diff --git a/plugins/op_waf/index.py b/plugins/op_waf/index.py
index ccc182050..9dafdf829 100755
--- a/plugins/op_waf/index.py
+++ b/plugins/op_waf/index.py
@@ -118,6 +118,7 @@ def initSiteInfo():
     cjson = public.getJson(site_contents_new)
     public.writeFile(path_site, cjson)
 
+
 def initTotalInfo():
     data = []
     path_domains = getJsonPath('domains')
@@ -135,7 +136,7 @@ def initTotalInfo():
     total_contents_new = {}
     for x in range(len(domain_contents)):
         name = domain_contents[x]['name']
-        if 'sites' in  total_contents and name in total_contents['sites']:
+        if 'sites' in total_contents and name in total_contents['sites']:
             pass
         else:
             tmp = {}
@@ -339,18 +340,18 @@ def getSiteConfig():
     total_content = json.loads(total_content)
 
     # print total_content
-    
+
     for x in content:
         tmp = []
         tmp_v = {}
         if 'sites' in total_content and x in total_content['sites']:
-            tmp_v = total_content['sites'][x];
-            
-        key_list = ['get','post','user-agent','cookie','cdn','cc']
+            tmp_v = total_content['sites'][x]
+
+        key_list = ['get', 'post', 'user-agent', 'cookie', 'cdn', 'cc']
         for kx in range(len(key_list)):
             ktmp = {}
 
-            if kx in tmp_v :
+            if kx in tmp_v:
                 ktmp['value'] = tmp_v[key_list[kx]]
             else:
                 ktmp['value'] = ''
@@ -360,10 +361,54 @@ def getSiteConfig():
         # print tmp
         content[x]['total'] = tmp
 
-
     content = public.getJson(content)
     return public.returnJson(True, 'ok!', content)
 
+
+def getLogsList():
+    args = getArgs()
+    data = checkArgs(args, ['siteName'])
+    if not data[0]:
+        return data[1]
+
+    data = []
+    path = public.getLogsDir() + '/waf'
+    files = os.listdir(path)
+    for f in files:
+        if f == '.DS_Store':
+            continue
+        f = f.split('_')
+        if f[0] == args['siteName']:
+            fl = f[1].split('.')
+            data.append(fl[0])
+
+    return public.returnJson(True, 'ok!', data)
+
+
+def getSafeLogs():
+    args = getArgs()
+    data = checkArgs(args, ['siteName', 'toDate', 'p'])
+    if not data[0]:
+        return data[1]
+
+    path = public.getLogsDir() + '/waf'
+    file = path + '/' + args['siteName'] + '_' + args['toDate'] + '.log'
+    if not os.path.exists(file):
+        return public.returnJson(False, "文件不存在!")
+
+    retData = []
+    file = open(file)
+    while 1:
+        lines = file.readlines(100000)
+        if not lines:
+            break
+        for line in lines:
+
+            retData.append(json.loads(line))
+
+    return public.returnJson(True, '设置成功!', retData)
+
+
 def setObjOpen():
     args = getArgs()
     data = checkArgs(args, ['obj'])
@@ -427,6 +472,10 @@ if __name__ == "__main__":
         print saveScanRule()
     elif func == 'get_site_config':
         print getSiteConfig()
+    elif func == 'get_logs_list':
+        print getLogsList()
+    elif func == 'get_safe_logs':
+        print getSafeLogs()
     elif func == 'waf_srceen':
         print getWafSrceen()
     elif func == 'waf_conf':
diff --git a/plugins/op_waf/js/op_waf.js b/plugins/op_waf/js/op_waf.js
index eae323f1e..d9e96681c 100755
--- a/plugins/op_waf/js/op_waf.js
+++ b/plugins/op_waf/js/op_waf.js
@@ -865,6 +865,357 @@ function back_css(v) {
     }
 }
 
+//查看网站日志
+function siteWafLog(siteName) {
+    var loadT = layer.msg('正在处理，请稍候..', { icon: 16, time: 0 });
+    owPost('get_logs_list', { siteName: siteName } , function (data) {
+        var tmp = $.parseJSON(data.data);
+        var rdata = tmp.data;
+        var selectLogDay = "";
+        var day = rdata[0];
+        for (var i = 0; i < rdata.length; i++) {
+            selectLogDay += '<option value="' + rdata[i] + '">' + rdata[i] + '</option>';
+        }
+        if (rdata == "") {
+            layer.msg("暂无日志记录", { icon: 6, shade: 0.3, time: 1000 });
