From 20518efd954bf737f5ecea645eb8f1b563e682b5 Mon Sep 17 00:00:00 2001
From: Pavel Loginov <buffoon2001@mail.ru>
Date: Tue, 15 Dec 2020 12:34:02 +0600
Subject: [PATCH] v4.5.6.0

Changelog: https://haproxy-wi.org/changelog.py#4_5_6
---
 app/add.py                                    | 192 +++++++++++-------
 app/create_db.py                              |   9 +-
 app/options.py                                |   8 +-
 .../ansible/roles/haproxy/tasks/main.yml      |  11 +
 app/sql.py                                    |   2 +-
 app/templates/add.html                        |  97 +++++++--
 app/templates/include/admin_servers.html      |  19 +-
 app/templates/include/input_macros.html       |   9 +-
 app/templates/servers.html                    |   4 +-
 inc/add.js                                    | 115 +++++++++++
 inc/overview.js                               |  28 ++-
 inc/script.js                                 |   8 +-
 inc/style.css                                 |   7 +
 inc/users.js                                  |  37 +++-
 14 files changed, 422 insertions(+), 124 deletions(-)

diff --git a/app/add.py b/app/add.py
index c56b91a7..818f74e9 100644
--- a/app/add.py
+++ b/app/add.py
@@ -10,55 +10,51 @@ template = env.get_template('add.html')
 form = funct.form
 serv = form.getvalue('serv')
 
-if form.getvalue('add'):
-	c = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
-	c["restart"] = form.getvalue('serv')
-	print(c)
-	
 print('Content-type: text/html\n')
 funct.check_login()
 funct.page_for_admin(level=3)
 
-try:
-	user, user_id, role, token, servers = funct.get_users_params()
-	cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
-	group = cookie.get('group')
-	user_group = group.value
-except Exception:
-	pass
-	
-dir = os.path.dirname(os.getcwd())+"/"+sql.get_setting('lists_path')
-white_dir = os.path.dirname(os.getcwd())+"/"+sql.get_setting('lists_path')+"/"+user_group+"/white"
-black_dir = os.path.dirname(os.getcwd())+"/"+sql.get_setting('lists_path')+"/"+user_group+"/black"
-if not os.path.exists(dir):
-	os.makedirs(dir)
-if not os.path.exists(dir+"/"+user_group):
-	os.makedirs(dir+"/"+user_group)
-if not os.path.exists(white_dir):
-	os.makedirs(white_dir)
-if not os.path.exists(black_dir):
-	os.makedirs(black_dir)
+if form.getvalue('mode') is None and form.getvalue('new_userlist') is None:
+	try:
+		user, user_id, role, token, servers = funct.get_users_params()
+		cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
+		group = cookie.get('group')
+		user_group = group.value
+	except Exception as e:
+		print(str(e))
 
-white_lists = funct.get_files(dir=white_dir, format="lst")
-black_lists = funct.get_files(dir=black_dir, format="lst")
+	dir = os.path.dirname(os.getcwd())+"/"+sql.get_setting('lists_path')
+	white_dir = os.path.dirname(os.getcwd())+"/"+sql.get_setting('lists_path')+"/"+user_group+"/white"
+	black_dir = os.path.dirname(os.getcwd())+"/"+sql.get_setting('lists_path')+"/"+user_group+"/black"
 
+	if not os.path.exists(dir):
+		os.makedirs(dir)
+	if not os.path.exists(dir+"/"+user_group):
+		os.makedirs(dir+"/"+user_group)
+	if not os.path.exists(white_dir):
+		os.makedirs(dir)
+	if not os.path.exists(black_dir):
+		os.makedirs(black_dir)
 
-template = template.render(title="Add: ",
-							role=role,
-							user=user,
-							selects=servers,
-							add=form.getvalue('add'),
-							conf_add=form.getvalue('conf'),
-							group=user_group,
-							versions=funct.versions(),
-							options=sql.select_options(),
-							saved_servers=sql.select_saved_servers(),
-							white_lists=white_lists,
-							black_lists=black_lists,
-							token=token)
-print(template)
+	white_lists = funct.get_files(dir=white_dir, format="lst")
+	black_lists = funct.get_files(dir=black_dir, format="lst")
 
