diff --git a/plugins/mysql/js/mysql.js b/plugins/mysql/js/mysql.js
index 09b6b695c..239ba9086 100755
--- a/plugins/mysql/js/mysql.js
+++ b/plugins/mysql/js/mysql.js
@@ -1097,16 +1097,5 @@ function repTools(db_name, res){
                         </ul></div>'
         });
         tableFixed('database_fix');
-        //表格头固定
-        function tableFixed(name) {
-            var tableName = document.querySelector('#' + name);
-            tableName.addEventListener('scroll', scrollHandle);
-        }
-
-        function scrollHandle(e) {
-            var scrollTop = this.scrollTop;
-            //this.querySelector('thead').style.transform = 'translateY(' + scrollTop + 'px)';
-            $(this).find("thead").css({ "transform": "translateY(" + scrollTop + "px)", "position": "relative", "z-index": "1" });
-        }
     });
 }
diff --git a/plugins/op_waf/index.py b/plugins/op_waf/index.py
index 79fd59449..7d6cd9dc4 100755
--- a/plugins/op_waf/index.py
+++ b/plugins/op_waf/index.py
@@ -58,7 +58,6 @@ def checkArgs(data, ck=[]):
     return (True, public.returnJson(True, 'ok'))
 
 
-
 def getConf():
     path = public.getServerDir() + "/openresty/nginx/conf/nginx.conf"
     return path
@@ -120,11 +119,9 @@ def start():
 def stop():
     path = public.getServerDir() + "/openresty/nginx/conf/waf"
     if os.path.exists(path):
-        cmd = 'rm -rf '+path
+        cmd = 'rm -rf ' + path
         public.execShell(cmd)
 
-
-
     path = getConf()
     conf = public.readFile(path)
     conf = conf.replace('include luawaf.conf;', "#include luawaf.conf;")
@@ -141,14 +138,34 @@ def restart():
 
 def reload():
     stop()
-    public.execShell('rm -rf '+public.getServerDir() + "/openresty/nginx/logs/error.log")
+    public.execShell('rm -rf ' + public.getServerDir() +
+                     "/openresty/nginx/logs/error.log")
     start()
     return 'ok'
 
+
 def getJsonPath(name):
-    path = public.getServerDir() + "/openresty/nginx/conf/waf/"+name+".json"
+    path = public.getServerDir() + "/openresty/nginx/conf/waf/" + name + ".json"
     return path
 
+
+def getRuleJsonPath(name):
+    path = public.getServerDir() + "/openresty/nginx/conf/waf/rule/" + name + ".json"
+    return path
+
+
+def getRule():
+    args = getArgs()
+    data = checkArgs(args, ['rule_name'])
+    if not data[0]:
+        return data[1]
+
+    rule_name = args['rule_name']
+    fpath = getRuleJsonPath(rule_name)
+    content = public.readFile(fpath)
+    return public.returnJson(True, 'ok', content)
+
+
 def setObjStatus():
     args = getArgs()
     data = checkArgs(args, ['obj', 'statusCode'])
@@ -159,13 +176,14 @@ def setObjStatus():
     content = public.readFile(conf)
     cobj = json.loads(content)
 
-    o =  args['obj']
+    o = args['obj']
     status = args['statusCode']
     cobj[o]['status'] = status
 
     cjson = public.getJson(cobj)
-    public.writeFile(conf,cjson)
-    return public.returnJson(True,'设置成功!')
+    public.writeFile(conf, cjson)
+    return public.returnJson(True, '设置成功!')
+
 
 def setObjOpen():
     args = getArgs()
@@ -184,8 +202,9 @@ def setObjOpen():
         cobj[o]["open"] = True
 
     cjson = public.getJson(cobj)
-    public.writeFile(conf,cjson)
-    return public.returnJson(True,'设置成功!')
+    public.writeFile(conf, cjson)
+    return public.returnJson(True, '设置成功!')
+
 
 def getWafSrceen():
     conf = getJsonPath('total')
@@ -196,6 +215,7 @@ def getWafConf():
     conf = getJsonPath('config')
     return public.readFile(conf)
 
+
 def getWafSite():
     return ''
 
