
-	35, // 27: pb.ServerService.updateServerBasic:output_type -> pb.RPCUpdateSuccess
+	1,  // 27: pb.ServerService.createServer:output_type -> pb.CreateServerResponse
-	35, // 28: pb.ServerService.updateServerHTTP:output_type -> pb.RPCUpdateSuccess
+	37, // 28: pb.ServerService.updateServerBasic:output_type -> pb.RPCUpdateSuccess
-	35, // 29: pb.ServerService.updateServerHTTPS:output_type -> pb.RPCUpdateSuccess
+	37, // 29: pb.ServerService.updateServerHTTP:output_type -> pb.RPCUpdateSuccess
-	35, // 30: pb.ServerService.updateServerTCP:output_type -> pb.RPCUpdateSuccess
+	37, // 30: pb.ServerService.updateServerHTTPS:output_type -> pb.RPCUpdateSuccess
-	35, // 31: pb.ServerService.updateServerTLS:output_type -> pb.RPCUpdateSuccess
+	37, // 31: pb.ServerService.updateServerTCP:output_type -> pb.RPCUpdateSuccess
-	35, // 32: pb.ServerService.updateServerUnix:output_type -> pb.RPCUpdateSuccess
+	37, // 32: pb.ServerService.updateServerTLS:output_type -> pb.RPCUpdateSuccess
-	35, // 33: pb.ServerService.updateServerUDP:output_type -> pb.RPCUpdateSuccess
+	37, // 33: pb.ServerService.updateServerUnix:output_type -> pb.RPCUpdateSuccess
-	35, // 34: pb.ServerService.updateServerWeb:output_type -> pb.RPCUpdateSuccess
+	37, // 34: pb.ServerService.updateServerUDP:output_type -> pb.RPCUpdateSuccess
-	35, // 35: pb.ServerService.updateServerReverseProxy:output_type -> pb.RPCUpdateSuccess
+	37, // 35: pb.ServerService.updateServerWeb:output_type -> pb.RPCUpdateSuccess
-	35, // 36: pb.ServerService.updateServerNames:output_type -> pb.RPCUpdateSuccess
+	37, // 36: pb.ServerService.updateServerReverseProxy:output_type -> pb.RPCUpdateSuccess
-	13, // 37: pb.ServerService.countAllEnabledServers:output_type -> pb.CountAllEnabledServersResponse
+	37, // 37: pb.ServerService.updateServerNames:output_type -> pb.RPCUpdateSuccess
-	15, // 38: pb.ServerService.listEnabledServers:output_type -> pb.ListEnabledServersResponse
+	13, // 38: pb.ServerService.countAllEnabledServers:output_type -> pb.CountAllEnabledServersResponse
-	17, // 39: pb.ServerService.disableServer:output_type -> pb.DisableServerResponse
+	15, // 39: pb.ServerService.listEnabledServers:output_type -> pb.ListEnabledServersResponse
-	19, // 40: pb.ServerService.findEnabledServer:output_type -> pb.FindEnabledServerResponse
+	17, // 40: pb.ServerService.disableServer:output_type -> pb.DisableServerResponse
-	21, // 41: pb.ServerService.findEnabledServerType:output_type -> pb.FindEnabledServerTypeResponse
+	19, // 41: pb.ServerService.findEnabledServer:output_type -> pb.FindEnabledServerResponse
-	23, // 42: pb.ServerService.findAndInitServerReverseProxyConfig:output_type -> pb.FindAndInitServerReverseProxyConfigResponse
+	21, // 42: pb.ServerService.findEnabledServerType:output_type -> pb.FindEnabledServerTypeResponse
-	25, // 43: pb.ServerService.findAndInitServerWebConfig:output_type -> pb.FindAndInitServerWebConfigResponse
+	23, // 43: pb.ServerService.findAndInitServerReverseProxyConfig:output_type -> pb.FindAndInitServerReverseProxyConfigResponse
-	27, // 44: pb.ServerService.countAllEnabledServersWithSSLCertId:output_type -> pb.CountAllEnabledServersWithSSLCertIdResponse
+	25, // 44: pb.ServerService.findAndInitServerWebConfig:output_type -> pb.FindAndInitServerWebConfigResponse
-	29, // 45: pb.ServerService.findAllEnabledServersWithSSLCertId:output_type -> pb.FindAllEnabledServersWithSSLCertIdResponse
+	27, // 45: pb.ServerService.countAllEnabledServersWithSSLCertId:output_type -> pb.CountAllEnabledServersWithSSLCertIdResponse
-	31, // 46: pb.ServerService.countAllEnabledServersWithCachePolicyId:output_type -> pb.CountAllEnabledServersWithCachePolicyIdResponse
+	29, // 46: pb.ServerService.findAllEnabledServersWithSSLCertId:output_type -> pb.FindAllEnabledServersWithSSLCertIdResponse
-	33, // 47: pb.ServerService.findAllEnabledServersWithCachePolicyId:output_type -> pb.FindAllEnabledServersWithCachePolicyIdResponse
+	31, // 47: pb.ServerService.countAllEnabledServersWithCachePolicyId:output_type -> pb.CountAllEnabledServersWithCachePolicyIdResponse
-	26, // [26:48] is the sub-list for method output_type
+	33, // 48: pb.ServerService.findAllEnabledServersWithCachePolicyId:output_type -> pb.FindAllEnabledServersWithCachePolicyIdResponse
-	4,  // [4:26] is the sub-list for method input_type
+	35, // 49: pb.ServerService.countAllEnabledServersWithHTTPFirewallPolicyId:output_type -> pb.CountAllEnabledServersWithHTTPFirewallPolicyIdResponse
+	27, // [27:50] is the sub-list for method output_type
+	4,  // [4:27] is the sub-list for method input_type
 	4,  // [4:4] is the sub-list for extension type_name
 	4,  // [4:4] is the sub-list for extension extendee
 	0,  // [0:4] is the sub-list for field type_name
@@ -2721,6 +2842,30 @@ func file_service_server_proto_init() {
 				return nil
 			}
 		}
+		file_service_server_proto_msgTypes[34].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*CountAllEnabledServersWithHTTPFirewallPolicyIdRequest); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_service_server_proto_msgTypes[35].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*CountAllEnabledServersWithHTTPFirewallPolicyIdResponse); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
 	}
 	type x struct{}
 	out := protoimpl.TypeBuilder{
@@ -2728,7 +2873,7 @@ func file_service_server_proto_init() {
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
 			RawDescriptor: file_service_server_proto_rawDesc,
 			NumEnums:      0,
-			NumMessages:   34,
+			NumMessages:   36,
 			NumExtensions: 0,
 			NumServices:   1,
 		},
@@ -2798,6 +2943,8 @@ type ServerServiceClient interface {
 	CountAllEnabledServersWithCachePolicyId(ctx context.Context, in *CountAllEnabledServersWithCachePolicyIdRequest, opts ...grpc.CallOption) (*CountAllEnabledServersWithCachePolicyIdResponse, error)
 	// 查找使用某个缓存策略的所有服务
 	FindAllEnabledServersWithCachePolicyId(ctx context.Context, in *FindAllEnabledServersWithCachePolicyIdRequest, opts ...grpc.CallOption) (*FindAllEnabledServersWithCachePolicyIdResponse, error)
+	// 计算使用某个WAF策略的服务数量
+	CountAllEnabledServersWithHTTPFirewallPolicyId(ctx context.Context, in *CountAllEnabledServersWithHTTPFirewallPolicyIdRequest, opts ...grpc.CallOption) (*CountAllEnabledServersWithHTTPFirewallPolicyIdResponse, error)
 }
 
 type serverServiceClient struct {
@@ -3006,6 +3153,15 @@ func (c *serverServiceClient) FindAllEnabledServersWithCachePolicyId(ctx context
 	return out, nil
 }
 
+func (c *serverServiceClient) CountAllEnabledServersWithHTTPFirewallPolicyId(ctx context.Context, in *CountAllEnabledServersWithHTTPFirewallPolicyIdRequest, opts ...grpc.CallOption) (*CountAllEnabledServersWithHTTPFirewallPolicyIdResponse, error) {
+	out := new(CountAllEnabledServersWithHTTPFirewallPolicyIdResponse)
+	err := c.cc.Invoke(ctx, "/pb.ServerService/countAllEnabledServersWithHTTPFirewallPolicyId", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
 // ServerServiceServer is the server API for ServerService service.
 type ServerServiceServer interface {
 	// 创建服务
@@ -3052,6 +3208,8 @@ type ServerServiceServer interface {
 	CountAllEnabledServersWithCachePolicyId(context.Context, *CountAllEnabledServersWithCachePolicyIdRequest) (*CountAllEnabledServersWithCachePolicyIdResponse, error)
 	// 查找使用某个缓存策略的所有服务
 	FindAllEnabledServersWithCachePolicyId(context.Context, *FindAllEnabledServersWithCachePolicyIdRequest) (*FindAllEnabledServersWithCachePolicyIdResponse, error)
+	// 计算使用某个WAF策略的服务数量
+	CountAllEnabledServersWithHTTPFirewallPolicyId(context.Context, *CountAllEnabledServersWithHTTPFirewallPolicyIdRequest) (*CountAllEnabledServersWithHTTPFirewallPolicyIdResponse, error)
 }
 
