feat(waf): 优化 IP白名单处理逻辑

- 新增 GetIp 方法获取网关组的所有 IP
- 修改 IP 白名单任务发布逻辑，支持返回源 IP
- 优化域名白名单处理流程
- 重构 WashEditWafIp 方法，分离处理后端 IP 和允许 IP 列表

cmd/server/wire/wire_gen.go

@@ -62,10 +62,10 @@ func NewWire(viperViper *viper.Viper, logger *log.Logger) (*app.App, func(), err
 	globalLimitRepository := repository.NewGlobalLimitRepository(repositoryRepository)
 	tcpforwardingRepository := repository.NewTcpforwardingRepository(repositoryRepository)
 	udpForWardingRepository := repository.NewUdpForWardingRepository(repositoryRepository)
-	wafFormatterService := service.NewWafFormatterService(serviceService, globalLimitRepository, hostRepository, requiredService, parserService, tcpforwardingRepository, udpForWardingRepository, webForwardingRepository, rabbitMQ, hostService)
-	aoDunService := service.NewAoDunService(serviceService, viperViper)
-	gateWayGroupIpRepository := repository.NewGateWayGroupIpRepository(repositoryRepository)
 	gatewayGroupRepository := repository.NewGatewayGroupRepository(repositoryRepository)
+	gateWayGroupIpRepository := repository.NewGateWayGroupIpRepository(repositoryRepository)
+	wafFormatterService := service.NewWafFormatterService(serviceService, globalLimitRepository, hostRepository, requiredService, parserService, tcpforwardingRepository, udpForWardingRepository, webForwardingRepository, rabbitMQ, hostService, gatewayGroupRepository, gateWayGroupIpRepository)
+	aoDunService := service.NewAoDunService(serviceService, viperViper)
 	webForwardingService := service.NewWebForwardingService(serviceService, requiredService, webForwardingRepository, crawlerService, parserService, wafFormatterService, aoDunService, rabbitMQ, gateWayGroupIpRepository, gatewayGroupRepository)
 	webForwardingHandler := handler.NewWebForwardingHandler(handlerHandler, webForwardingService)
 	webLimitRepository := repository.NewWebLimitRepository(repositoryRepository)

cmd/task/wire/wire_gen.go

@@ -60,7 +60,9 @@ func NewWire(viperViper *viper.Viper, logger *log.Logger) (*app.App, func(), err
 	tcpforwardingRepository := repository.NewTcpforwardingRepository(repositoryRepository)
 	udpForWardingRepository := repository.NewUdpForWardingRepository(repositoryRepository)
 	webForwardingRepository := repository.NewWebForwardingRepository(repositoryRepository)
-	wafFormatterService := service.NewWafFormatterService(serviceService, globalLimitRepository, hostRepository, requiredService, parserService, tcpforwardingRepository, udpForWardingRepository, webForwardingRepository, rabbitMQ, hostService)
+	gatewayGroupRepository := repository.NewGatewayGroupRepository(repositoryRepository)
+	gateWayGroupIpRepository := repository.NewGateWayGroupIpRepository(repositoryRepository)
+	wafFormatterService := service.NewWafFormatterService(serviceService, globalLimitRepository, hostRepository, requiredService, parserService, tcpforwardingRepository, udpForWardingRepository, webForwardingRepository, rabbitMQ, hostService, gatewayGroupRepository, gateWayGroupIpRepository)
 	whitelistJob := job.NewWhitelistJob(jobJob, aoDunService, wafFormatterService)
 	jobServer := server.NewJobServer(logger, userJob, whitelistJob)
 	appApp := newApp(taskServer, jobServer)

internal/job/whitelist.go

@@ -160,6 +160,7 @@ func (j *whitelistJob) handleIpMessage(ctx context.Context, logger *zap.Logger,
 	type ipTaskPayload struct {
 		Ips    []string `json:"ips"`
 		Action string   `json:"action"`
+		ReturnSourceIp string `json:"return_source_ip"`
 	}
 