@@ -214,6 +234,8 @@ if __name__ == "__main__":
         print reload()
     elif func == 'conf':
         print getConf()
+    elif func == 'get_rule':
+        print getRule()
     elif func == 'set_obj_status':
         print setObjStatus()
     elif func == 'set_obj_open':
diff --git a/plugins/op_waf/js/op_waf.js b/plugins/op_waf/js/op_waf.js
index 263222b6d..dabea549e 100755
--- a/plugins/op_waf/js/op_waf.js
+++ b/plugins/op_waf/js/op_waf.js
@@ -15,6 +15,13 @@ function owPost(method, args, callback){
 }
 
 
+function getRuleByName(rule_name, callback){
+    owPost('get_rule', {rule_name:rule_name}, function(data){
+        callback(data);
+    })
+}
+
+
 function setRequestCode(ruleName, statusCode){
     layer.open({
         type: 1,
@@ -207,6 +214,115 @@ function setRetry(retry_cycle, retry, retry_time, siteName) {
 }
 
 
+//URL白名单
+function urlWhite(type) {
+    if (type == undefined) {
+        layer.open({
+            type: 1,
+            title: "管理URL白名单",
+            area: ['500px', '400px'],
+            closeBtn: 2,
+            shadeClose: false,
+            content: '<div class="tab_list"><div class="tab_block active">标准模式-URL白名单</div><div class="tab_block">增强模式—URL白名单</div></div>\
+                <div class="pd15">\
+                    <div class="url_block">\
+                        <div style="border-bottom:#ccc 1px solid;margin-bottom:10px;padding-bottom:10px">\
+                            <input class="bt-input-text" name="url_white_address" type="text" value="" style="width:400px;margin-right:15px;margin-left:5px" placeholder="URL地址,支持正则表达式">\
+                            <button class="btn btn-success btn-sm va0 pull-right" onclick="add_url_white();">添加</button>\
+                        </div>\
+                        <div class="divtable">\
+                            <div id="urlWhite" style="max-height:300px;overflow:auto;border:#ddd 1px solid">\
+                                <table class="table table-hover" style="border:none">\
+                                    <thead>\
+                                        <tr>\
+                                            <th>URL</th>\
+                                            <th style="text-align: right;">操作</th>\
+                                        </tr>\
+                                    </thead>\
+                                    <tbody id="url_white_con" class="gztr"></tbody>\
+                                </table>\
+                            </div>\
+                            <div class="btn-list">\
+                                <button class="btn btn-success btn-sm va0 mr5 mt10" onclick="file_input(\'url_white\')" >导入</button>\
+                                <button class="btn btn-success btn-sm va0 mt10" onclick="output_data(\'url_white\')">导出</button>\
+                            </div>\
+                        </div>\
+                    </div>\
+                    <div class="url_block" style="display:none">\
+                        <div style="border-bottom:#ccc 1px solid;margin-bottom:10px;padding-bottom:10px">\
+                            <input class="bt-input-text" name="url_increase_white_address" type="text" value="" style="width:400px;margin-right:15px;margin-left:5px" placeholder="URL地址,支持正则表达式">\
+                            <button class="btn btn-success btn-sm va0 pull-right add_increase_white_event" >添加</button>\
+                        </div>\
+                        <div class="divtable">\
+                            <div id="url_increase_white" style="max-height:300px;overflow:auto;border:#ddd 1px solid">\
+                                <table class="table table-hover" style="border:none">\
+                                    <thead>\
+                                        <tr>\
+                                            <th>URL</th>\
+                                            <th style="text-align: right;">操作</th>\
+                                        </tr>\
+                                    </thead>\
+                                    <tbody id="url_increase_white_con" class="gztr"></tbody>\
+                                </table>\
+                            </div>\
+                        </div>\
+                    </div>\
+                    <ul class="help-info-text c7">\
+                        <li>所有规则对白名单中的URL无效,包括IP黑名单和URL黑名单</li>\
+                    </ul></div>',
+            success:function(layero,index){
+                $('.tab_list .tab_block').click(function(){
+                    var index = $(this).index();
+                    $(this).addClass('active').siblings().removeClass('active');
+                    $('.url_block').eq(index).show().siblings().hide();
+                    if(index == 1) {get_golbls_cc();}
+                });
+                $('.add_increase_white_event').click(function(){
+                    var _val = $('[name="url_increase_white_address"]').val();
+                    if(_val == ''){
+                        layer.msg('URL规则不能为空!');
+                        return false;
+                    }
+                    add_golbls_cc({text:_val},function(res){
+                        if(res.status){
+                            get_golbls_cc(function(){
+                                if(res.status) get_golbls_cc(function(){
+                                    layer.msg(res.msg,{icon:res.status?1:2});
+                                });
+                            });
+                            $('[name="url_increase_white_address"]').val('');
+                        }
+                    });
+                });
+                $('#url_increase_white_con').on('click','.del_golbls_cc',function(){
+                    var _val = $(this).attr('data-val');
+                    del_golbls_cc({text:_val},function(res){
+                        if(res.status) get_golbls_cc(function(){
+                            layer.msg(res.msg,{icon:res.status?1:2});
+                        });
+                    });
+                });
+            }
+        });
+        tableFixed("urlWhite");
+    }
+
+
+    getRuleByName('url_white', function(data){
+        var tmp = $.parseJSON(data.data);
+        var rdata = $.parseJSON(tmp.data);
+        console.log(rdata);
+        var tbody = ''
+        for (var i = 0; i < rdata.length; i++) {
+            tbody += '<tr>\
+                    <td>'+ rdata[i] + '</td>\
+                    <td class="text-right"><a class="btlink" onclick="remove_url_white('+ i + ')">删除</a></td>\
+                </tr>'
+        }
+        $("#url_white_con").html(tbody);
+    });
+}
+
 