-if form.getvalue('mode') is not None:
+	template = template.render(title="Add: ",
+								role=role,
+								user=user,
+								selects=servers,
+								add=form.getvalue('add'),
+								conf_add=form.getvalue('conf'),
+								group=user_group,
+								versions=funct.versions(),
+								options=sql.select_options(),
+								saved_servers=sql.select_saved_servers(),
+								white_lists=white_lists,
+								black_lists=black_lists,
+								token=token)
+	print(template)
+
+elif form.getvalue('mode') is not None:
 	cert_path = sql.get_setting('cert_path')
 	haproxy_dir = sql.get_setting('haproxy_dir')
 	port = form.getvalue('port')
@@ -72,6 +68,8 @@ if form.getvalue('mode') is not None:
 	ssl = ""
 	ssl_check = ""
 	backend = ""
+	acl = ""
+	servers_split = ""
 	
 	if form.getvalue('balance') is not None:
 		balance = "    balance " + form.getvalue('balance') + "\n"
@@ -168,8 +166,47 @@ if form.getvalue('mode') is not None:
 		options_split += cookie
 		if form.getvalue('dynamic'):
 			options_split += "    dynamic-cookie-key " + form.getvalue('dynamic-cookie-key')+"\n"
-			
-	servers_split = ""	
+
+	if form.getvalue('acl_if'):
+		acl_if = form.getlist('acl_if')
+		acl_value = form.getlist('acl_value')
+		acl_then = form.getlist('acl_then')
+		acl_then_values = form.getlist('acl_then_value')
+		i = 0
+
+		for a in acl_if:
+
+			acl_then_value = '' if acl_then_values[i] == 'IsEmptY' else acl_then_values[i]
+
+			try:
+				if a == '1':
+					acl_if_word = 'hdr_beg(host) -i '
+				elif a == '2':
+					acl_if_word = 'hdr_end(host) -i '
+				elif a == '3':
+					acl_if_word = 'path_beg -i '
+				elif a == '4':
+					acl_if_word = 'path_end -i '
+				else:
+					acl_if_word = ''
+
+				if acl_then[i] == '5':
+					acl += '    use_backend '
+				elif acl_then[i] == '2':
+					acl += '    http-request redirect location '
+				elif acl_then[i] == '3':
+					acl += '    http-request allow'
+					acl_then_value = ''
+				elif acl_then[i] == '4':
+					acl += '    http-request deny'
+					acl_then_value = ''
+
+				acl += acl_then_value + ' if { ' + acl_if_word + acl_value[i] + ' } \n'
+			except Exception:
+				acl = ''
+
+			i += 1
+
 	if form.getvalue('servers') is not None:	
 		servers = form.getlist('servers')
 		server_port = form.getlist('server_port')
@@ -210,9 +247,9 @@ if form.getvalue('mode') is not None:
 	compression_s = ""
 	cache_s = ""
 	cache_set = ""
-	filter = ""
+	filter_com = ""
 	if compression == "1" or cache == "2":
-		filter = "    filter compression\n"
+		filter_com = "    filter compression\n"
 		if cache == "2":
 			cache_s = "    http-request cache-use "+end_name+"\n    http-response cache-store "+end_name+"\n"
 			cache_set = "cache "+end_name+"\n    total-max-size 4\n    max-age 240\n"
@@ -224,7 +261,7 @@ if form.getvalue('mode') is not None:
 		waf = "    filter spoe engine modsecurity config "+haproxy_dir+"/waf.conf\n"
 		waf += "    http-request deny if { var(txn.modsec.code) -m int gt 0 }\n"
 	
-	config_add = "\n" + name + "\n" + bind + mode + maxconn + balance + options_split + cache_s + filter + compression_s + waf + backend + servers_split + "\n" + cache_set + "\n"
+	config_add = "\n" + name + "\n" + bind + mode + maxconn + balance + options_split + cache_s + filter_com + compression_s + waf + acl + backend + servers_split + "\n" + cache_set + "\n"
 
 if form.getvalue('new_userlist') is not None:
 	name = "userlist "+form.getvalue('new_userlist') + "\n"
@@ -241,7 +278,7 @@ if form.getvalue('new_userlist') is not None:
 		passwords = form.getlist('userlist-password')
 		userlist_user_group = form.getlist('userlist-user-group')
 		i = 0
-		print(userlist_user_group)
+
 		for user in users:
 			try: 
 				group = ' groups '+userlist_user_group[i]
@@ -251,34 +288,35 @@ if form.getvalue('new_userlist') is not None:
 			i += 1
 		