 	var payload ipTaskPayload
@@ -177,7 +178,7 @@ func (j *whitelistJob) handleIpMessage(ctx context.Context, logger *zap.Logger,
 	var processingErr error
 	switch payload.Action {
 	case "add":
-		ips, err := j.wafForMatter.AppendWafIp(ctx, payload.Ips)
+		ips, err := j.wafForMatter.AppendWafIp(ctx, payload.Ips, payload.ReturnSourceIp)
 		if err != nil {
 			// 如果附加IP失败，记录错误并终止
 			processingErr = fmt.Errorf("为WAF准备IP列表失败: %w", err)

internal/repository/gatewaygroupip.go

@@ -12,6 +12,7 @@ type GateWayGroupIpRepository interface {
 	DeleteGateWayGroupIp(ctx context.Context, req *model.GateWayGroupIp) error
 	GetGateWayGroupIpByGatewayGroupId(ctx context.Context, gatewayGroupId int) ([]model.GateWayGroupIp, error)
 	GetGateWayGroupFirstIpByGatewayGroupId(ctx context.Context, gatewayGroupId int) (string, error)
+	GetGateWayGroupAllIpByGatewayGroupId(ctx context.Context, gatewayGroupId int) ([]string, error)
 }
 
 func NewGateWayGroupIpRepository(
@@ -70,4 +71,12 @@ func (r *gateWayGroupIpRepository) GetGateWayGroupFirstIpByGatewayGroupId(ctx co
 		return "", err
 	}
 	return res, nil
+}
+
+func (r *gateWayGroupIpRepository) GetGateWayGroupAllIpByGatewayGroupId(ctx context.Context, gatewayGroupId int) ([]string, error) {
+	var res []string
+	if err := r.DB(ctx).Model(&model.GateWayGroupIp{}).Where("gateway_group_id = ?", gatewayGroupId).Select("ip").Find(&res).Error; err != nil {
+		return nil, err
+	}
+	return res, nil
 }

internal/service/tcpforwarding.go

@@ -223,6 +223,10 @@ func (s *tcpforwardingService) AddTcpForwarding(ctx context.Context, req *v1.Tcp
 		return err
 	}
 
+	gatewayIps, _, err := s.wafformatter.GetIp(ctx, require.WafGatewayGroupId)
+	if err != nil {
+		return err
+	}
 	// 异步任务：将IP添加到白名单
 	var ips []string
 	if req.TcpForwardingData.BackendList != nil {
@@ -233,8 +237,19 @@ func (s *tcpforwardingService) AddTcpForwarding(ctx context.Context, req *v1.Tcp
 			}
 			ips = append(ips, ip)
 		}
-		ips = append(ips, req.TcpForwardingData.AllowIpList...)
-		go s.wafformatter.PublishIpWhitelistTask(ips, "add")
+		go s.wafformatter.PublishIpWhitelistTask(ips, "add","")
+	}
+	var accessRuleIps []string
+	if req.TcpForwardingData.AllowIpList != nil {
+		for _, v := range gatewayIps {
+			for _, ip := range req.TcpForwardingData.AllowIpList {
+				if net.ParseIP(ip) != nil{
+					accessRuleIps = append(accessRuleIps, ip)
+				}
+			}
+			go s.wafformatter.PublishIpWhitelistTask(accessRuleIps, "add",v)
+		}
+
 	}
 
 	tcpModel := s.buildTcpForwardingModel(&req.TcpForwardingData, wafTcpId, require)
@@ -264,21 +279,36 @@ func (s *tcpforwardingService) EditTcpForwarding(ctx context.Context, req *v1.Tc
 	if err != nil {
 		return err
 	}
-
+	gatewayIps, _, err := s.wafformatter.GetIp(ctx, require.WafGatewayGroupId)
+	if err != nil {
+		return err
+	}
 	// 异步任务：将IP添加到白名单
 	ipData, err := s.tcpforwardingRepository.GetTcpForwardingIpsByID(ctx, req.TcpForwardingData.Id)
 	if err != nil {
 		return err
 	}
-	addedIps, removedIps, err := s.wafformatter.WashEditWafIp(ctx,req.TcpForwardingData.BackendList,req.TcpForwardingData.AllowIpList,ipData.BackendList,ipData.AllowIpList)
+	addedIps, removedIps, addedAllowIps, removedAllowIps, err := s.wafformatter.WashEditWafIp(ctx,req.TcpForwardingData.BackendList,req.TcpForwardingData.AllowIpList,ipData.BackendList,ipData.AllowIpList)
 	if err != nil {
 		return err
 	}
 	if len(addedIps) > 0 {
-		go s.wafformatter.PublishIpWhitelistTask(addedIps, "add")
+		go s.wafformatter.PublishIpWhitelistTask(addedIps, "add","")
 	}
 	if len(removedIps) > 0 {
-		go s.wafformatter.PublishIpWhitelistTask(removedIps, "del")
+		go s.wafformatter.PublishIpWhitelistTask(removedIps, "del","")
+	}
+
+	if len(addedAllowIps) > 0 {
+		for _, v := range gatewayIps {
+			go s.wafformatter.PublishIpWhitelistTask(addedAllowIps, "add",v)
+		}
+	}
+	if len(removedAllowIps) > 0 {
+		for _, v := range gatewayIps {
+			go s.wafformatter.PublishIpWhitelistTask(removedAllowIps, "del",v)
+		}
+
 	}
 