 // UnimplementedServerServiceServer can be embedded to have forward compatible implementations.
@@ -3124,6 +3282,9 @@ func (*UnimplementedServerServiceServer) CountAllEnabledServersWithCachePolicyId
 func (*UnimplementedServerServiceServer) FindAllEnabledServersWithCachePolicyId(context.Context, *FindAllEnabledServersWithCachePolicyIdRequest) (*FindAllEnabledServersWithCachePolicyIdResponse, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method FindAllEnabledServersWithCachePolicyId not implemented")
 }
+func (*UnimplementedServerServiceServer) CountAllEnabledServersWithHTTPFirewallPolicyId(context.Context, *CountAllEnabledServersWithHTTPFirewallPolicyIdRequest) (*CountAllEnabledServersWithHTTPFirewallPolicyIdResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method CountAllEnabledServersWithHTTPFirewallPolicyId not implemented")
+}
 
 func RegisterServerServiceServer(s *grpc.Server, srv ServerServiceServer) {
 	s.RegisterService(&_ServerService_serviceDesc, srv)
@@ -3525,6 +3686,24 @@ func _ServerService_FindAllEnabledServersWithCachePolicyId_Handler(srv interface
 	return interceptor(ctx, in, info, handler)
 }
 
+func _ServerService_CountAllEnabledServersWithHTTPFirewallPolicyId_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(CountAllEnabledServersWithHTTPFirewallPolicyIdRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(ServerServiceServer).CountAllEnabledServersWithHTTPFirewallPolicyId(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/pb.ServerService/CountAllEnabledServersWithHTTPFirewallPolicyId",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(ServerServiceServer).CountAllEnabledServersWithHTTPFirewallPolicyId(ctx, req.(*CountAllEnabledServersWithHTTPFirewallPolicyIdRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
 var _ServerService_serviceDesc = grpc.ServiceDesc{
 	ServiceName: "pb.ServerService",
 	HandlerType: (*ServerServiceServer)(nil),
@@ -3617,6 +3796,10 @@ var _ServerService_serviceDesc = grpc.ServiceDesc{
 			MethodName: "findAllEnabledServersWithCachePolicyId",
 			Handler:    _ServerService_FindAllEnabledServersWithCachePolicyId_Handler,
 		},
+		{
+			MethodName: "countAllEnabledServersWithHTTPFirewallPolicyId",
+			Handler:    _ServerService_CountAllEnabledServersWithHTTPFirewallPolicyId_Handler,
+		},
 	},
 	Streams:  []grpc.StreamDesc{},
 	Metadata: "service_server.proto",

pkg/rpc/protos/model_http_firewall_policy.proto

@@ -7,4 +7,7 @@ message HTTPFirewallPolicy {
 	int64 id = 1;
 	string name = 2;
 	bool isOn = 3;
+	string description = 4;
+	bytes inboundJSON = 5;
+	bytes outboundJSON = 6;
 }

pkg/rpc/protos/service_http_firewall_policy.proto

@@ -4,10 +4,32 @@ option go_package = "./pb";
 package pb;
 
 import "model_http_firewall_policy.proto";
+import "rpc_messages.proto";
 
 service HTTPFirewallPolicyService {
 	// 获取所有可用策略
 	rpc findAllEnabledHTTPFirewallPolicies (FindAllEnabledHTTPFirewallPoliciesRequest) returns (FindAllEnabledHTTPFirewallPoliciesResponse);
+
+	// 创建防火墙策略
+	rpc createHTTPFirewallPolicy (CreateHTTPFirewallPolicyRequest) returns (CreateHTTPFirewallPolicyResponse);
+
+	// 修改防火墙策略
+	rpc updateHTTPFirewallPolicy (UpdateHTTPFirewallPolicyRequest) returns (RPCUpdateSuccess);
+
+	// 计算可用的防火墙策略数量
+	rpc countAllEnabledFirewallPolicies (CountAllEnabledFirewallPoliciesRequest) returns (CountAllEnabledFirewallPoliciesResponse);
+
+	// 列出单页的防火墙策略
+	rpc listEnabledFirewallPolicies (ListEnabledFirewallPoliciesRequest) returns (ListEnabledFirewallPoliciesResponse);
+
+	// 删除某个防火墙策略
+	rpc deleteFirewallPolicy (DeleteFirewallPolicyRequest) returns (RPCDeleteSuccess);
+
+	// 查找单个防火墙配置
+	rpc findEnabledFirewallPolicyConfig (FindEnabledFirewallPolicyConfigRequest) returns (FindEnabledFirewallPolicyConfigResponse);
+
+	// 获取防火墙的基本信息
+	rpc findEnabledFirewallPolicy (FindEnabledFirewallPolicyRequest) returns (FindEnabledFirewallPolicyResponse);
 }
 
 // 获取所有可用策略
@@ -19,3 +41,64 @@ message FindAllEnabledHTTPFirewallPoliciesResponse {
 	repeated HTTPFirewallPolicy firewallPolicies = 1;
 }
 
+// 创建防火墙策略
+message CreateHTTPFirewallPolicyRequest {
+	bool isOn = 1;
+	string name = 2;
+	string description = 3;
+	repeated string firewallGroupCodes = 4;
+}
+
+message CreateHTTPFirewallPolicyResponse {
+	int64 firewallPolicyId = 1;
+}
+
+// 修改防火墙策略
+message UpdateHTTPFirewallPolicyRequest {
+	int64 firewallPolicyId = 1;
+	bool isOn = 2;
+	string name = 3;
+	string description = 4;
+	repeated string firewallGroupCodes = 5;
+}
+
+// 计算可用的防火墙策略数量
+message CountAllEnabledFirewallPoliciesRequest {
+}
+
+message CountAllEnabledFirewallPoliciesResponse {
+	int64 count = 1;
+}
+
+// 列出单页的防火墙策略
+message ListEnabledFirewallPoliciesRequest {
+	int64 offset = 1;
+	int64 size = 2;
+}
+
+message ListEnabledFirewallPoliciesResponse {
+	repeated HTTPFirewallPolicy firewallPolicies = 1;
+}
+
+// 删除某个防火墙策略
+message DeleteFirewallPolicyRequest {
+	int64 firewallPolicyId = 1;
+}
+
+// 查找单个防火墙配置
+message FindEnabledFirewallPolicyConfigRequest {
+	int64 firewallPolicyId = 1;
+}
+
+message FindEnabledFirewallPolicyConfigResponse {
+	bytes firewallPolicyJSON = 1;
+}
+
+// 获取防火墙的基本信息
+message FindEnabledFirewallPolicyRequest {
+	int64 firewallPolicyId = 1;
+}
+
+message FindEnabledFirewallPolicyResponse {
+	HTTPFirewallPolicy firewallPolicy = 1;
+}

pkg/rpc/protos/service_server.proto

@@ -72,6 +72,9 @@ service ServerService {
 
 	// 查找使用某个缓存策略的所有服务
 	rpc findAllEnabledServersWithCachePolicyId (FindAllEnabledServersWithCachePolicyIdRequest) returns (FindAllEnabledServersWithCachePolicyIdResponse);
+
+	// 计算使用某个WAF策略的服务数量
+	rpc countAllEnabledServersWithHTTPFirewallPolicyId (CountAllEnabledServersWithHTTPFirewallPolicyIdRequest) returns (CountAllEnabledServersWithHTTPFirewallPolicyIdResponse);
 }
 
 // 创建服务
@@ -258,3 +261,11 @@ message FindAllEnabledServersWithCachePolicyIdResponse {
 	repeated Server servers = 1;
 }
 