 	config_add = "\n" + name + new_userlist_groups + new_users_list
-	
-try:
-	funct.check_is_server_in_group(serv)
-	if config_add:
-		hap_configs_dir = funct.get_config_var('configs', 'haproxy_save_configs_dir')
-		cfg = hap_configs_dir + serv + "-" + funct.get_data('config') + ".cfg"
-		
-		funct.get_config(serv, cfg)
-		try:
-			with open(cfg, "a") as conf:
-				conf.write(config_add)			
-		except IOError:
-			print("error: Can't read import config file")
-		
-		funct.logging(serv, "add.py add new %s" % name)
-		print('<div class="line3" style="position: absolute;top: 35px;left: 200px;">')
-		
-		MASTERS = sql.is_master(serv)
-		for master in MASTERS:
-			if master[0] is not None:
-				funct.upload_and_restart(master[0], cfg)
-		
-		stderr = funct.upload_and_restart(serv, cfg, just_save="save")
-		if stderr:
-			print('<div class="alert alert-danger">%s</div><div id="close"><span title="Close" style="cursor: pointer; float: right;">X</span></div><script>$("#errorMess").click(function(){$("#error").remove();});</script>' % stderr)
-		else:
-			print('<meta http-equiv="refresh" content="0; url=add.py?add=%s&conf=%s&serv=%s">' % (name, config_add, serv))
 
-		print('</div>')
-except Exception:
-	pass
+if form.getvalue('generateconfig') is None:
+	try:
+		funct.check_is_server_in_group(serv)
+		if config_add:
+			hap_configs_dir = funct.get_config_var('configs', 'haproxy_save_configs_dir')
+			cfg = hap_configs_dir + serv + "-" + funct.get_data('config') + ".cfg"
+
+			funct.get_config(serv, cfg)
+			try:
+				with open(cfg, "a") as conf:
+					conf.write(config_add)
+			except IOError:
+				print("error: Can't read import config file")
+
+			funct.logging(serv, "add.py add new %s" % name)
+
+			MASTERS = sql.is_master(serv)
+			for master in MASTERS:
+				if master[0] is not None:
+					funct.upload_and_restart(master[0], cfg)
+
+			stderr = funct.upload_and_restart(serv, cfg, just_save="save")
+			if stderr:
+				print(stderr)
+			else:
+				print(name)
+
+	except Exception:
+		pass
+else:
+	print(config_add)
diff --git a/app/create_db.py b/app/create_db.py
index d12ee9c1..df476157 100644
--- a/app/create_db.py
+++ b/app/create_db.py
@@ -701,15 +701,16 @@ def update_db_v_4_5_4(**kwargs):
 			pass
 	else:
 		if kwargs.get('silent') != 1:
-			print('DB was update to 4.5.4')
+			print('Updating... go to version 4.5.6')
 
 	cur.close()
 	con.close()
-	
-	
+
+
+
 def update_ver(**kwargs):
 	con, cur = get_cur()
-	sql = """update version set version = '4.5.5.0'; """
+	sql = """update version set version = '4.5.6.0'; """
 	try:    
 		cur.execute(sql)
 		con.commit()
diff --git a/app/options.py b/app/options.py
index 91da1b42..555b6933 100644
--- a/app/options.py
+++ b/app/options.py
@@ -1845,7 +1845,6 @@ if form.getvalue('updatessh'):
     if username is None:
         print(error_mess)
     else:
-
         fullpath = funct.get_config_var('main', 'fullpath')
 
         for sshs in sql.select_ssh(id=ssh_id):
@@ -2118,7 +2117,6 @@ if form.getvalue('nginxConnections'):
     if r.status_code == 200:
         bin_bout = [0, 0]
         for num, line in enumerate(r.text.split('\n')):
-            #bin_bout.append(line.encode(encoding='ISO-8859-1'))
             if num == 0:
                 bin_bout.append(line.split(' ')[2])
             if num == 2:
@@ -2303,13 +2301,13 @@ if form.getvalue('viewFirewallRules') is not None:
     cmd1 = ["sudo iptables -L IN_public_allow -n --line-numbers|sed 's/  */ /g'|grep -v -E 'Chain|target'"]
     cmd2 = ["sudo iptables -L OUTPUT -n --line-numbers|sed 's/  */ /g'|grep -v -E 'Chain|target'"]
 