 	tcpModel := s.buildTcpForwardingModel(&req.TcpForwardingData, req.TcpForwardingData.WafTcpId, require)
@@ -317,7 +347,7 @@ func (s *tcpforwardingService) DeleteTcpForwarding(ctx context.Context, req v1.D
 			return err
 		}
 		if len(ips) > 0 {
-			go s.wafformatter.PublishIpWhitelistTask(ips, "del")
+			go s.wafformatter.PublishIpWhitelistTask(ips, "del","")
 		}
 
 

internal/service/udpforwarding.go

@@ -241,6 +241,10 @@ func (s *udpForWardingService) AddUdpForwarding(ctx context.Context, req *v1.Udp
 		return err
 	}
 
+	gatewayIps, _, err := s.wafformatter.GetIp(ctx, require.WafGatewayGroupId)
+	if err != nil {
+		return err
+	}
 	// 异步任务：将IP添加到白名单
 	var ips []string
 	if req.UdpForwardingData.BackendList != nil {
@@ -251,10 +255,21 @@ func (s *udpForWardingService) AddUdpForwarding(ctx context.Context, req *v1.Udp
 			}
 			ips = append(ips, ip)
 		}
-		ips = append(ips, req.UdpForwardingData.AllowIpList...)
-		go s.wafformatter.PublishIpWhitelistTask(ips, "add")
+		go s.wafformatter.PublishIpWhitelistTask(ips, "add","")
+	}
+	var accessRuleIps []string
+	if req.UdpForwardingData.AllowIpList != nil {
+		for _, v := range gatewayIps {
+			for _, ip := range req.UdpForwardingData.AllowIpList {
+				if net.ParseIP(ip) != nil {
+					accessRuleIps = append(accessRuleIps, ip)
+				}
+			}
+			go s.wafformatter.PublishIpWhitelistTask(accessRuleIps, "add",v)
+		}
 	}
 
+
 	udpModel := s.buildUdpForwardingModel(&req.UdpForwardingData, wafUdpId, require)
 
 	id, err := s.udpForWardingRepository.AddUdpForwarding(ctx, udpModel)
@@ -284,21 +299,36 @@ func (s *udpForWardingService) EditUdpForwarding(ctx context.Context, req *v1.Ud
 	}
 
 	// 异步任务：将IP添加到白名单
+	gatewayIps, _, err := s.wafformatter.GetIp(ctx, require.WafGatewayGroupId)
+	if err != nil {
+		return err
+	}
 	ipData, err := s.udpForWardingRepository.GetUdpForwardingIpsByID(ctx, req.UdpForwardingData.Id)
 	if err != nil {
 		return err
 	}
-	addedIps, removedIps, err := s.wafformatter.WashEditWafIp(ctx,req.UdpForwardingData.BackendList,req.UdpForwardingData.AllowIpList,ipData.BackendList,ipData.AllowIpList)
+	addedIps, removedIps, addedAllowIps, removedAllowIps, err := s.wafformatter.WashEditWafIp(ctx,req.UdpForwardingData.BackendList,req.UdpForwardingData.AllowIpList,ipData.BackendList,ipData.AllowIpList)
 	if err != nil {
 		return err
 	}
 	if len(addedIps) > 0 {
-		go s.wafformatter.PublishIpWhitelistTask(addedIps, "add")
+		go s.wafformatter.PublishIpWhitelistTask(addedIps, "add","")
 	}
 	if len(removedIps) > 0 {
-		go s.wafformatter.PublishIpWhitelistTask(removedIps, "del")
+		go s.wafformatter.PublishIpWhitelistTask(removedIps, "del","")
 	}
 