+// 计算使用某个WAF策略的服务数量
+message CountAllEnabledServersWithHTTPFirewallPolicyIdRequest {
+	int64 firewallPolicyId = 1;
+}
+
+message CountAllEnabledServersWithHTTPFirewallPolicyIdResponse {
+	int64 count = 1;
+}

pkg/serverconfigs/firewallconfigs/http_firewall_action_allow.go

@@ -0,0 +1,4 @@
+package firewallconfigs
+
+type HTTPFirewallAllowAction struct {
+}

pkg/serverconfigs/firewallconfigs/http_firewall_action_block.go

@@ -0,0 +1,8 @@
+package firewallconfigs
+
+// url client configure
+type HTTPFirewallBlockAction struct {
+	StatusCode int    `yaml:"statusCode" json:"statusCode"`
+	Body       string `yaml:"body" json:"body"` // supports HTML
+	URL        string `yaml:"url" json:"url"`
+}

pkg/serverconfigs/firewallconfigs/http_firewall_action_captcha.go

@@ -0,0 +1,4 @@
+package firewallconfigs
+
+type HTTPFirewallCaptchaAction struct {
+}

pkg/serverconfigs/firewallconfigs/http_firewall_action_definition.go

@@ -0,0 +1,11 @@
+package firewallconfigs
+
+import "reflect"
+
+// action definition
+type HTTPFirewallActionDefinition struct {
+	Name        string
+	Code        HTTPFirewallActionString
+	Description string
+	Type        reflect.Type
+}

pkg/serverconfigs/firewallconfigs/http_firewall_action_go_group.go

@@ -0,0 +1,5 @@
+package firewallconfigs
+
+type HTTPFirewallGoGroupAction struct {
+	GroupId string `yaml:"groupId" json:"groupId"`
+}

pkg/serverconfigs/firewallconfigs/http_firewall_action_go_set.go

@@ -0,0 +1,6 @@
+package firewallconfigs
+
+type HTTPFirewallGoSetAction struct {
+	GroupId string `yaml:"groupId" json:"groupId"`
+	SetId   string `yaml:"setId" json:"setId"`
+}

pkg/serverconfigs/firewallconfigs/http_firewall_action_instance.go

@@ -0,0 +1,5 @@
+package firewallconfigs
+
+type Action struct {
+
+}

pkg/serverconfigs/firewallconfigs/http_firewall_action_log.go

@@ -0,0 +1,4 @@
+package firewallconfigs
+
+type HTTPFirewallLogAction struct {
+}

pkg/serverconfigs/firewallconfigs/http_firewall_action_type.go

@@ -0,0 +1,12 @@
+package firewallconfigs
+
+type HTTPFirewallActionString = string
+
+const (
+	HTTPFirewallActionLog     = "log"      // allow and log
+	HTTPFirewallActionBlock   = "block"    // block
+	HTTPFirewallActionCaptcha = "captcha"  // block and show captcha
+	HTTPFirewallActionAllow   = "allow"    // allow
+	HTTPFirewallActionGoGroup = "go_group" // go to next rule group
+	HTTPFirewallActionGoSet   = "go_set"   // go to next rule set
+)

pkg/serverconfigs/firewallconfigs/http_firewall_action_utils.go

@@ -0,0 +1,43 @@
+package firewallconfigs
+
+import (
+	"reflect"
+)
+
+var AllActions = []*HTTPFirewallActionDefinition{
+	{
+		Name: "阻止",
+		Code: HTTPFirewallActionBlock,
+	},
+	{
+		Name: "允许通过",
+		Code: HTTPFirewallActionAllow,
+	},
+	{
+		Name: "允许并记录日志",
+		Code: HTTPFirewallActionLog,
+	},
+	{
+		Name: "Captcha验证码",
+		Code: HTTPFirewallActionCaptcha,
+	},
+	{
+		Name: "跳到下一个规则分组",
+		Code: HTTPFirewallActionGoGroup,
+		Type: reflect.TypeOf(new(HTTPFirewallGoGroupAction)).Elem(),
+	},
+	{
+		Name: "跳到下一个规则集",
+		Code: HTTPFirewallActionGoSet,
+		Type: reflect.TypeOf(new(HTTPFirewallGoSetAction)).Elem(),
+	},
+}
+
+func FindActionName(action HTTPFirewallActionString) string {
+	for _, def := range AllActions {
+		if def.Code == action {
+			return def.Name
+		}
+	}
+	return ""
+}

pkg/serverconfigs/firewallconfigs/http_firewall_action_utils_test.go

@@ -0,0 +1 @@
+package firewallconfigs

pkg/serverconfigs/firewallconfigs/http_firewall_inbound_config.go

@@ -0,0 +1,28 @@
+package firewallconfigs
+
+type HTTPFirewallInboundConfig struct {
+	IsOn      bool                        `yaml:"isOn" json:"isOn"`
+	GroupRefs []*HTTPFirewallRuleGroupRef `yaml:"groupRefs" json:"groupRefs"`
+	Groups    []*HTTPFirewallRuleGroup    `yaml:"groups" json:"groups"`
+}
+
+// 初始化
+func (this *HTTPFirewallInboundConfig) Init() error {
+	for _, group := range this.Groups {
+		err := group.Init()
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// 根据Code查找Group
+func (this *HTTPFirewallInboundConfig) FindGroupWithCode(code string) *HTTPFirewallRuleGroup {
+	for _, group := range this.Groups {
+		if group.Code == code {
+			return group
+		}
+	}
+	return nil
+}

pkg/serverconfigs/firewallconfigs/http_firewall_outbound_config.go

@@ -0,0 +1,28 @@
+package firewallconfigs
+
+type HTTPFirewallOutboundConfig struct {
+	IsOn      bool                        `yaml:"isOn" json:"isOn"`
+	GroupRefs []*HTTPFirewallRuleGroupRef `yaml:"groupRefs" json:"groupRefs"`
+	Groups    []*HTTPFirewallRuleGroup    `yaml:"groups" json:"groups"`
+}
+
+// 初始化
+func (this *HTTPFirewallOutboundConfig) Init() error {
+	for _, group := range this.Groups {
+		err := group.Init()
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// 根据Code查找Group
+func (this *HTTPFirewallOutboundConfig) FindGroupWithCode(code string) *HTTPFirewallRuleGroup {
+	for _, group := range this.Groups {
+		if group.Code == code {
+			return group
+		}
+	}
+	return nil
+}

pkg/serverconfigs/firewallconfigs/http_firewall_policy.go

@@ -0,0 +1,51 @@
+package firewallconfigs
+
+// 防火墙策略
+type HTTPFirewallPolicy struct {
+	Id          int64                       `yaml:"id" json:"id"`
+	IsOn        bool                        `yaml:"isOn" json:"isOn"`
+	Name        string                      `yaml:"name" json:"name"`
+	Description string                      `yaml:"description" json:"description"`
+	Inbound     *HTTPFirewallInboundConfig  `yaml:"inbound" json:"inbound"`
+	Outbound    *HTTPFirewallOutboundConfig `yaml:"outbound" json:"outbound"`
+}
+
+// 初始化
+func (this *HTTPFirewallPolicy) Init() error {
+	if this.Inbound != nil {
+		err := this.Inbound.Init()
+		if err != nil {
+			return err
+		}
+	}
+	if this.Outbound != nil {
+		err := this.Outbound.Init()
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+// 获取所有分组
+func (this *HTTPFirewallPolicy) AllRuleGroups() []*HTTPFirewallRuleGroup {
+	result := []*HTTPFirewallRuleGroup{}
+	if this.Inbound != nil {
+		result = append(result, this.Inbound.Groups...)
+	}
+	if this.Outbound != nil {
+		result = append(result, this.Outbound.Groups...)
+	}
+	return result
+}
+
+// 根据代号获取分组
+func (this *HTTPFirewallPolicy) FindRuleGroupWithCode(code string) *HTTPFirewallRuleGroup {
+	for _, g := range this.AllRuleGroups() {
+		if g.Code == code {
+			return g
+		}
+	}
+	return nil
+}

pkg/serverconfigs/firewallconfigs/http_firewall_ref.go

@@ -1,4 +1,4 @@
-package serverconfigs
+package firewallconfigs
 
 type HTTPFirewallRef struct {
 	IsPrior          bool  `yaml:"isPrior" json:"isPrior"`

pkg/serverconfigs/firewallconfigs/http_firewall_rule.go

@@ -0,0 +1,16 @@
+package firewallconfigs
+
+type HTTPFirewallRule struct {
+	Id                int64                  `yaml:"id" json:"id"`
+	IsOn              bool                   `yaml:"isOn" json:"isOn"`
+	Param             string                 `yaml:"param" json:"param"`
+	Operator          string                 `yaml:"operator" json:"operator"`
+	Value             string                 `yaml:"value" json:"value"`
+	IsCaseInsensitive bool                   `yaml:"isCaseInsensitive" json:"isCaseInsensitive"`
+	CheckpointOptions map[string]interface{} `yaml:"checkpointOptions" json:"checkpointOptions"`
+	Description       string                 `yaml:"description" json:"description"`
+}
+
+func (this *HTTPFirewallRule) Init() error {
+	return nil
+}