+            return
+        }
+        layer.open({
+            type: 1,
+            title: "日志【" + siteName + "】",
+            area: ['880px', '500px'],
+            closeBtn: 2,
+            shadeClose: false,
+            content: '<div class="lib-box pd15 lib-box-log">\
+                <div class="lib-con-title" style="height:40px"><select id="selectLogDay" class="bt-input-text" onchange="siteLogCon(\''+ siteName + '\',this.options[this.options.selectedIndex].value,1)">' + selectLogDay + '</select></div>\
+                <div class="lib-con">\
+                    <div class="divtable">\
+                        <div id="site_waf_log" style="max-height:400px;overflow:auto;border:#ddd 1px solid">\
+                        <table class="table table-hover" style="border:none;">\
+                            <thead><tr><th width="150">时间</th><th width="120">用户IP</th><th width="70">类型</th><th>URI地址</th><th class="tdhide">User-Agent</th><th width="60">状态</th><th width="100">过滤器</th><th class="tdhide">过滤规则</th><th width="100" class="text-right">操作</th></tr></thead>\
+                            <tbody id="LogDayCon"></tbody>\
+                        </table>\
+                        </div>\
+                    </div>\
+                    <div class="page pull-right" id="size_log_page" style="margin-top:10px"></div>\
+                </div>\
+                </div>'
+        });
+        siteLogCon(siteName, day, 1);
+        tableFixed("site_waf_log");
+    });
+}
+
+
+//日志内容
+function siteLogCon(siteName, day, page) {
+    if (!page) page = 1;
+    var last = page - 1;
+    var next = page + 1;
+    var pagehtml = '';
+    $("#site_waf_log").scrollTop(0);
+
+    owPost('get_safe_logs', { siteName: siteName, toDate: day, p: page }, function(data){
+        var tmp = $.parseJSON(data.data);
+        if (!tmp.status){
+            layer.msg(rdata.msg, { icon: rdata.status ? 1 : 2 });
+            return;
+        }
+        var rdata = tmp.data;
+        var con = '';
+        for (var i = 0; i < rdata.length; i++) {
+            con += '<tr>\
+                <td class="td0">'+ escapeHTML(rdata[i][0]) + '</td>\
+                <td class="td1"><a class="btlink" href="javascript:add_log_ip_black(\''+ escapeHTML(rdata[i][1]) + '\');" title="加入黑名单">' + escapeHTML(rdata[i][1]) + '</a></td>\
+                <td class="td2">'+ escapeHTML(rdata[i][2]) + '</td>\
+                <td class="td3"><span class="td3txt">'+ escapeHTML(rdata[i][3]) + '</span></td>\
+                <td class="tdhide td4">'+ escapeHTML(rdata[i][4]) + '</td><td>已拦截</td>\
+                <td class="td5"><span class="filtertext">'+ escapeHTML(rdata[i][5]) + '</span></td>\
+                <td class="tdhide td6">'+ escapeHTML(rdata[i][6]) + '</td>\
+                <td class="text-right"><a href="javascript:;" class="btlink submit_msg" data-index="'+ i +'">误报</a> | <a href="javascript:;" class="btlink btwaf_details" data-index="'+ i +'">详细</a></td>\
+            </tr>'
+        }
+
+        $("#LogDayCon").html(con);
+        pagehtml = '<a class="Pstart" onclick="site_log_con(\'' + siteName + '\',\'' + day + '\',1)">首页</a><a class="prevPage" onclick="site_log_con(\'' + siteName + '\',\'' + day + '\',' + last + ')">上一页</a><a class="nextPage" onclick="site_log_con(\'' + siteName + '\',\'' + day + '\',' + next + ')">下一页</a><a class="Pcount">第 ' + page + ' 页</a>';
+        $("#size_log_page").html(pagehtml);
+        if (rdata.length < 1) $(".nextPage").hide();
+        if (last < 1) $(".prevPage").hide();
+
+        // 发送误报请求
+        $(".submit_msg").click(function () {
+            var _this = $(this);
+            var res = rdata[$(this).attr('data-index')];
+            layer.confirm('是否确定提交误报反馈？', { title: '误报反馈',closeBtn:2,icon:3}, function () {
+                var url_address = res[3];
+                var rule_arry = res[6].split(" &gt;&gt; ");
+                var pdata = { url_rule: url_address };