-    input = funct.ssh_command(serv, cmd, raw=1)
+    input_chain = funct.ssh_command(serv, cmd, raw=1)
     IN_public_allow = funct.ssh_command(serv, cmd1, raw=1)
-    output = funct.ssh_command(serv, cmd2, raw=1)
+    output_chain = funct.ssh_command(serv, cmd2, raw=1)
 
     from jinja2 import Environment, FileSystemLoader
 
     env = Environment(loader=FileSystemLoader('templates'))
     template = env.get_template('ajax/firewall_rules.html')
-    template = template.render(input=input, IN_public_allow=IN_public_allow, output=output)
+    template = template.render(input=input_chain, IN_public_allow=IN_public_allow, output=output_chain)
     print(template)
diff --git a/app/scripts/ansible/roles/haproxy/tasks/main.yml b/app/scripts/ansible/roles/haproxy/tasks/main.yml
index eef8ba65..f10b05e1 100644
--- a/app/scripts/ansible/roles/haproxy/tasks/main.yml
+++ b/app/scripts/ansible/roles/haproxy/tasks/main.yml
@@ -30,6 +30,7 @@
     name: 
       - http://repo.haproxy-wi.org/haproxy-{{HAPVER}}.el{{ansible_facts['distribution_major_version']}}.x86_64.rpm
       - socat
+      - rsyslog
     state: present
     disable_gpg_check: yes
   when: (ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS') and HAPVER|length > 0
@@ -45,6 +46,7 @@
     name: 
       - http://repo1.haproxy-wi.org/haproxy-{{HAPVER}}.el{{ansible_facts['distribution_major_version']}}.x86_64.rpm
       - socat
+      - rsyslog
     state: present
   register: install_result1
   when: (ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS') and ("'timed out' in install_result.stderr")
@@ -65,6 +67,7 @@
     name: 
       - haproxy
       - socat
+      - rsyslog
     state: latest
   when: (ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS') and ("'FAILED' in install_result1.stderr")
   environment:
@@ -77,6 +80,7 @@
     name: 
       - haproxy
       - socat
+      - rsyslog
     state: present
   when: ansible_facts['os_family'] == 'Debian' or ansible_facts['os_family'] == 'Ubuntu'
   environment:
@@ -142,6 +146,13 @@
    dest: /etc/rsyslog.conf
   ignore_errors: yes
   notify: restart rsyslog
+
+
+- name: Installing HAProxy conf for logrotate
+  template:
+    src: logrotate.conf.j2
+    dest: /etc/logrotate.d/haproxy.conf
+  ignore_errors: yes
   
     
 - name: Get HAProxy version.
diff --git a/app/sql.py b/app/sql.py
index eeb7c0d1..4054d0c9 100644
--- a/app/sql.py
+++ b/app/sql.py
@@ -1488,7 +1488,7 @@ def select_metrics(serv, **kwargs):
 			date_from = "and date > now() - INTERVAL 720 minute and rowid % 9 = 0"
 		else:
 			date_from = "and date > now() - INTERVAL 30 minute"
-		sql = """ select * from metrics where serv = '{serv}' {date_from} order by `date` desc limit 60 """.format(serv=serv, date_from=date_from)
+		sql = """ select * from metrics where serv = '{serv}' {date_from} order by `date` desc """.format(serv=serv, date_from=date_from)
 	else:
 		if kwargs.get('time_range') == '60':
 			date_from = "and date > datetime('now', '-60 minutes', 'localtime') and rowid % 2 = 0"
diff --git a/app/templates/add.html b/app/templates/add.html
index 5c324242..530837ed 100644
--- a/app/templates/add.html
+++ b/app/templates/add.html
@@ -12,6 +12,9 @@
 'option pgsql-check':'Check a PgSQL Service', 'option redis-check': 'Check a Redis Service',
 'option smtpchk':'Check a SMTP service'} %}
 