pkg/serverconfigs/firewallconfigs/http_firewall_rule_group.go

@@ -0,0 +1,28 @@
+package firewallconfigs
+
+// 规则组
+type HTTPFirewallRuleGroup struct {
+	Id          int64                     `yaml:"id" json:"id"`
+	IsOn        bool                      `yaml:"isOn" json:"isOn"`
+	Name        string                    `yaml:"name" json:"name"`
+	Description string                    `yaml:"description" json:"description"`
+	Code        string                    `yaml:"code" json:"code"`
+	SetRefs     []*HTTPFirewallRuleSetRef `yaml:"setRefs" json:"setRefs"`
+	Sets        []*HTTPFirewallRuleSet    `yaml:"sets" json:"sets"`
+}
+
+// 初始化
+func (this *HTTPFirewallRuleGroup) Init() error {
+	for _, set := range this.Sets {
+		err := set.Init()
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// 添加规则集
+func (this *HTTPFirewallRuleGroup) AddRuleSet(ruleSet *HTTPFirewallRuleSet) {
+	this.Sets = append(this.Sets, ruleSet)
+}

pkg/serverconfigs/firewallconfigs/http_firewall_rule_group_ref.go

@@ -0,0 +1,6 @@
+package firewallconfigs
+
+type HTTPFirewallRuleGroupRef struct {
+	IsOn    bool  `yaml:"isOn" json:"isOn"`
+	GroupId int64 `yaml:"groupId" json:"groupId"`
+}

pkg/serverconfigs/firewallconfigs/http_firewall_rule_operator.go

@@ -0,0 +1,219 @@
+package firewallconfigs
+
+type HTTPFirewallRuleOperator = string
+type HTTPFirewallRuleCaseInsensitive = string
+
+const (
+	HTTPFirewallRuleOperatorGt           HTTPFirewallRuleOperator = "gt"
+	HTTPFirewallRuleOperatorGte          HTTPFirewallRuleOperator = "gte"
+	HTTPFirewallRuleOperatorLt           HTTPFirewallRuleOperator = "lt"
+	HTTPFirewallRuleOperatorLte          HTTPFirewallRuleOperator = "lte"
+	HTTPFirewallRuleOperatorEq           HTTPFirewallRuleOperator = "eq"
+	HTTPFirewallRuleOperatorNeq          HTTPFirewallRuleOperator = "neq"
+	HTTPFirewallRuleOperatorEqString     HTTPFirewallRuleOperator = "eq string"
+	HTTPFirewallRuleOperatorNeqString    HTTPFirewallRuleOperator = "neq string"
+	HTTPFirewallRuleOperatorMatch        HTTPFirewallRuleOperator = "match"
+	HTTPFirewallRuleOperatorNotMatch     HTTPFirewallRuleOperator = "not match"
+	HTTPFirewallRuleOperatorContains     HTTPFirewallRuleOperator = "contains"
+	HTTPFirewallRuleOperatorNotContains  HTTPFirewallRuleOperator = "not contains"
+	HTTPFirewallRuleOperatorPrefix       HTTPFirewallRuleOperator = "prefix"
+	HTTPFirewallRuleOperatorSuffix       HTTPFirewallRuleOperator = "suffix"
+	HTTPFirewallRuleOperatorHasKey       HTTPFirewallRuleOperator = "has key" // has key in slice or map
+	HTTPFirewallRuleOperatorVersionGt    HTTPFirewallRuleOperator = "version gt"
+	HTTPFirewallRuleOperatorVersionLt    HTTPFirewallRuleOperator = "version lt"
+	HTTPFirewallRuleOperatorVersionRange HTTPFirewallRuleOperator = "version range"
+
+	// ip
+	HTTPFirewallRuleOperatorEqIP       HTTPFirewallRuleOperator = "eq ip"
+	HTTPFirewallRuleOperatorGtIP       HTTPFirewallRuleOperator = "gt ip"
+	HTTPFirewallRuleOperatorGteIP      HTTPFirewallRuleOperator = "gte ip"
+	HTTPFirewallRuleOperatorLtIP       HTTPFirewallRuleOperator = "lt ip"
+	HTTPFirewallRuleOperatorLteIP      HTTPFirewallRuleOperator = "lte ip"
+	HTTPFirewallRuleOperatorIPRange    HTTPFirewallRuleOperator = "ip range"
+	HTTPFirewallRuleOperatorNotIPRange HTTPFirewallRuleOperator = "not ip range"
+	HTTPFirewallRuleOperatorIPMod10    HTTPFirewallRuleOperator = "ip mod 10"
+	HTTPFirewallRuleOperatorIPMod100   HTTPFirewallRuleOperator = "ip mod 100"
+	HTTPFirewallRuleOperatorIPMod      HTTPFirewallRuleOperator = "ip mod"
+
+	HTTPFirewallRuleCaseInsensitiveNone = "none"
+	HTTPFirewallRuleCaseInsensitiveYes  = "yes"
+	HTTPFirewallRuleCaseInsensitiveNo   = "no"
+)
+
+type RuleOperatorDefinition struct {
+	Name            string
+	Code            string
+	Description     string
+	CaseInsensitive HTTPFirewallRuleCaseInsensitive // default caseInsensitive setting
+}
+
+var AllRuleOperators = []*RuleOperatorDefinition{
+	{
+		Name:            "数值大于",
+		Code:            HTTPFirewallRuleOperatorGt,
+		Description:     "使用数值对比大于",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone,
+	},
+	{
+		Name:            "数值大于等于",
+		Code:            HTTPFirewallRuleOperatorGte,
+		Description:     "使用数值对比大于等于",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone,
+	},
+	{
+		Name:            "数值小于",
+		Code:            HTTPFirewallRuleOperatorLt,
+		Description:     "使用数值对比小于",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone,
+	},
+	{
+		Name:            "数值小于等于",
+		Code:            HTTPFirewallRuleOperatorLte,
+		Description:     "使用数值对比小于等于",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone,
+	},
+	{
+		Name:            "数值等于",
+		Code:            HTTPFirewallRuleOperatorEq,
+		Description:     "使用数值对比等于",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone,
+	},
+	{
+		Name:            "数值不等于",
+		Code:            HTTPFirewallRuleOperatorNeq,
+		Description:     "使用数值对比不等于",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNone,
+	},
+	{
+		Name:            "字符串等于",
+		Code:            HTTPFirewallRuleOperatorEqString,
+		Description:     "使用字符串对比等于",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
+	},
+	{
+		Name:            "字符串不等于",
+		Code:            HTTPFirewallRuleOperatorNeqString,
+		Description:     "使用字符串对比不等于",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
+	},
+	{
+		Name:            "正则匹配",
+		Code:            HTTPFirewallRuleOperatorMatch,
+		Description:     "使用正则表达式匹配，在头部使用(?i)表示不区分大小写，<a href=\"http://teaos.cn/doc/regexp/Regexp.md\" target=\"_blank\">正则表达式语法 &raquo;</a>",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveYes,
+	},
+	{
+		Name:            "正则不匹配",
+		Code:            HTTPFirewallRuleOperatorNotMatch,
+		Description:     "使用正则表达式不匹配，在头部使用(?i)表示不区分大小写，<a href=\"http://teaos.cn/doc/regexp/Regexp.md\" target=\"_blank\">正则表达式语法 &raquo;</a>",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveYes,
+	},
+	{
+		Name:            "包含字符串",
+		Code:            HTTPFirewallRuleOperatorContains,
+		Description:     "包含某个字符串",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
+	},
+	{
+		Name:            "不包含字符串",
+		Code:            HTTPFirewallRuleOperatorNotContains,
+		Description:     "不包含某个字符串",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
+	},
+	{
+		Name:            "包含前缀",
+		Code:            HTTPFirewallRuleOperatorPrefix,
+		Description:     "包含某个前缀",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
+	},
+	{
+		Name:            "包含后缀",
+		Code:            HTTPFirewallRuleOperatorSuffix,
+		Description:     "包含某个后缀",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
+	},
+	{
+		Name:            "包含索引",
+		Code:            HTTPFirewallRuleOperatorHasKey,
+		Description:     "对于一组数据拥有某个键值或者索引",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
+	},
+	{
+		Name:            "版本号大于",
+		Code:            HTTPFirewallRuleOperatorVersionGt,
+		Description:     "对比版本号大于",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
+	},
+	{
+		Name:            "版本号小于",
+		Code:            HTTPFirewallRuleOperatorVersionLt,
+		Description:     "对比版本号小于",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
+	},
+	{
+		Name:            "版本号范围",
+		Code:            HTTPFirewallRuleOperatorVersionRange,
+		Description:     "判断版本号在某个范围内，格式为version1,version2",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
+	},
+	{
+		Name:            "IP等于",
+		Code:            HTTPFirewallRuleOperatorEqIP,
+		Description:     "将参数转换为IP进行对比",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
+	},
+	{
+		Name:            "IP大于",
+		Code:            HTTPFirewallRuleOperatorGtIP,
+		Description:     "将参数转换为IP进行对比",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
+	},
+	{
+		Name:            "IP大于等于",
+		Code:            HTTPFirewallRuleOperatorGteIP,
+		Description:     "将参数转换为IP进行对比",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
+	},
+	{
+		Name:            "IP小于",
+		Code:            HTTPFirewallRuleOperatorLtIP,
+		Description:     "将参数转换为IP进行对比",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
+	},
+	{
+		Name:            "IP小于等于",
+		Code:            HTTPFirewallRuleOperatorLteIP,
+		Description:     "将参数转换为IP进行对比",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
+	},
+	{
+		Name:            "IP范围",
+		Code:            HTTPFirewallRuleOperatorIPRange,
+		Description:     "IP在某个范围之内，范围格式可以是英文逗号分隔的ip1,ip2，或者CIDR格式的ip/bits",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
+	},
+	{
+		Name:            "不在IP范围",
+		Code:            HTTPFirewallRuleOperatorNotIPRange,
+		Description:     "IP不在某个范围之内，范围格式可以是英文逗号分隔的ip1,ip2，或者CIDR格式的ip/bits",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
+	},
+	{
+		Name:            "IP取模10",
+		Code:            HTTPFirewallRuleOperatorIPMod10,
+		Description:     "对IP参数值取模，除数为10，对比值为余数",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
+	},
+	{
+		Name:            "IP取模100",
+		Code:            HTTPFirewallRuleOperatorIPMod100,
+		Description:     "对IP参数值取模，除数为100，对比值为余数",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
+	},
+	{
+		Name:            "IP取模",
+		Code:            HTTPFirewallRuleOperatorIPMod,
+		Description:     "对IP参数值取模，对比值格式为：除数,余数，比如10,1",
+		CaseInsensitive: HTTPFirewallRuleCaseInsensitiveNo,
+	},
+}