+                var loadT = layer.msg('正在添加URL白名单..', { icon: 16, time: 0 });
+                $.post('/plugin?action=a&name=btwaf&s=add_url_white', pdata, function (rdata) {
+                    layer.msg(rdata.msg, { icon: rdata.status ? 1 : 2 });
+                    layer.close(loadT);
+                    if (rule_arry[1] != undefined){ $.get('https://www.bt.cn/Api/add_waf_logs?data=' + rule_arry[1],function(rdata){},'jsonp')}
+                });
+            });
+        })
+
+        // 详情
+        $(".btwaf_details").click(function () {
+            var res = rdata[$(this).attr('data-index')];
+            var time =  res[0]; //时间
+            var ip_address = res[1]; //IP地址
+            var req_type = res[2]; // 请求类型
+            var url_address = res[3]; // 请求类型
+            var user_agent = res[4]; // 请求类型
+            var filters = res[5]; //过滤器
+            var filter_rule = ''; //过滤规则
+            var rule_arry =  res[6].split(" &gt;&gt; ");
+            var incoming_value = '',risk_value = ''; //传入值,风险值
+            if(rule_arry.length == 0) filter_rule = rule_arry[0]
+            incoming_value = rule_arry[1] == undefined?'空':rule_arry[1];
+            risk_value = incoming_value.match(new RegExp(rule_arry[0].replace(/\//g,'\\/'),'i'));
+            risk_value = risk_value?risk_value[0]:'空';
+
+            layer.open({
+                type: 1,
+                title: time + "详情",
+                area: '600px',
+                closeBtn: 2,
+                shadeClose: false,
+                content: '<div class="pd15 lib-box">\
+                        <table class="table" style="border:#ddd 1px solid; margin-bottom:10px">\
+                        <tbody><tr><th>时间</th><td>'+ escapeHTML(time) + '</td><th>用户IP</th><td><a class="btlink" href="javascript:add_log_ip_black(\'' + escapeHTML(ip_address) + '\')" title="加入黑名单">' + escapeHTML(ip_address) + '</a></td></tr><tr><th>类型</th><td>' + escapeHTML(req_type) + '</td><th>过滤器</th><td>' + escapeHTML(filters) + '</td></tr></tbody></table>\
+                        <div><b style="margin-left:10px">URI地址</b></div>\
+                        <div class="lib-con pull-left mt10"><div class="divpre">'+ escapeHTML(url_address) + '</div></div>\
+                        <div><b style="margin-left:10px">User-Agent</b></div>\
+                        <div class="lib-con pull-left mt10"><div class="divpre">'+ escapeHTML(user_agent) + '</div></div>\
+                        <div><b style="margin-left:10px">过滤规则</b></div>\
+                        <div class="lib-con pull-left mt10"><div class="divpre">'+ escapeHTML(rule_arry[0]) + '</div></div>\
+                        <div><b style="margin-left:10px">传入值</b></div>\
+                        <div class="lib-con pull-left mt10"><div class="divpre">'+ escapeHTML(incoming_value) + '</div></div>\
+                        <div><b style="margin-left:10px">风险值</b></div>\
+                        <div class="lib-con pull-left mt10"><div class="divpre">'+ escapeHTML(risk_value) + '</div></div>\
+                    </div>'
+            })
+        })
+        $("#LogDayCon td").click(function () {
+            $(this).parents("tr").addClass("active").siblings().removeClass("active");
+        });
+
+    });
+}
+
+function html_encode(value) {
+    return $('<div></div>').html(value).text();
+}
+
+function html_decode(value) {
+    return $('<div></div>').text(value).html();
+}
+
+
+//网站设置
+function siteWafConfig(siteName, type) {
+    if (type == undefined) {
+        create_2 = layer.open({
+            type: 1,
+            title: "网站配置【" + siteName + "】",
+            area: ['700px', '500px'],
+            closeBtn: 2,
+            shadeClose: false,
+            content: '<div id="s_w_c"></div>'
+        });
+    }
+    var loadT = layer.msg('正在获取网站配置..', { icon: 16, time: 0 });
+    $.post('/plugin?action=a&name=btwaf&s=get_site_config_byname', { siteName: siteName }, function (rdata) {
+        nginx_config = rdata;