+{% set if_values = dict() %}
+{% set if_values = {'1':'Host name starts with','2':'Host name ends with','3':'Path starts with','4':'Path ends with'} %}
+
 <script src="/inc/add.js"></script>
 <div id="tabs">
 	<ul>
@@ -29,7 +32,7 @@
 	<ul id='browse_histroy'></ul>
 	{% include 'include/add_proxy.html' %}
 	<div id="listen">
-		<form name="add-listener" action="/app/add.py" method="post">
+		<form name="add-listener" id="add-listener" action="/app/add.py" method="post">
 			<table class="add-table">
 				<caption><h3>Add listen</h3></caption>
 				<tr>
@@ -113,6 +116,31 @@
 						</span>
 					</td>
 				</tr>
+				<tr class="advance">
+					<td class="addName" title="Access control list">ACL: </td>
+					<td class="addOption">
+						<span title="Add ACL" id="add_listener_acl" class="link add-server"></span>
+						<div id="listener_acl" style="display: none;">
+							<span id="listener_acl_for_cloning">
+								<b class="padding10">if</b>
+								{{ select('listener_acl_if', name='acl_if', values=if_values, first='Choose if', class='force_close', disabled=false) }}
+								<b class="padding10">value</b>
+								{{ input('listener_acl_value', name="acl_value") }}
+								<p style="border-bottom: 1px solid #ddd; padding-bottom: 10px;">
+									<b class="padding10">then</b>
+									{% set values = dict() %}
+									{% set values = {'2':'Redirect to','3':'Allow','4':'Deny'} %}
+									{{ select('listener_acl_then', name='acl_then', values=values, first='Choose action', class='force_close', disabled=false) }}
+									<b class="padding10">value</b>
+									{{ input('frontend_acl_then_value', name='acl_then_value', title="Required if \'then\' is \'Use backend\' or \'Redirect\'") }}
+								</p>
+							</span>
+						</div>
+						<span>
+							<a class="link add-server" id="listener_add_acl" title="Add ACL" style="cursor: pointer; display: none;"></a>
+						</span>
+					</td>
+				</tr>
 				<tr class="advance">
 					<td class="addName"><span title="Cache support start 1.8 and latter">Web acceleration(?):</span></td>
 					<td class="addOption">
@@ -222,7 +250,10 @@
 				</tr>
 				<tr>
 					<td class="addButton">
-						<button type="submit" value="submit">Add Listen</button>
+						<a class="ui-button ui-widget ui-corner-all" title="Add Listen" onclick="addProxy('add-listener')">Add Listen</a>
+					</td>
+					<td class="addButton">
+						<a class="ui-button ui-widget ui-corner-all" title="Generate config and show it" onclick="generateConfig('add-listener')">Generate config</a>
 					</td>
 				</tr>
 			</table>
@@ -232,7 +263,7 @@
 		<!-- Second tabs -->
 		
 	<div id="frontend">
-		<form name="add-frontend" action="/app/add.py" method="post">
+		<form name="add-frontend" id="add-frontend" action="/app/add.py" method="post">
 		<table>
 			<caption><h3>Add frontend</h3></caption>
 			<tr>
@@ -297,12 +328,37 @@
 					<div class="tooltip tooltipTop">This value should not exceed the global maxconn. Default global maxconn value: 2000</div>
 				</td>
 			</tr>
+			<tr class="advance">
+				<td class="addName" title="Access control list">ACL: </td>
+				<td class="addOption">
+					<span title="Add ACL" id="add_frontend_acl" class="link add-server"></span>
+					<div id="frontend_acl" style="display: none;">
+						<span id="frontend_acl_for_cloning">
+							<b class="padding10">if</b>
+							{{ select('frontend_acl_if', name='acl_if', values=if_values, first='Choose if', class='force_close', disabled=false) }}
+							<b class="padding10">value</b>
+							{{ input('frontend_acl_value', name='acl_value') }}
+							<p style="border-bottom: 1px solid #ddd; padding-bottom: 10px;">
+								<b class="padding10">then</b>
+								{% set values = dict() %}
+								{% set values = {'5':'Use backend','2':'Redirect to','3':'Allow','4':'Deny'} %}
+								{{ select('frontend_acl_then', name='acl_then', values=values, first='Choose action', class='force_close', disabled=false) }}
+								<b class="padding10">value</b>
+								{{ input('frontend_acl_then_value', name='acl_then_value', title="Required if \'then\' is \'Use backend\' or \'Redirect\'") }}
+							</p>
+						</span>
+					</div>
+					<span>
+						<a class="link add-server" id="frontend_add_acl" title="Add ACL" style="cursor: pointer; display: none;"></a>
+					</span>
+				</td>
+			</tr>
 			<tr class="advance">
 				<td class="addName"><span title="Cache support start 1.8 and latter">Web acceleration(?):</span></td>
 				<td class="addOption">
 					<span class="controlgroup">
-						{{ checkbox('compression2', title='Enable Compression', value='1', desc='Compression') }}
-						{{ checkbox('cache2', title='Enable cache', value='2', desc='Cache') }}
+						{{ checkbox('compression2', name="compression", title='Enable Compression', value='1', desc='Compression') }}
+						{{ checkbox('cache2', name="cache", title='Enable cache', value='2', desc='Cache') }}
 						{{ checkbox('ssl_offloading1', title='Enable SSL Offloading', desc='SSL Offloading') }}
 					</span>
 				</td>
@@ -363,7 +419,10 @@
 			</tr>
 			<tr>
 				<td class="addButton">
-					<button type="submit">Add Frontend</button>
+					<a class="ui-button ui-widget ui-corner-all" title="Add Frontend" onclick="addProxy('add-frontend')">Add Frontend</a>
+				</td>
+				<td class="addButton">
+					<a class="ui-button ui-widget ui-corner-all" title="Generate config and show it" onclick="generateConfig('add-frontend')">Generate config</a>
 				</td>
 			</tr>
 		</table>
@@ -373,7 +432,7 @@
 				<!-- Third tabs -->
 		