pkg/serverconfigs/firewallconfigs/http_firewall_rule_operator_test.go

@@ -0,0 +1,19 @@
+package firewallconfigs
+
+import (
+	"fmt"
+	"strings"
+	"testing"
+)
+
+func TestRuleOperator_Markdown(t *testing.T) {
+	result := []string{}
+	for _, def := range AllRuleOperators {
+		row := "## " + def.Name + "\n"
+		row += "符号：`" + def.Code + "`\n"
+		row += "描述：" + def.Description + "\n"
+		result = append(result, row)
+	}
+
+	fmt.Print(strings.Join(result, "\n") + "\n")
+}

pkg/serverconfigs/firewallconfigs/http_firewall_rule_ref.go

@@ -0,0 +1,6 @@
+package firewallconfigs
+
+type HTTPFirewallRuleRef struct {
+	IsOn   bool  `yaml:"isOn" json:"isOn"`
+	RuleId int64 `yaml:"ruleId" json:"ruleId"`
+}

pkg/serverconfigs/firewallconfigs/http_firewall_rule_set.go

@@ -0,0 +1,33 @@
+package firewallconfigs
+
+import "github.com/iwind/TeaGo/maps"
+
+// 规则集定义
+type HTTPFirewallRuleSet struct {
+	Id            int64                  `yaml:"id" json:"id"`
+	IsOn          bool                   `yaml:"isOn" json:"isOn"`
+	Name          string                 `yaml:"name" json:"name"`
+	Code          string                 `yaml:"code" json:"code"`
+	Description   string                 `yaml:"description" json:"description"`
+	Connector     string                 `yaml:"connector" json:"connector"`
+	RuleRefs      []*HTTPFirewallRuleRef `yaml:"ruleRefs" json:"ruleRefs"`
+	Rules         []*HTTPFirewallRule    `yaml:"rules" json:"rules"`
+	Action        string                 `yaml:"action" json:"action"`
+	ActionOptions maps.Map               `yaml:"actionOptions" json:"actionOptions"`
+}
+
+// 初始化
+func (this *HTTPFirewallRuleSet) Init() error {
+	for _, rule := range this.Rules {
+		err := rule.Init()
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// 添加规则
+func (this *HTTPFirewallRuleSet) AddRule(rule *HTTPFirewallRule) {
+	this.Rules = append(this.Rules, rule)
+}

pkg/serverconfigs/firewallconfigs/http_firewall_rule_set_ref.go

@@ -0,0 +1,6 @@
+package firewallconfigs
+
+type HTTPFirewallRuleSetRef struct {
+	IsOn  bool  `yaml:"isOn" json:"isOn"`
+	SetId int64 `yaml:"setId" json:"setId"`
+}