+        layer.close(loadT);
+        var con = '<div class="pd15">\
+                <div class="lib-con-title">\
+                    <span>网站防火墙开关</span>\
+                    <div class="ssh-item" style="margin-right:20px;">\
+                        <input class="btswitch btswitch-ios" id="closewaf_open" type="checkbox" '+ (rdata.open ? 'checked' : '') + '>\
+                        <label class="btswitch-btn" for="closewaf_open" onclick="set_site_obj_state(\''+ siteName + '\',\'open\')" style="width:2.4em;height:1.4em;margin-bottom: 0"></label>\
+                    </div>\
+                </div>\
+                <div class="lib-con">\
+                    <div class="divtable">\
+                        <table class="table table-hover waftable">\
+                            <thead>\
+                                <tr>\
+                                    <th>名称</th>\
+                                    <th>描述</th>\
+                                    <th width="80">状态</th>\
+                                    <th style="text-align: right;">操作</th>\
+                                </tr>\
+                            </thead>\
+                            <tbody>\
+                                <tr>\
+                                    <td>CC防御</td>\
+                                    <td><font style="color:red;">'+ rdata.cc.cycle + '</font> 秒内,请求同一URI累计超过 <font style="color:red;">' + rdata.cc.limit + '</font> 次,封锁IP <font style="color:red;">' + rdata.cc.endtime + '</font> 秒</td>\
+                                    <td>\
+                                        <div class="ssh-item" style="margin-left:0">\
+                                            <input class="btswitch btswitch-ios" id="closecc" type="checkbox" '+ (rdata.cc.open ? 'checked' : '') + '>\
+                                            <label class="btswitch-btn" for="closecc" onclick="set_site_obj_state(\''+ siteName + '\',\'cc\')"></label>\
+                                        </div>\
+                                    </td>\
+                                    <td class="text-right"><a class="btlink" onclick="set_cc_rule('+ rdata.cc.cycle + ',' + rdata.cc.limit + ',' + rdata.cc.endtime + ',\'' + siteName + '\',' + rdata.cc.increase + ')">设置</a></td>\
+                                </tr>\
+                                <tr>\
+                                    <td>恶意容忍设置</td>\
+                                    <td><font style="color:red;">'+ rdata.retry_cycle + '</font> 秒内,累计超过 <font style="color:red;">' + rdata.retry + '</font> 次恶意请求,封锁IP <font style="color:red;">' + rdata.retry_time + '</font> 秒</td>\
+                                    <td style="text-align: left;">&nbsp;&nbsp;--</td>\
+                                    <td class="text-right"><a class="btlink" onclick="set_retry('+ rdata.retry_cycle + ',' + rdata.retry + ',' + rdata.retry_time + ',\'' + siteName + '\')">设置</a></td>\
+                                </tr>\
+                                <tr>\
+                                    <td>GET-URI过滤</td>\
+                                    <td>'+ rdata.top.get.ps + '</td>\
+                                    <td>\
+                                        <div class="ssh-item" style="margin-left:0">\
+                                            <input class="btswitch btswitch-ios" id="closeget" type="checkbox" '+ (rdata.get ? 'checked' : '') + '>\
+                                            <label class="btswitch-btn" for="closeget" onclick="set_site_obj_state(\''+ siteName + '\',\'get\')"></label>\
+                                        </div>\
+                                    </td>\
+                                    <td class="text-right"><a class="btlink" onclick="set_site_obj_conf(\''+ siteName + '\',\'url\')">规则</a></td>\
+                                </tr>\
+                                <tr>\
+                                    <td>GET-参数过滤</td>\