+	if len(addedAllowIps) > 0 {
+		for _, v := range gatewayIps {
+			go s.wafformatter.PublishIpWhitelistTask(addedAllowIps, "add",v)
+		}
+	}
+	if len(removedAllowIps) > 0 {
+		for _, v := range gatewayIps {
+			go s.wafformatter.PublishIpWhitelistTask(removedAllowIps, "del",v)
+		}
+
+	}
 
 
 	udpModel := s.buildUdpForwardingModel(&req.UdpForwardingData, req.UdpForwardingData.WafUdpId, require)
@@ -335,7 +365,7 @@ func (s *udpForWardingService) DeleteUdpForwarding(ctx context.Context, Ids []in
 			return err
 		}
 		if len(ips) > 0 {
-			go s.wafformatter.PublishIpWhitelistTask(ips, "del")
+			go s.wafformatter.PublishIpWhitelistTask(ips, "del","")
 		}
 
 

internal/service/wafformatter.go

@@ -22,14 +22,14 @@ type WafFormatterService interface {
 	validateWafPortCount(ctx context.Context, hostId int) error
 	validateWafDomainCount(ctx context.Context, req v1.GlobalRequire) error
 	ConvertToWildcardDomain(ctx context.Context,domain string) (string, error)
-	AppendWafIp(ctx context.Context, req []string) ([]v1.IpInfo, error)
+	AppendWafIp(ctx context.Context, req []string,returnSourceIp string) ([]v1.IpInfo, error)
 	WashIps(ctx context.Context, req []string) ([]string, error)
-	PublishIpWhitelistTask(ips []string, action string)
+	PublishIpWhitelistTask(ips []string, action string,returnSourceIp string)
 	PublishDomainWhitelistTask(domain, ip, action string)
 	findIpDifferences(oldIps, newIps []string) ([]string, []string)
 	WashDeleteWafIp(ctx context.Context, backendList []string,allowIpList []string) ([]string, error)
-	WashEditWafIp(ctx context.Context, newBackendList []string,newAllowIpList []string,oldBackendList []string,oldAllowIpList []string) ([]string, []string, error)
-
+	WashEditWafIp(ctx context.Context, newBackendList []string,newAllowIpList []string,oldBackendList []string,oldAllowIpList []string) ([]string, []string, []string,  []string, error)
+	GetIp(ctx context.Context, gatewayGroupId int) ([]string,string, error)
 }
 func NewWafFormatterService(
     service *Service,
@@ -42,6 +42,8 @@ func NewWafFormatterService(
 	webForwardingRep repository.WebForwardingRepository,
 	mq *rabbitmq.RabbitMQ,
 	host HostService,
+	gatewayGroupRep repository.GatewayGroupRepository,
+	gatewayGroupIpRep repository.GateWayGroupIpRepository,
 ) WafFormatterService {
 	return &wafFormatterService{
 		Service:        service,
@@ -54,6 +56,8 @@ func NewWafFormatterService(
 		webForwardingRep: webForwardingRep,
 		host : host,
 		mq:    mq,
+		gatewayGroupRep: gatewayGroupRep,
+		gatewayGroupIpRep: gatewayGroupIpRep,
 	}
 }
 
@@ -68,6 +72,8 @@ type wafFormatterService struct {
 	webForwardingRep repository.WebForwardingRepository
 	host HostService
 	mq *rabbitmq.RabbitMQ
+	gatewayGroupRep repository.GatewayGroupRepository
+	gatewayGroupIpRep repository.GateWayGroupIpRepository
 }
 
 
@@ -181,7 +187,7 @@ func (s *wafFormatterService) ConvertToWildcardDomain(ctx context.Context, domai
 	return domain, nil
 }
 