pkg/serverconfigs/firewallconfigs/http_firewall_template.go

@@ -0,0 +1,511 @@
+package firewallconfigs
+
+type HTTPFirewallRuleConnector = string
+
+const (
+	HTTPFirewallRuleConnectorAnd = "and"
+	HTTPFirewallRuleConnectorOr  = "or"
+)
+
+func HTTPFirewallTemplate() *HTTPFirewallPolicy {
+	policy := &HTTPFirewallPolicy{}
+	policy.IsOn = true
+	policy.Inbound = &HTTPFirewallInboundConfig{}
+	policy.Outbound = &HTTPFirewallOutboundConfig{}
+
+	// black list
+	{
+		group := &HTTPFirewallRuleGroup{}
+		group.IsOn = false
+		group.Name = "白名单"
+		group.Code = "whiteList"
+		group.Description = "在此名单中的IP地址可以直接跳过防火墙设置"
+
+		{
+
+			set := &HTTPFirewallRuleSet{}
+			set.IsOn = true
+			set.Name = "IP白名单"
+			set.Code = "9001"
+			set.Connector = HTTPFirewallRuleConnectorOr
+			set.Action = HTTPFirewallActionAllow
+			set.AddRule(&HTTPFirewallRule{
+				IsOn:              true,
+				Param:             "${remoteAddr}",
+				Operator:          HTTPFirewallRuleOperatorMatch,
+				Value:             `127\.0\.0\.1|0\.0\.0\.0`,
+				IsCaseInsensitive: false,
+			})
+			group.AddRuleSet(set)
+		}
+
+		policy.Inbound.Groups = append(policy.Inbound.Groups, group)
+	}
+
+	// black list
+	{
+		group := &HTTPFirewallRuleGroup{}
+		group.IsOn = false
+		group.Name = "黑名单"
+		group.Code = "blackList"
+		group.Description = "在此名单中的IP地址直接阻止"
+
+		{
+
+			set := &HTTPFirewallRuleSet{}
+			set.IsOn = true
+			set.Name = "IP黑名单"
+			set.Code = "10001"
+			set.Connector = HTTPFirewallRuleConnectorOr
+			set.Action = HTTPFirewallActionBlock
+			set.AddRule(&HTTPFirewallRule{
+				IsOn:              true,
+				Param:             "${remoteAddr}",
+				Operator:          HTTPFirewallRuleOperatorMatch,
+				Value:             `1\.1\.1\.1|2\.2\.2\.2`,
+				IsCaseInsensitive: false,
+			})
+			group.AddRuleSet(set)
+		}
+
+		policy.Inbound.Groups = append(policy.Inbound.Groups, group)
+	}
+
+	// xss
+	{
+		group := &HTTPFirewallRuleGroup{}
+		group.IsOn = true
+		group.Name = "XSS"
+		group.Code = "xss"
+		group.Description = "防跨站脚本攻击（Cross Site Scripting）"
+
+		{
+			set := &HTTPFirewallRuleSet{}
+			set.IsOn = true
+			set.Name = "Javascript事件"
+			set.Code = "1001"
+			set.Connector = HTTPFirewallRuleConnectorOr
+			set.Action = HTTPFirewallActionBlock
+			set.AddRule(&HTTPFirewallRule{
+				IsOn:              true,
+				Param:             "${requestURI}",
+				Operator:          HTTPFirewallRuleOperatorMatch,
+				Value:             `(onmouseover|onmousemove|onmousedown|onmouseup|onerror|onload|onclick|ondblclick|onkeydown|onkeyup|onkeypress)\s*=`, // TODO more keywords here
+				IsCaseInsensitive: true,
+			})
+			group.AddRuleSet(set)
+		}
+
+		{
+			set := &HTTPFirewallRuleSet{}
+			set.IsOn = true
+			set.Name = "Javascript函数"
+			set.Code = "1002"
+			set.Connector = HTTPFirewallRuleConnectorOr
+			set.Action = HTTPFirewallActionBlock
+			set.AddRule(&HTTPFirewallRule{
+				IsOn:              true,
+				Param:             "${requestURI}",
+				Operator:          HTTPFirewallRuleOperatorMatch,
+				Value:             `(alert|eval|prompt|confirm)\s*\(`, // TODO more keywords here
+				IsCaseInsensitive: true,
+			})
+			group.AddRuleSet(set)
+		}
+
+		{
+			set := &HTTPFirewallRuleSet{}
+			set.IsOn = true
+			set.Name = "HTML标签"
+			set.Code = "1003"
+			set.Connector = HTTPFirewallRuleConnectorOr
+			set.Action = HTTPFirewallActionBlock
+			set.AddRule(&HTTPFirewallRule{
+				IsOn:              true,
+				Param:             "${requestURI}",
+				Operator:          HTTPFirewallRuleOperatorMatch,
+				Value:             `<(script|iframe|link)`, // TODO more keywords here
+				IsCaseInsensitive: true,
+			})
+			group.AddRuleSet(set)
+		}
+
+		policy.Inbound.Groups = append(policy.Inbound.Groups, group)
+	}
+
+	// upload
+	{
+		group := &HTTPFirewallRuleGroup{}
+		group.IsOn = true
+		group.Name = "文件上传"
+		group.Code = "upload"
+		group.Description = "防止上传可执行脚本文件到服务器"
+
+		{
+			set := &HTTPFirewallRuleSet{}
+			set.IsOn = true
+			set.Name = "上传文件扩展名"
+			set.Code = "2001"
+			set.Connector = HTTPFirewallRuleConnectorOr
+			set.Action = HTTPFirewallActionBlock
+			set.AddRule(&HTTPFirewallRule{
+				IsOn:              true,
+				Param:             "${requestUpload.ext}",
+				Operator:          HTTPFirewallRuleOperatorMatch,
+				Value:             `\.(php|jsp|aspx|asp|exe|asa|rb|py)\b`, // TODO more keywords here
+				IsCaseInsensitive: true,
+			})
+			group.AddRuleSet(set)
+		}
+
+		policy.Inbound.Groups = append(policy.Inbound.Groups, group)
+	}
+
+	// web shell
+	{
+		group := &HTTPFirewallRuleGroup{}
+		group.IsOn = true
+		group.Name = "Web Shell"
+		group.Code = "webShell"
+		group.Description = "防止远程执行服务器命令"
+
+		{
+			set := &HTTPFirewallRuleSet{}
+			set.IsOn = true
+			set.Name = "Web Shell"
+			set.Code = "3001"
+			set.Connector = HTTPFirewallRuleConnectorOr
+			set.Action = HTTPFirewallActionBlock
+			set.AddRule(&HTTPFirewallRule{
+				IsOn:              true,
+				Param:             "${requestAll}",
+				Operator:          HTTPFirewallRuleOperatorMatch,
+				Value:             `\b(eval|system|exec|execute|passthru|shell_exec|phpinfo)\s*\(`, // TODO more keywords here
+				IsCaseInsensitive: true,
+			})
+			group.AddRuleSet(set)
+		}
+
+		policy.Inbound.Groups = append(policy.Inbound.Groups, group)
+	}
+
+	// command injection
+	{
+		group := &HTTPFirewallRuleGroup{}
+		group.IsOn = true
+		group.Name = "命令注入"
+		group.Code = "commandInjection"
+
+		{
+			set := &HTTPFirewallRuleSet{}
+			set.IsOn = true
+			set.Name = "命令注入"
+			set.Code = "4001"
+			set.Connector = HTTPFirewallRuleConnectorOr
+			set.Action = HTTPFirewallActionBlock
+			set.AddRule(&HTTPFirewallRule{
+				IsOn:              true,
+				Param:             "${requestURI}",
+				Operator:          HTTPFirewallRuleOperatorMatch,
+				Value:             `\b(pwd|ls|ll|whoami|id|net\s+user)\s*$`, // TODO more keywords here
+				IsCaseInsensitive: false,
+			})
+			set.AddRule(&HTTPFirewallRule{
+				IsOn:              true,
+				Param:             "${requestBody}",
+				Operator:          HTTPFirewallRuleOperatorMatch,
+				Value:             `\b(pwd|ls|ll|whoami|id|net\s+user)\s*$`, // TODO more keywords here
+				IsCaseInsensitive: false,
+			})
+			group.AddRuleSet(set)
+		}
+
+		policy.Inbound.Groups = append(policy.Inbound.Groups, group)
+	}
+
+	// path traversal
+	{
+		group := &HTTPFirewallRuleGroup{}
+		group.IsOn = true
+		group.Name = "路径穿越"
+		group.Code = "pathTraversal"
+		group.Description = "防止读取网站目录之外的其他系统文件"
+
+		{
+			set := &HTTPFirewallRuleSet{}
+			set.IsOn = true
+			set.Name = "路径穿越"
+			set.Code = "5001"
+			set.Connector = HTTPFirewallRuleConnectorOr
+			set.Action = HTTPFirewallActionBlock
+			set.AddRule(&HTTPFirewallRule{
+				IsOn:              true,
+				Param:             "${requestURI}",
+				Operator:          HTTPFirewallRuleOperatorMatch,
+				Value:             `((\.+)(/+)){2,}`, // TODO more keywords here
+				IsCaseInsensitive: false,
+			})
+			group.AddRuleSet(set)
+		}
+
+		policy.Inbound.Groups = append(policy.Inbound.Groups, group)
+	}
+
+	// special dirs
+	{
+		group := &HTTPFirewallRuleGroup{}
+		group.IsOn = true
+		group.Name = "特殊目录"
+		group.Code = "denyDirs"
+		group.Description = "防止通过Web访问到一些特殊目录"
+
+		{
+			set := &HTTPFirewallRuleSet{}
+			set.IsOn = true
+			set.Name = "特殊目录"
+			set.Code = "6001"
+			set.Connector = HTTPFirewallRuleConnectorOr
+			set.Action = HTTPFirewallActionBlock
+			set.AddRule(&HTTPFirewallRule{
+				IsOn:              true,
+				Param:             "${requestPath}",
+				Operator:          HTTPFirewallRuleOperatorMatch,
+				Value:             `/\.(git|svn|htaccess|idea)\b`, // TODO more keywords here
+				IsCaseInsensitive: true,
+			})
+			group.AddRuleSet(set)
+		}
+
+		policy.Inbound.Groups = append(policy.Inbound.Groups, group)
+	}
+
+	// sql injection
+	{
+		group := &HTTPFirewallRuleGroup{}
+		group.IsOn = true
+		group.Name = "SQL注入"
+		group.Code = "sqlInjection"
+		group.Description = "防止SQL注入漏洞"
+
+		{
+			set := &HTTPFirewallRuleSet{}
+			set.IsOn = true
+			set.Name = "Union SQL Injection"
+			set.Code = "7001"
+			set.Connector = HTTPFirewallRuleConnectorOr
+			set.Action = HTTPFirewallActionBlock
+
+			set.AddRule(&HTTPFirewallRule{
+				IsOn:              true,
+				Param:             "${requestAll}",
+				Operator:          HTTPFirewallRuleOperatorMatch,
+				Value:             `union[\s/\*]+select`,
+				IsCaseInsensitive: true,
+			})
+
+			group.AddRuleSet(set)
+		}
+
+		{
+			set := &HTTPFirewallRuleSet{}
+			set.IsOn = true
+			set.Name = "SQL注释"
+			set.Code = "7002"
+			set.Connector = HTTPFirewallRuleConnectorOr
+			set.Action = HTTPFirewallActionBlock
+
+			set.AddRule(&HTTPFirewallRule{
+				IsOn:              true,
+				Param:             "${requestAll}",
+				Operator:          HTTPFirewallRuleOperatorMatch,
+				Value:             `/\*(!|\x00)`,
+				IsCaseInsensitive: true,
+			})
+
+			group.AddRuleSet(set)
+		}
+
+		{
+			set := &HTTPFirewallRuleSet{}
+			set.IsOn = true
+			set.Name = "SQL条件"
+			set.Code = "7003"
+			set.Connector = HTTPFirewallRuleConnectorOr
+			set.Action = HTTPFirewallActionBlock
+
+			set.AddRule(&HTTPFirewallRule{
+				IsOn:              true,
+				Param:             "${requestAll}",
+				Operator:          HTTPFirewallRuleOperatorMatch,
+				Value:             `\s(and|or|rlike)\s+(if|updatexml)\s*\(`,
+				IsCaseInsensitive: true,
+			})
+			set.AddRule(&HTTPFirewallRule{
+				IsOn:              true,
+				Param:             "${requestAll}",
+				Operator:          HTTPFirewallRuleOperatorMatch,
+				Value:             `\s+(and|or|rlike)\s+(select|case)\s+`,
+				IsCaseInsensitive: true,
+			})
+			set.AddRule(&HTTPFirewallRule{
+				IsOn:              true,
+				Param:             "${requestAll}",
+				Operator:          HTTPFirewallRuleOperatorMatch,
+				Value:             `\s+(and|or|procedure)\s+[\w\p{L}]+\s*=\s*[\w\p{L}]+(\s|$|--|#)`,
+				IsCaseInsensitive: true,
+			})
+			set.AddRule(&HTTPFirewallRule{
+				IsOn:              true,
+				Param:             "${requestAll}",
+				Operator:          HTTPFirewallRuleOperatorMatch,
+				Value:             `\(\s*case\s+when\s+[\w\p{L}]+\s*=\s*[\w\p{L}]+\s+then\s+`,
+				IsCaseInsensitive: true,
+			})
+
+			group.AddRuleSet(set)
+		}
+
+		{
+			set := &HTTPFirewallRuleSet{}
+			set.IsOn = true
+			set.Name = "SQL函数"
+			set.Code = "7004"
+			set.Connector = HTTPFirewallRuleConnectorOr
+			set.Action = HTTPFirewallActionBlock
+
+			set.AddRule(&HTTPFirewallRule{
+				IsOn:              true,
+				Param:             "${requestAll}",
+				Operator:          HTTPFirewallRuleOperatorMatch,
+				Value:             `(updatexml|extractvalue|ascii|ord|char|chr|count|concat|rand|floor|substr|length|len|user|database|benchmark|analyse)\s*\(`,
+				IsCaseInsensitive: true,
+			})
+
+			group.AddRuleSet(set)
+		}
+
+		{
+			set := &HTTPFirewallRuleSet{}
+			set.IsOn = true
+			set.Name = "SQL附加语句"
+			set.Code = "7005"
+			set.Connector = HTTPFirewallRuleConnectorOr
+			set.Action = HTTPFirewallActionBlock
+
+			set.AddRule(&HTTPFirewallRule{
+				IsOn:              true,
+				Param:             "${requestAll}",
+				Operator:          HTTPFirewallRuleOperatorMatch,
+				Value:             `;\s*(declare|use|drop|create|exec|delete|update|insert)\s`,
+				IsCaseInsensitive: true,
+			})
+
+			group.AddRuleSet(set)
+		}
+
+		policy.Inbound.Groups = append(policy.Inbound.Groups, group)
+	}
+
+	// bot
+	{
+		group := &HTTPFirewallRuleGroup{}
+		group.IsOn = true
+		group.Name = "网络爬虫"
+		group.Code = "bot"
+		group.Description = "禁止一些网络爬虫"
+
+		{
+			set := &HTTPFirewallRuleSet{}
+			set.IsOn = true
+			set.Name = "常见网络爬虫"
+			set.Code = "20001"
+			set.Connector = HTTPFirewallRuleConnectorOr
+			set.Action = HTTPFirewallActionBlock
+
+			set.AddRule(&HTTPFirewallRule{
+				IsOn:              true,
+				Param:             "${userAgent}",
+				Operator:          HTTPFirewallRuleOperatorMatch,
+				Value:             `Googlebot|AdsBot|bingbot|BingPreview|facebookexternalhit|Slurp|Sogou|proximic|Baiduspider|yandex|twitterbot|spider|python`,
+				IsCaseInsensitive: true,
+			})
+
+			group.AddRuleSet(set)
+		}
+
+		policy.Inbound.Groups = append(policy.Inbound.Groups, group)
+	}
+
+	// cc
+	{
+		group := &HTTPFirewallRuleGroup{}
+		group.IsOn = true
+		group.Name = "CC攻击"
+		group.Description = "Challenge Collapsar，防止短时间大量请求涌入，请谨慎开启和设置"
+		group.Code = "cc"
+
+		{
+			set := &HTTPFirewallRuleSet{}
+			set.IsOn = true
+			set.Name = "CC请求数"
+			set.Description = "限制单IP在一定时间内的请求数"
+			set.Code = "8001"
+			set.Connector = HTTPFirewallRuleConnectorAnd
+			set.Action = HTTPFirewallActionBlock
+			set.AddRule(&HTTPFirewallRule{
+				IsOn:     true,
+				Param:    "${cc.requests}",
+				Operator: HTTPFirewallRuleOperatorGt,
+				Value:    "1000",
+				CheckpointOptions: map[string]interface{}{
+					"period": "60",
+				},
+				IsCaseInsensitive: false,
+			})
+			set.AddRule(&HTTPFirewallRule{
+				IsOn:              true,
+				Param:             "${remoteAddr}",
+				Operator:          HTTPFirewallRuleOperatorNotIPRange,
+				Value:             `127.0.0.1/8`,
+				IsCaseInsensitive: false,
+			})
+			set.AddRule(&HTTPFirewallRule{
+				IsOn:              true,
+				Param:             "${remoteAddr}",
+				Operator:          HTTPFirewallRuleOperatorNotIPRange,
+				Value:             `192.168.0.1/16`,
+				IsCaseInsensitive: false,
+			})
+			set.AddRule(&HTTPFirewallRule{
+				IsOn:              true,
+				Param:             "${remoteAddr}",
+				Operator:          HTTPFirewallRuleOperatorNotIPRange,
+				Value:             `10.0.0.1/8`,
+				IsCaseInsensitive: false,
+			})
+			set.AddRule(&HTTPFirewallRule{
+				IsOn:              true,
+				Param:             "${remoteAddr}",
+				Operator:          HTTPFirewallRuleOperatorNotIPRange,
+				Value:             `172.16.0.1/12`,
+				IsCaseInsensitive: false,
+			})
+
+			group.AddRuleSet(set)
+		}
+
+		policy.Inbound.Groups = append(policy.Inbound.Groups, group)
+	}
+
+	// custom
+	{
+		group := &HTTPFirewallRuleGroup{}
+		group.IsOn = true
+		group.Name = "自定义规则分组"
+		group.Description = "我的自定义规则分组，可以将自定义的规则放在这个分组下"
+		group.Code = "custom"
+		policy.Inbound.Groups = append(policy.Inbound.Groups, group)
+	}
+
+	return policy
+}