+                                    <td>'+ rdata.top.get.ps + '</td>\
+                                    <td>\
+                                        <div class="ssh-item" style="margin-left:0">\
+                                            <input class="btswitch btswitch-ios" id="closeargs" type="checkbox" '+ (rdata.get ? 'checked' : '') + '>\
+                                            <label class="btswitch-btn" for="closeargs" onclick="set_site_obj_state(\''+ siteName + '\',\'get\')"></label>\
+                                        </div>\
+                                    </td>\
+                                    <td class="text-right"><a class="btlink" onclick="set_site_obj_conf(\''+ siteName + '\',\'args\')">规则</a></td>\
+                                </tr>\
+                                <tr>\
+                                    <td>POST过滤</td>\
+                                    <td>'+ rdata.top.post.ps + '</td>\
+                                    <td>\
+                                        <div class="ssh-item" style="margin-left:0">\
+                                            <input class="btswitch btswitch-ios" id="closepost" type="checkbox" '+ (rdata.post ? 'checked' : '') + '>\
+                                            <label class="btswitch-btn" for="closepost" onclick="set_site_obj_state(\''+ siteName + '\',\'post\')"></label>\
+                                        </div>\
+                                    </td>\
+                                    <td class="text-right"><a class="btlink" onclick="set_site_obj_conf(\''+ siteName + '\',\'post\')">规则</a></td>\
+                                </tr>\
+                                <tr>\
+                                    <td>User-Agent过滤</td>\
+                                    <td>'+ rdata.top['user-agent'].ps + '</td>\
+                                    <td>\
+                                        <div class="ssh-item" style="margin-left:0">\
+                                            <input class="btswitch btswitch-ios" id="closeua" type="checkbox" '+ (rdata['user-agent'] ? 'checked' : '') + '>\
+                                            <label class="btswitch-btn" for="closeua" onclick="set_site_obj_state(\''+ siteName + '\',\'user-agent\')"></label>\
+                                        </div>\
+                                    </td>\
+                                    <td class="text-right"><a class="btlink" onclick="set_site_obj_conf(\''+ siteName + '\',\'user_agent\')">规则</a></td>\
+                                </tr>\
+                                <tr>\
+                                    <td>Cookie过滤</td>\
+                                    <td>'+ rdata.top.cookie.ps + '</td>\
+                                    <td>\
+                                    <div class="ssh-item" style="margin-left:0">\
+                                        <input class="btswitch btswitch-ios" id="closecookie" type="checkbox" '+ (rdata.cookie ? 'checked' : '') + '>\
+                                        <label class="btswitch-btn" for="closecookie" onclick="set_site_obj_state(\''+ siteName + '\',\'cookie\')"></label>\
+                                    </div>\
+                                    </td>\
+                                    <td class="text-right"><a class="btlink" onclick="set_site_obj_conf(\''+ siteName + '\',\'cookie\')">规则</a></td>\
+                                </tr>\
+                                <tr>\
+                                    <td>禁止国外访问</td>\
+                                    <td>'+ rdata.top.drop_abroad.ps + '</td>\
+                                    <td>\
+                                        <div class="ssh-item" style="margin-left:0">\
+                                            <input class="btswitch btswitch-ios" id="closeabroad" type="checkbox" '+ (rdata.drop_abroad ? 'checked' : '') + '>\