-func (s *wafFormatterService) AppendWafIp(ctx context.Context, req []string) ([]v1.IpInfo, error) {
+func (s *wafFormatterService) AppendWafIp(ctx context.Context, req []string,returnSourceIp string) ([]v1.IpInfo, error) {
 	var ips []v1.IpInfo
 	for _, v := range req {
 		ips = append(ips, v1.IpInfo{
@@ -189,7 +195,7 @@ func (s *wafFormatterService) AppendWafIp(ctx context.Context, req []string) ([]
 			FStartIp:   v,
 			FEndIp:     v,
 			FRemark:    "宁波高防IP过白",
-			FServerIp:  "",
+			FServerIp:  returnSourceIp,
 		})
 	}
 	return ips, nil
@@ -271,15 +277,17 @@ func (s *wafFormatterService) PublishDomainWhitelistTask(domain, ip, action stri
 }
 
 
-func (s *wafFormatterService) PublishIpWhitelistTask(ips []string, action string) {
+func (s *wafFormatterService) PublishIpWhitelistTask(ips []string, action string, returnSourceIp string) {
 	// Define message payload, including the action
 	type ipTaskPayload struct {
 		Ips     []string `json:"ips"`
 		Action string `json:"action"`
+		ReturnSourceIp string `json:"return_source_ip"`
 	}
 	payload := ipTaskPayload{
 		Ips:     ips,
 		Action: action,
+		ReturnSourceIp: returnSourceIp,
 	}
 
 	// Serialize the message
@@ -360,30 +368,53 @@ func (s *wafFormatterService) WashDeleteWafIp(ctx context.Context, backendList [
 	return res, nil
 }
 
-func (s *wafFormatterService) WashEditWafIp(ctx context.Context, newBackendList []string,newAllowIpList []string,oldBackendList []string,oldAllowIpList []string) ([]string, []string, error) {
+func (s *wafFormatterService) WashEditWafIp(ctx context.Context, newBackendList []string,newAllowIpList []string,oldBackendList []string,oldAllowIpList []string) ([]string, []string, []string, []string, error) {
 	var oldIps []string
 	var newIps []string
+	var oldAllowIps []string
+	var newAllowIps []string
 	for _, v := range oldBackendList {
 		ip, _, err := net.SplitHostPort(v)
 		if err != nil {
-			return nil, nil, err
+			return nil, nil, nil, nil, err
 		}
 		oldIps = append(oldIps, ip)
 	}
-	if oldAllowIpList != nil {
-		oldIps = append(oldIps, oldAllowIpList...)
-	}
 	if newBackendList != nil {
 		for _, v := range newBackendList {
 			ip, _, err := net.SplitHostPort(v)
 			if err != nil {
-				return nil, nil, err
+				return nil, nil, nil, nil, err
 			}
 			newIps = append(newIps, ip)
 		}
-		newIps = append(newIps, newAllowIpList...)
 	}
 	addedIps, removedIps := s.findIpDifferences(oldIps, newIps)
 
-	return addedIps, removedIps , nil
-}
+	if oldAllowIpList != nil {
+		oldAllowIps = append(oldAllowIps, oldAllowIpList...)
+	}
+	if newAllowIpList != nil {
+		newAllowIps = append(newAllowIps, newAllowIpList...)
+	}
+	addedAllowIps, removedAllowIps := s.findIpDifferences(oldAllowIps, newAllowIps)
+
+
+
+	return addedIps, removedIps ,addedAllowIps, removedAllowIps, nil
+}
+
+func (s *wafFormatterService) GetIp(ctx context.Context, gatewayGroupId int) ([]string,string, error) {
+	WafGatewayGroupRuleId, err := s.gatewayGroupRep.GetGatewayGroupByRuleId(ctx, int64(gatewayGroupId))
+	if err != nil {
+		return nil, "", err
+	}
+	ips, err := s.gatewayGroupIpRep.GetGateWayGroupAllIpByGatewayGroupId(ctx, WafGatewayGroupRuleId.Id)
+	if err != nil {
+		return nil, "", err
+	}
+	if len(ips) == 0 {
+		return nil, "", fmt.Errorf("请联系客服分配网关IP")
+	}
+	return ips,ips[0], nil
+}

internal/service/webforwarding.go

@@ -299,17 +299,7 @@ func (s *webForwardingService) prepareWafData(ctx context.Context, req *v1.WebFo
 	return require, formData, nil
 }
 