pkg/serverconfigs/http_web_config.go

@@ -1,6 +1,9 @@
 package serverconfigs
 
-import "github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/shared"
+import (
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/shared"
+)
 
 type HTTPWebConfig struct {
 	Id                 int64                               `yaml:"id" json:"id"`                                 // ID
@@ -18,7 +21,8 @@ type HTTPWebConfig struct {
 	AccessLogRef       *HTTPAccessLogRef                   `yaml:"accessLog" json:"accessLog"`                   // 访问日志配置
 	StatRef            *HTTPStatRef                        `yaml:"statRef" json:"statRef"`                       // 统计配置
 	Cache              *HTTPCacheConfig                    `yaml:"cache" json:"cache"`
-	FirewallRef        *HTTPFirewallRef           `yaml:"firewallRef" json:"firewallRef"`   // 防火墙设置
+	FirewallRef        *firewallconfigs.HTTPFirewallRef    `yaml:"firewallRef" json:"firewallRef"`       // 防火墙设置
+	FirewallPolicy     *firewallconfigs.HTTPFirewallPolicy `yaml:"firewallPolicy" json:"firewallPolicy"` // 防火墙策略
 	WebsocketRef       *HTTPWebsocketRef                   `yaml:"websocketRef" json:"websocketRef"`     // Websocket应用配置
 	Websocket          *HTTPWebsocketConfig                `yaml:"websocket" json:"websocket"`           // Websocket配置
 	RewriteRefs        []*HTTPRewriteRef                   `yaml:"rewriteRefs" json:"rewriteRefs"`       // 重写规则配置
@@ -125,6 +129,12 @@ func (this *HTTPWebConfig) Init() error {
 			return err
 		}
 	}
+	if this.FirewallPolicy != nil {
+		err := this.FirewallPolicy.Init()
+		if err != nil {
+			return err
+		}
+	}
 