+                                            <label class="btswitch-btn" for="closeabroad" onclick="set_site_obj_state(\''+ siteName + '\',\'drop_abroad\')"></label>\
+                                        </div>\
+                                    </td>\
+                                    <td class="text-right"><a class="btlink" onclick="cn_iplist()">设置</a></td>\
+                                </tr>\
+                                <tr>\
+                                    <td>常见扫描器</td><td>'+ rdata.top.scan.ps + '</td>\
+                                    <td>\
+                                        <div class="ssh-item" style="margin-left:0">\
+                                            <input class="btswitch btswitch-ios" id="closescan" type="checkbox" '+ (rdata.scan ? 'checked' : '') + '>\
+                                            <label class="btswitch-btn" for="closescan" onclick="set_site_obj_state(\''+ siteName + '\',\'scan\')"></label>\
+                                        </div>\
+                                    </td>\
+                                    <td class="text-right"><a class="btlink" onclick="scan_rule()">设置</a></td>\
+                                </tr>\
+                                <tr>\
+                                    <td>使用CDN</td>\
+                                    <td>该站点使用了CDN,启用后方可正确获取客户IP</td>\
+                                    <td>\
+                                        <div class="ssh-item" style="margin-left:0">\
+                                            <input class="btswitch btswitch-ios" id="closecdn" type="checkbox" '+ (rdata.cdn ? 'checked' : '') + '>\
+                                            <label class="btswitch-btn" for="closecdn" onclick="set_site_obj_state(\''+ siteName + '\',\'cdn\')"></label>\
+                                        </div>\
+                                    </td>\
+                                    <td class="text-right"><a class="btlink" onclick="cdn_header(\''+ siteName + '\')">设置</a></td>\
+                                </tr>\
+                                <tr>\
+                                    <td>禁止执行PHP的URL</td>\
+                                    <td>禁止在指定URL运行PHP脚本</td>\
+                                    <td style="text-align: left;">&nbsp;&nbsp;--</td>\
+                                    <td class="text-right"><a class="btlink" onclick="site_rule_admin(\''+ siteName + '\',\'disable_php_path\')">设置</a></td>\
+                                </tr>\
+                                <tr>\
+                                    <td>禁止访问的URL</td>\
+                                    <td>禁止访问指定的URL</td>\
+                                    <td style="text-align: left;">&nbsp;&nbsp;--</td>\
+                                    <td class="text-right"><a class="btlink" onclick="site_rule_admin(\''+ siteName + '\',\'disable_path\')">设置</a></td>\
+                                </tr>\
+                                <tr>\
+                                    <td>禁止扩展名</td>\
+                                    <td>禁止访问指定扩展名</td>\
+                                    <td style="text-align: left;">&nbsp;&nbsp;--</td>\
+                                    <td class="text-right"><a class="btlink" onclick="site_rule_admin(\''+ siteName + '\',\'disable_ext\')">设置</a></td>\
+                                </tr>\
+                                <tr>\
+                                    <td>禁止上传的文件类型</td>\
+                                    <td>禁止上传指定的文件类型</td>\
+                                    <td style="text-align: left;">&nbsp;&nbsp;--</td>\
+                                    <td class="text-right"><a class="btlink" onclick="site_rule_admin(\''+ siteName + '\',\'disable_upload_ext\')">设置</a></td>\
+                                </tr>\
+                                <tr>\
+                                    <td>受保护的URL</td>\
+                                    <td>通过自定义参数加密URL地址,参数错误将被拦截</td>\