 //设置规则
 function setObjConf(ruleName, type) {
@@ -342,6 +458,21 @@ function wafGloabl(){
                         </div></td>\
                         <td class="text-right"><a class="btlink" onclick="setObjConf(\'url\')">规则</a> | <a class="btlink" href="javascript:;" onclick="onlineEditFile(0,\'/www/server/btwaf/html/get.html\')">响应内容</a></td>\
                     </tr>\
+                    <tr>\
+                        <td>URL白名单</td><td>大部分规则对URL白名单无效</td><td style="text-align: center;">--</td>\
+                        <td style="text-align: center;">--</td>\
+                        <td class="text-right"><a class="btlink" onclick="urlWhite()">设置</a></td>\
+                    </tr>\
+                    <tr>\
+                        <td>URL黑名单</td><td>禁止访问的URL地址</td><td><a class="btlink" onclick="setRequestCode(\'get\','+ rdata.get.status + ')">' + rdata.get.status + '</a></td>\
+                        <td style="text-align: center;">--</td>\
+                        <td class="text-right"><a class="btlink" onclick="url_black()">设置</a></td>\
+                    </tr>\
+                    <tr>\
+                        <td>其它</td><td>'+ rdata.other.ps + '</td><td>--</td>\
+                        <td style="text-align: center;">--</td>\
+                        <td class="text-right"><a class="btlink" href="javascript:;" onclick="onlineEditFile(0,\'/www/server/btwaf/html/other.html\')">响应内容</a></td>\
+                    </tr>\
                 </tbody>\
             </table>\
             </div>';
diff --git a/route/static/app/public.js b/route/static/app/public.js
index 3ec256472..8348d3c4e 100755
--- a/route/static/app/public.js
+++ b/route/static/app/public.js
@@ -16,6 +16,19 @@ function toSize(a) {
 	}
 }
 
+//表格头固定
+function tableFixed(name) {
+    var tableName = document.querySelector('#' + name);
+    tableName.addEventListener('scroll', scrollHandle);
+}
+
+function scrollHandle(e) {
+    var scrollTop = this.scrollTop;
+    //this.querySelector('thead').style.transform = 'translateY(' + scrollTop + 'px)';
+    $(this).find("thead").css({ "transform": "translateY(" + scrollTop + "px)", "position": "relative", "z-index": "1" });
+}
+
+
 //转换单们到MB
 function toSizeM(byteLen) {
     var a = parseInt(byteLen) / 1024 / 1024;