 	// websocket
 	if this.WebsocketRef != nil {

pkg/serverconfigs/shared/ip_range.go

@@ -0,0 +1,147 @@
+package shared
+
+import (
+	"bytes"
+	"errors"
+	"github.com/iwind/TeaGo/utils/string"
+	"net"
+	"regexp"
+	"strings"
+)
+
+// IP Range类型
+type IPRangeType = int
+
+const (
+	IPRangeTypeRange    IPRangeType = 1
+	IPRangeTypeCIDR     IPRangeType = 2
+	IPRangeTypeAll      IPRangeType = 3
+	IPRangeTypeWildcard IPRangeType = 4 // 通配符，可以使用*
+)
+
+// IP Range
+type IPRangeConfig struct {
+	Id string `yaml:"id" json:"id"`
+
+	Type IPRangeType `yaml:"type" json:"type"`
+
+	Param  string `yaml:"param" json:"param"`
+	CIDR   string `yaml:"cidr" json:"cidr"`
+	IPFrom string `yaml:"ipFrom" json:"ipFrom"`
+	IPTo   string `yaml:"ipTo" json:"ipTo"`
+
+	cidr   *net.IPNet
+	ipFrom net.IP
+	ipTo   net.IP
+	reg    *regexp.Regexp
+}
+
+// 获取新对象
+func NewIPRangeConfig() *IPRangeConfig {
+	return &IPRangeConfig{
+		Id: stringutil.Rand(16),
+	}
+}
+
+// 从字符串中分析
+func ParseIPRange(s string) (*IPRangeConfig, error) {
+	if len(s) == 0 {
+		return nil, errors.New("invalid ip range")
+	}
+
+	ipRange := &IPRangeConfig{}
+
+	if s == "*" || s == "all" || s == "ALL" || s == "0.0.0.0" {
+		ipRange.Type = IPRangeTypeAll
+		return ipRange, nil
+	}
+
+	if strings.Contains(s, "/") {
+		ipRange.Type = IPRangeTypeCIDR
+		ipRange.CIDR = strings.Replace(s, " ", "", -1)
+	} else if strings.Contains(s, "-") {
+		ipRange.Type = IPRangeTypeRange
+		pieces := strings.SplitN(s, "-", 2)
+		ipRange.IPFrom = strings.TrimSpace(pieces[0])
+		ipRange.IPTo = strings.TrimSpace(pieces[1])
+	} else if strings.Contains(s, ",") {
+		ipRange.Type = IPRangeTypeRange
+		pieces := strings.SplitN(s, ",", 2)
+		ipRange.IPFrom = strings.TrimSpace(pieces[0])
+		ipRange.IPTo = strings.TrimSpace(pieces[1])
+	} else if strings.Contains(s, "*") {
+		ipRange.Type = IPRangeTypeWildcard
+		s = "^" + strings.Replace(regexp.QuoteMeta(s), `\*`, `\d+`, -1) + "$"
+		ipRange.reg = regexp.MustCompile(s)
+	} else {
+		ipRange.Type = IPRangeTypeRange
+		ipRange.IPFrom = s
+		ipRange.IPTo = s
+	}
+
+	err := ipRange.Validate()
+	if err != nil {
+		return nil, err
+	}
+	return ipRange, nil
+}
+
+// 校验
+func (this *IPRangeConfig) Validate() error {
+	if this.Type == IPRangeTypeCIDR {
+		if len(this.CIDR) == 0 {
+			return errors.New("cidr should not be empty")
+		}
+
+		_, cidr, err := net.ParseCIDR(this.CIDR)
+		if err != nil {
+			return err
+		}
+		this.cidr = cidr
+	}
+
+	if this.Type == IPRangeTypeRange {
+		this.ipFrom = net.ParseIP(this.IPFrom)
+		this.ipTo = net.ParseIP(this.IPTo)
+
+		if this.ipFrom.To4() == nil && this.ipFrom.To16() == nil {
+			return errors.New("from ip should in IPv4 or IPV6 format")
+		}
+
+		if this.ipTo.To4() == nil && this.ipTo.To16() == nil {
+			return errors.New("to ip should in IPv4 or IPV6 format")
+		}
+	}
+
+	return nil
+}
+
+// 是否包含某个IP
+func (this *IPRangeConfig) Contains(ipString string) bool {
+	ip := net.ParseIP(ipString)
+	if ip.To4() == nil {
+		return false
+	}
+	if this.Type == IPRangeTypeCIDR {
+		if this.cidr == nil {
+			return false
+		}
+		return this.cidr.Contains(ip)
+	}
+	if this.Type == IPRangeTypeRange {
+		if this.ipFrom == nil || this.ipTo == nil {
+			return false
+		}
+		return bytes.Compare(ip, this.ipFrom) >= 0 && bytes.Compare(ip, this.ipTo) <= 0
+	}
+	if this.Type == IPRangeTypeWildcard {
+		if this.reg == nil {
+			return false
+		}
+		return this.reg.MatchString(ipString)
+	}
+	if this.Type == IPRangeTypeAll {
+		return true
+	}
+	return false
+}

pkg/serverconfigs/shared/ip_range_test.go

@@ -0,0 +1,125 @@
+package shared
+
+import (
+	"github.com/iwind/TeaGo/assert"
+	"testing"
+)
+
+func TestGeoConfig_Contains(t *testing.T) {
+	a := assert.NewAssertion(t)
+
+	{
+		geo := NewIPRangeConfig()
+		geo.Type = IPRangeTypeRange
+		geo.IPFrom = "192.168.1.100"
+		geo.IPTo = "192.168.1.110"
+		a.IsNil(geo.Validate())
+		a.IsTrue(geo.Contains("192.168.1.100"))
+		a.IsTrue(geo.Contains("192.168.1.101"))
+		a.IsTrue(geo.Contains("192.168.1.110"))
+		a.IsFalse(geo.Contains("192.168.1.111"))
+	}
+
+	{
+		geo := NewIPRangeConfig()
+		geo.Type = IPRangeTypeCIDR
+		geo.CIDR = "192.168.1.1/24"
+		a.IsNil(geo.Validate())
+		a.IsTrue(geo.Contains("192.168.1.100"))
+		a.IsFalse(geo.Contains("192.168.2.100"))
+	}
+
+	{
+		geo := NewIPRangeConfig()
+		geo.Type = IPRangeTypeCIDR
+		geo.CIDR = "192.168.1.1/16"
+		a.IsNil(geo.Validate())
+		a.IsTrue(geo.Contains("192.168.2.100"))
+	}
+}
+
+func TestParseIPRange(t *testing.T) {
+	a := assert.NewAssertion(t)
+
+	{
+		_, err := ParseIPRange("")
+		a.IsNotNil(err)
+	}
+
+	{
+		r, err := ParseIPRange("192.168.1.100")
+		a.IsNil(err)
+		a.IsTrue(r.IPFrom == r.IPTo)
+		a.IsTrue(r.IPFrom == "192.168.1.100")
+		a.IsTrue(r.Contains("192.168.1.100"))
+		a.IsFalse(r.Contains("192.168.1.99"))
+	}
+
+	{
+		r, err := ParseIPRange("192.168.1.100/24")
+		a.IsNil(err)
+		a.IsTrue(r.CIDR == "192.168.1.100/24")
+		a.IsTrue(r.Contains("192.168.1.100"))
+		a.IsTrue(r.Contains("192.168.1.99"))
+		a.IsFalse(r.Contains("192.168.2.100"))
+	}
+
+	{
+		r, err := ParseIPRange("192.168.1.100, 192.168.1.200")
+		a.IsNil(err)
+		a.IsTrue(r.IPFrom == "192.168.1.100")
+		a.IsTrue(r.IPTo == "192.168.1.200")
+		a.IsTrue(r.Contains("192.168.1.100"))
+		a.IsTrue(r.Contains("192.168.1.150"))
+		a.IsFalse(r.Contains("192.168.2.100"))
+	}
+
+	{
+		r, err := ParseIPRange("192.168.1.100-192.168.1.200")
+		a.IsNil(err)
+		a.IsTrue(r.IPFrom == "192.168.1.100")
+		a.IsTrue(r.IPTo == "192.168.1.200")
+		a.IsTrue(r.Contains("192.168.1.100"))
+		a.IsTrue(r.Contains("192.168.1.150"))
+		a.IsFalse(r.Contains("192.168.2.100"))
+	}
+
+	{
+		r, err := ParseIPRange("all")
+		a.IsNil(err)
+		a.IsTrue(r.Type == IPRangeTypeAll)
+		a.IsTrue(r.Contains("192.168.1.100"))
+		a.IsTrue(r.Contains("192.168.1.150"))
+		a.IsTrue(r.Contains("192.168.2.100"))
+	}
+
+	{
+		r, err := ParseIPRange("192.168.1.*")
+		a.IsNil(err)
+		if r != nil {
+			a.IsTrue(r.Type == IPRangeTypeWildcard)
+			a.IsTrue(r.Contains("192.168.1.100"))
+			a.IsFalse(r.Contains("192.168.2.100"))
+		}
+	}
+
+	{
+		r, err := ParseIPRange("192.168.*.*")
+		a.IsNil(err)
+		if r != nil {
+			a.IsTrue(r.Type == IPRangeTypeWildcard)
+			a.IsTrue(r.Contains("192.168.1.100"))
+			a.IsTrue(r.Contains("192.168.2.100"))
+		}
+	}
+}
+
+func BenchmarkIPRangeConfig_Contains(b *testing.B) {
+	r, err := ParseIPRange("192.168.1.*")
+	if err != nil {
+		b.Fatal(err)
+	}
+	for i := 0; i < b.N; i++ {
+		_ = r.Contains("192.168.1.100")
+	}
+}