+                                    <td style="text-align: left;">&nbsp;&nbsp;--</td>\
+                                    <td class="text-right"><a class="btlink" onclick="site_url_tell(\''+ siteName + '\')">设置</a></td>\
+                                </tr>\
+                                <tr>\
+                                    <td>URL专用过滤</td>\
+                                    <td>为特定URL地址设置过滤规则</td>\
+                                    <td style="text-align: left;">&nbsp;&nbsp;--</td>\
+                                    <td class="text-right"><a class="btlink" onclick="site_url_rule(\''+ siteName + '\')">设置</a></td>\
+                                </tr>\
+                                <tr>\
+                                    <td>敏感文字替换</td>\
+                                    <td>替换设置的敏感文字</td>\
+                                    <td>&nbsp;&nbsp;--</td>\
+                                    <td class="text-right"><a class="btlink" onclick="body_rule_list(true,\''+ siteName + '\')">设置</a></td>\
+                                </tr>\
+                                <tr>\
+                                    <td>CMS专用过滤</td>\
+                                    <td>为特定CMS提供的过滤规则</td>\
+                                    <td style="text-align: left;">&nbsp;&nbsp;--</td>\
+                                    <td class="text-right"><a class="btlink" onclick="site_cms_rule(\''+siteName+'\')">设置</a></td>\
+                                </tr>\
+                            </tbody>\
+                        </table>\
+                    </div>\
+                </div>\
+                <ul class="help-info-text c7">\
+                    <li>注意: 此处大部分配置,仅对当前站点有效!</li>\
+                </ul>\
+            </div>';
+        $("#s_w_c").html(con);
+    });
+}
+
+
+
 function wafSite(){
 
     owPost('get_site_config', {}, function(data){
@@ -900,10 +1251,10 @@ function wafSite(){
                     <td>\
                         <div class="ssh-item" style="margin-left:0">\
                             <input class="btswitch btswitch-ios" id="closeget_'+ i + '" type="checkbox" ' + (v.open ? 'checked' : '') + '>\
-                            <label class="btswitch-btn" for="closeget_'+ i + '" onclick="set_site_obj_state(\'' + v.siteName + '\',\'open\')"></label>\
+                            <label class="btswitch-btn" for="closeget_'+ i + '" onclick="set_site_obj_state(\'' + k + '\',\'open\')"></label>\
                         </div>\
                     </td>\
-                    <td class="text-right"><a onclick="site_waf_log(\''+ k + '\')" class="btlink ' + (v.log_size > 0 ? 'dot' : '') + '">日志</a> | <a onclick="site_waf_config(\'' + v.siteName + '\')" class="btlink">设置</a></td>\
+                    <td class="text-right"><a onclick="siteWafLog(\''+ k + '\')" class="btlink ' + (v.log_size > 0 ? 'dot' : '') + '">日志</a> | <a onclick="siteWafConfig(\'' + k + '\')" class="btlink">设置</a></td>\
                 </tr>'
         });
 
diff --git a/plugins/op_waf/waf/config.json b/plugins/op_waf/waf/config.json
index 18e38c53f..8ef61762c 100755
--- a/plugins/op_waf/waf/config.json
+++ b/plugins/op_waf/waf/config.json
@@ -1 +1 @@
-{"reqfile_path": "/Users/midoks/Desktop/fwww/server/openresty/nginx/conf/waf/html", "retry": {"retry_time": "180", "is_open_global": "0", "retry": "6", "retry_cycle": "60"}, "log": true, "retry_cycle": 60, "scan": {"status": 444, "ps": "\u8fc7\u6ee4\u5e38\u89c1\u626b\u63cf\u6d4b\u8bd5\u5de5\u5177\u7684\u6e17\u900f\u6d4b\u8bd5", "open": true, "reqfile": ""}, "cc": {"status": 444, "ps": "\u8fc7\u8651CC\u653b\u51fb", "limit": 120, "endtime": 300, "open": true, "reqfile": "", "cycle": 60}, "body_character_string": [], "start_time": 1556095983.425878, "get": {"status": 403, "ps": "\u8fc7\u6ee4uri\u3001uri\u53c2\u6570\u4e2d\u5e38\u89c1sql\u6ce8\u5165\u3001xss\u7b49\u653b\u51fb", "open": true, "reqfile": "get.html"}, "body_regular": [], "log_save": 