-func (s *webForwardingService) GetIp(ctx context.Context, gatewayGroupId int) (string, error) {
-	WafGatewayGroupRuleId, err := s.gatewayGroupRep.GetGatewayGroupByRuleId(ctx, int64(gatewayGroupId))
-	if err != nil {
-		return "", err
-	}
-	ip, err := s.gatewayGroupIpRep.GetGateWayGroupFirstIpByGatewayGroupId(ctx, WafGatewayGroupRuleId.Id)
-	if err != nil {
-		return "", err
-	}
-	return ip, nil
-}
+
 
 func (s *webForwardingService) AddWebForwarding(ctx context.Context, req *v1.WebForwardingRequest) error {
 	require, formData, err := s.prepareWafData(ctx, req)
@@ -324,19 +314,21 @@ func (s *webForwardingService) AddWebForwarding(ctx context.Context, req *v1.Web
 	if err != nil {
 		return err
 	}
+
+	gatewayIps, firstIp, err := s.wafformatter.GetIp(ctx, require.WafGatewayGroupId)
+	if err != nil {
+		return err
+	}
 	if req.WebForwardingData.Domain != "" {
-		ip, err := s.GetIp(ctx, require.WafGatewayGroupId)
-		if err != nil {
-			return err
-		}
 		// 异步任务：将域名添加到白名单
 		doMain, err := s.wafformatter.ConvertToWildcardDomain(ctx, req.WebForwardingData.Domain)
 		if err != nil {
 			return err
 		}
+		go s.wafformatter.PublishDomainWhitelistTask(doMain,firstIp, "add")
 
-		go s.wafformatter.PublishDomainWhitelistTask(doMain,ip, "add")
 	}
+
 	// IP过白
 	var ips []string
 	if req.WebForwardingData.BackendList != nil {
@@ -347,12 +339,22 @@ func (s *webForwardingService) AddWebForwarding(ctx context.Context, req *v1.Web
 			}
 			ips = append(ips,ip)
 		}
-		ips = append(ips, req.WebForwardingData.AllowIpList...)
-		go s.wafformatter.PublishIpWhitelistTask(ips, "add")
-
+		go s.wafformatter.PublishIpWhitelistTask(ips, "add","")
+	}
+	var accessRuleIps []string
+	if len(req.WebForwardingData.AllowIpList) > 0 {
+		for _, v := range gatewayIps {
+			for _, ip := range req.WebForwardingData.AllowIpList {
+				if net.ParseIP(ip) != nil{
+					accessRuleIps = append(accessRuleIps, ip)
+				}
+			}
+			go s.wafformatter.PublishIpWhitelistTask(accessRuleIps, "add",v)
+		}
 	}
 
 
+
 	webModel := s.buildWebForwardingModel(&req.WebForwardingData, wafWebId, require)
 
 	id, err := s.webForwardingRepository.AddWebForwarding(ctx, webModel)
@@ -388,12 +390,13 @@ func (s *webForwardingService) EditWebForwarding(ctx context.Context, req *v1.We
 	if err != nil {
 		return err
 	}
-	if webData.Domain != req.WebForwardingData.Domain {
-		Ip, err := s.GetIp(ctx, webData.WafGatewayGroupId)
-		if err != nil {
-			return err
-		}
+	gatewayIps, firstIp, err := s.wafformatter.GetIp(ctx, webData.WafGatewayGroupId)
+	if err != nil {
+		return err
+	}
 	// 异步任务：将域名添加到白名单
+	if webData.Domain != req.WebForwardingData.Domain {
+
 		doMain, err := s.wafformatter.ConvertToWildcardDomain(ctx, req.WebForwardingData.Domain)
 		if err != nil {
 			return err
@@ -402,8 +405,8 @@ func (s *webForwardingService) EditWebForwarding(ctx context.Context, req *v1.We
 		if err != nil {
 			return err
 		}
-		go s.wafformatter.PublishDomainWhitelistTask(oldDomain, Ip, "del")
-		go s.wafformatter.PublishDomainWhitelistTask(doMain, Ip, "add")
+		go s.wafformatter.PublishDomainWhitelistTask(oldDomain, firstIp, "del")
+		go s.wafformatter.PublishDomainWhitelistTask(doMain, firstIp, "add")
 	}
 
