diff --git a/plugins/op_waf/index.py b/plugins/op_waf/index.py
index 91022b7c1..ea2b4d191 100755
--- a/plugins/op_waf/index.py
+++ b/plugins/op_waf/index.py
@@ -122,7 +122,22 @@ def initSiteInfo():
             tmp['scan'] = config_contents['scan']
 
             cdn_header = ['x-forwarded-for',
-                          'x-real-ip', 'HTTP_CF_CONNECTING_IP']
+                          'x-real-ip',
+                          'x-forwarded',
+                          'forwarded-for',
+                          'forwarded',
+                          'true-client-ip',
+                          'client-ip',
+                          'ali-cdn-real-ip',
+                          'cdn-src-ip',
+                          'cdn-real-ip',
+                          'cf-connecting-ip',
+                          'cf-connecting-ip',
+                          'x-cluster-client-ip',
+                          'wl-proxy-client-ip',
+                          'proxy-client-ip',
+                          'true-client-ip',
+                          'HTTP_CF_CONNECTING_IP']
             tmp['cdn_header'] = cdn_header
 
             disable_upload_ext = ["php", "jsp"]
diff --git a/plugins/op_waf/t/index.py b/plugins/op_waf/t/index.py
index ef324c1ff..65db38e92 100644
--- a/plugins/op_waf/t/index.py
+++ b/plugins/op_waf/t/index.py
@@ -6,18 +6,82 @@ import os
 import time
 import json
 
+import os
+import sys
+import time
+import string
+import json
+import hashlib
+import shlex
+import datetime
+import subprocess
+import re
+from random import Random
+
 
 TEST_URL = "http://t1.cn/"
 
 
-def run():
+def httpGet(url, timeout):
+    import urllib.request
+
+    try:
+        req = urllib.request.urlopen(url, timeout=timeout)
+        result = req.read().decode('utf-8')
+        return result
+
+    except Exception as e:
+        return str(e)
+
+
+def httpPost(url, data, timeout=10):
+    """
+    发送POST请求
+    @url 被请求的URL地址(必需)
+    @data POST参数，可以是字符串或字典(必需)
+    @timeout 超时时间默认60秒
+    return string
+    """
+    if sys.version_info[0] == 2:
+        try:
+            import urllib
+            import urllib2
+            import ssl
+            ssl._create_default_https_context = ssl._create_unverified_context
+            data = urllib.urlencode(data)
+            req = urllib2.Request(url, data)
+            response = urllib2.urlopen(req, timeout=timeout)
+            return response.read()
+        except Exception as ex:
+            return str(ex)
+    else:
+        try:
+            import urllib.request
+            import ssl
+            try:
+                ssl._create_default_https_context = ssl._create_unverified_context
+            except:
+                pass
+            data = urllib.parse.urlencode(data).encode('utf-8')
+            req = urllib.request.Request(url, data)
+            response = urllib.request.urlopen(req, timeout=timeout)
+            result = response.read()
+            if type(result) == bytes:
+                result = result.decode('utf-8')
+            return result
+        except Exception as ex:
+            return str(ex)
+
+
+def test_Dir():
     url = TEST_URL + '?t=../etc/passwd'
     print("args test start")
-
+    httpGet(url, 10)
     print("args test end")
 
 
 def test_start():
+    test_Dir()
 
 
 if __name__ == "__main__":