30, "user-agent": {"status": 403, "ps": "\u901a\u5e38\u7528\u4e8e\u8fc7\u6ee4\u6d4f\u89c8\u5668\u3001\u8718\u86db\u53ca\u4e00\u4e9b\u81ea\u52a8\u626b\u63cf\u5668", "open": true, "reqfile": "user_agent.html"}, "retry_time": 180, "other": {"status": 403, "ps": "\u5176\u5b83\u975e\u901a\u7528\u8fc7\u6ee4", "reqfile": "other.html"}, "cookie": {"status": 403, "ps": "\u8fc7\u6ee4\u5229\u7528Cookie\u53d1\u8d77\u7684\u6e17\u900f\u653b\u51fb", "open": true, "reqfile": "cookie.html"}, "logs_path": "/www/wwwlogs/btwaf", "post": {"status": 403, "ps": "\u8fc7\u6ee4POST\u53c2\u6570\u4e2d\u5e38\u89c1sql\u6ce8\u5165\u3001xss\u7b49\u653b\u51fb", "open": true, "reqfile": "post.html"}, "open": true}
\ No newline at end of file
+{"reqfile_path": "/Users/midoks/Desktop/fwww/server/openresty/nginx/conf/waf/html", "retry": {"retry_time": "180", "is_open_global": "0", "retry": "6", "retry_cycle": "60"}, "log": true, "retry_cycle": 60, "scan": {"status": 444, "ps": "\u8fc7\u6ee4\u5e38\u89c1\u626b\u63cf\u6d4b\u8bd5\u5de5\u5177\u7684\u6e17\u900f\u6d4b\u8bd5", "open": true, "reqfile": ""}, "cc": {"status": 444, "ps": "\u8fc7\u8651CC\u653b\u51fb", "limit": 120, "endtime": 300, "open": true, "reqfile": "", "cycle": 60}, "body_character_string": [], "start_time": 1556095983.425878, "get": {"status": 403, "ps": "\u8fc7\u6ee4uri\u3001uri\u53c2\u6570\u4e2d\u5e38\u89c1sql\u6ce8\u5165\u3001xss\u7b49\u653b\u51fb", "open": true, "reqfile": "get.html"}, "body_regular": [], "log_save": 30, "user-agent": {"status": 403, "ps": "\u901a\u5e38\u7528\u4e8e\u8fc7\u6ee4\u6d4f\u89c8\u5668\u3001\u8718\u86db\u53ca\u4e00\u4e9b\u81ea\u52a8\u626b\u63cf\u5668", "open": true, "reqfile": "user_agent.html"}, "logs_path": "/www/wwwlogs/btwaf", "other": {"status": 403, "ps": "\u5176\u5b83\u975e\u901a\u7528\u8fc7\u6ee4", "reqfile": "other.html"}, "cookie": {"status": 403, "ps": "\u8fc7\u6ee4\u5229\u7528Cookie\u53d1\u8d77\u7684\u6e17\u900f\u653b\u51fb", "open": true, "reqfile": "cookie.html"}, "retry_time": 180, "post": {"status": 403, "ps": "\u8fc7\u6ee4POST\u53c2\u6570\u4e2d\u5e38\u89c1sql\u6ce8\u5165\u3001xss\u7b49\u653b\u51fb", "open": true, "reqfile": "post.html"}, "open": true}
\ No newline at end of file
diff --git a/route/static/app/public.js b/route/static/app/public.js
index 8348d3c4e..ccf2ae8c6 100755
--- a/route/static/app/public.js
+++ b/route/static/app/public.js
@@ -22,6 +22,14 @@ function tableFixed(name) {
     tableName.addEventListener('scroll', scrollHandle);
 }
 
+function escapeHTML(a){
+    a = "" + a;
+    return a.replace(/&/g, "&amp;").replace(/</g, "&lt;").
+    replace(/>/g, "&gt;").replace(/"/g, '&quot;').
+    replace(/'/g,"‘").replace(/\(/g,"&#40;").replace(/\&#60;/g,"&lt;").
+    replace(/\&#62;/g,"&gt;").replace(/`/g,"&#96;").replace(/=/g,"＝");
+}
+
 function scrollHandle(e) {
     var scrollTop = this.scrollTop;
     //this.querySelector('thead').style.transform = 'translateY(' + scrollTop + 'px)';

时间	'+ escapeHTML(time) + '	用户IP	' + escapeHTML(ip_address) + '
类型	' + escapeHTML(req_type) + '	过滤器	' + escapeHTML(filters) + '
名称	描述	状态	操作
CC防御	'+ rdata.cc.cycle + ' 秒内,请求同一URI累计超过 ' + rdata.cc.limit + ' 次,封锁IP ' + rdata.cc.endtime + ' 秒	\ + \ + \ + \ + \ +	设置
恶意容忍设置	'+ rdata.retry_cycle + ' 秒内,累计超过 ' + rdata.retry + ' 次恶意请求,封锁IP ' + rdata.retry_time + ' 秒	--	设置
GET-URI过滤	'+ rdata.top.get.ps + '	\ + \ + \ + \ + \ +	规则
GET-参数过滤	'+ rdata.top.get.ps + '	\ + \ + \ + \ + \ +	规则
POST过滤	'+ rdata.top.post.ps + '	\ + \ + \ + \ + \ +	规则
User-Agent过滤	'+ rdata.top['user-agent'].ps + '	\ + \ + \ + \ + \ +	规则
Cookie过滤	'+ rdata.top.cookie.ps + '	\ + \ + \ + \ + \ +	规则
禁止国外访问	'+ rdata.top.drop_abroad.ps + '	\ + \ + \ + \ + \ +	设置
常见扫描器	'+ rdata.top.scan.ps + '	\ + \ + \ + \ + \ +	设置
使用CDN	该站点使用了CDN,启用后方可正确获取客户IP	\ + \ + \ + \ + \ +	设置
禁止执行PHP的URL	禁止在指定URL运行PHP脚本	--	设置
禁止访问的URL	禁止访问指定的URL	--	设置
禁止扩展名	禁止访问指定扩展名	--	设置
禁止上传的文件类型	禁止上传指定的文件类型	--	设置
受保护的URL	通过自定义参数加密URL地址,参数错误将被拦截	--	设置
URL专用过滤	为特定URL地址设置过滤规则	--	设置
敏感文字替换	替换设置的敏感文字	--	设置
CMS专用过滤	为特定CMS提供的过滤规则	--	设置