 	// IP过白
@@ -412,16 +415,16 @@ func (s *webForwardingService) EditWebForwarding(ctx context.Context, req *v1.We
 		return err
 	}
 	var oldIps []string
+	var oldAllowIps []string
 	var newIps []string
+	var newAllowIps []string
 	for _, v := range ipData.BackendList {
 		ip, _, err := net.SplitHostPort(v.Addr)
 		if err != nil {
 			return err
 		}
 		oldIps = append(oldIps, ip)
-	}
-	if len(ipData.AllowIpList) > 0 {
-		oldIps = append(oldIps, ipData.AllowIpList...)
+
 	}
 	for _, v := range req.WebForwardingData.BackendList {
 		ip, _, err := net.SplitHostPort(v.Addr)
@@ -430,18 +433,41 @@ func (s *webForwardingService) EditWebForwarding(ctx context.Context, req *v1.We
 		}
 		newIps = append(newIps, ip)
 	}
-	if len(req.WebForwardingData.AllowIpList) > 0 {
-		newIps = append(newIps, req.WebForwardingData.AllowIpList...)
-	}
-
-
 	addedIps, removedIps := s.wafformatter.findIpDifferences(oldIps, newIps)
 	if len(addedIps) > 0 {
-		go s.wafformatter.PublishIpWhitelistTask(addedIps, "add")
+		go s.wafformatter.PublishIpWhitelistTask(addedIps, "add","")
 	}
 	if len(removedIps) > 0 {
-		go s.wafformatter.PublishIpWhitelistTask(removedIps, "del")
+		go s.wafformatter.PublishIpWhitelistTask(removedIps, "del","")
+	}
+	if len(ipData.AllowIpList) > 0 {
+		for _, v := range ipData.AllowIpList {
+			if net.ParseIP(v) != nil{
+				oldAllowIps = append(oldAllowIps, v)
+			}
+		}
+	}
+
+	if len(req.WebForwardingData.AllowIpList) > 0 {
+		for _, v := range req.WebForwardingData.AllowIpList {
+			if net.ParseIP(v) != nil{
+				newAllowIps = append(newAllowIps, v)
+			}
+		}
 	}
+	addedAllowIps, removedAllowIps := s.wafformatter.findIpDifferences(oldAllowIps, newAllowIps)
+	for _, v := range gatewayIps {
+		if len(addedAllowIps) > 0 {
+			go s.wafformatter.PublishIpWhitelistTask(addedAllowIps, "add",v)
+		}
+		if len(removedAllowIps) > 0 {
+			go s.wafformatter.PublishIpWhitelistTask(removedAllowIps, "del",v)
+		}
+	}
+
+
+
+
 
 
 
@@ -471,17 +497,19 @@ func (s *webForwardingService) DeleteWebForwarding(ctx context.Context, Ids []in
 		if err != nil {
 			return err
 		}
+
+		_, firstIp, err := s.wafformatter.GetIp(ctx, webData.WafGatewayGroupId)
+		if err != nil {
+			return err
+		}
 		// 异步任务：将域名添加到白名单
 		if webData.Domain != "" {
-			ip , err := s.GetIp(ctx, webData.WafGatewayGroupId)
-			if err != nil {
-				return err
-			}
+
 			doMain, err := s.wafformatter.ConvertToWildcardDomain(ctx, webData.Domain)
 			if err != nil {
 				return err
 			}
-			go s.wafformatter.PublishDomainWhitelistTask(doMain,ip, "del")
+			go s.wafformatter.PublishDomainWhitelistTask(doMain,firstIp, "del")
 		}
 		// IP过白
 		ipData, err := s.webForwardingRepository.GetWebForwardingIpsByID(ctx, Id)
@@ -502,7 +530,7 @@ func (s *webForwardingService) DeleteWebForwarding(ctx context.Context, Ids []in
 			ips = append(ips, ipData.AllowIpList...)
 		}
 		if len(ips) > 0 {
-			go s.wafformatter.PublishIpWhitelistTask(ips, "del")
+			go s.wafformatter.PublishIpWhitelistTask(ips, "del","")
 		}