 	<div id="backend">
-		<form name="add-backend" action="/app/add.py" method="post">
+		<form name="add-backend" id="add-backend" action="/app/add.py" method="post">
 		<table>
 			<caption><h3>Add backend</h3></caption>
 			<tr>
@@ -441,8 +500,8 @@
 				<td class="addName"><span title="Cache support start 1.8 and latter">Web acceleration(?):</span></td>
 				<td class="addOption">
 					<span class="controlgroup">
-						{{ checkbox('compression3', title='Enable Compression', value='1', desc='Compression') }}
-						{{ checkbox('cache3', title='Enable cache', value='2', desc='Cache') }}
+						{{ checkbox('compression3', name="compression", title='Enable Compression', value='1', desc='Compression') }}
+						{{ checkbox('cache3', name="cache", title='Enable cache', value='2', desc='Cache') }}
 						{{ checkbox('ssl_offloading2', title='Enable SSL Offloading', desc='SSL Offloading') }}
 					</span>
 				</td>
@@ -530,7 +589,10 @@
 			</tr>
 			<tr>
 				<td class="addButton">
-					<button type="submit" value="" name="" class="btn btn-default">Add Backend</button>
+					<a class="ui-button ui-widget ui-corner-all" title="Add Backend" onclick="addProxy('add-backend')">Add Backend</a>
+				</td>
+				<td class="addButton">
+					<a class="ui-button ui-widget ui-corner-all" title="Generate config and show it" onclick="generateConfig('add-backend')">Generate config</a>
 				</td>
 			</tr>
 		</table>
@@ -733,7 +795,7 @@
 		</div>
 	</div>
 	<div id="userlist">
-		<form name="add-userlist" action="/app/add.py" method="post">
+		<form name="add-userlist" id="add-userlist" action="/app/add.py" method="post">
 		<table>
 			<caption><h3>Add Userlist</h3></caption>
 			<tr>
@@ -786,10 +848,13 @@
 				</td>
 			</tr>
 			<tr>
-			<td class="addButton">
-				<button type="submit" value="" name="" class="btn btn-default">Add Userlist</button>
-			</td>
-		</tr>
+				<td class="addButton">
+					<a class="ui-button ui-widget ui-corner-all" title="Add Userlist" onclick="addProxy('add-userlist')">Add Userlist</a>
+				</td>
+				<td class="addButton">
+					<a class="ui-button ui-widget ui-corner-all" title="Generate config and show it" onclick="generateConfig('add-userlist')">Generate config</a>
+				</td>
+			</tr>
 		</table>
 		</form>
 		<div class="add-note addName alert-info" style="width: inherit; margin-right: 15px;">
@@ -870,7 +935,7 @@
 	</div>
 	{% include 'include/del_confirm.html' %}
 	<div id="dialog-confirm-cert" title="View certificate " style="display: none;">
-		<center><pre id="dialog-confirm-body"></pre></center>
+		<pre id="dialog-confirm-body"></pre>
 	</div>
 	<input type="hidden" id="group" value="{{ group }}">
 </div>
diff --git a/app/templates/include/admin_servers.html b/app/templates/include/admin_servers.html
index 341c68bb..12f03a7f 100644
--- a/app/templates/include/admin_servers.html
+++ b/app/templates/include/admin_servers.html
@@ -15,8 +15,8 @@
 			</th>
 			<th class="checkbox-head" style="width: 5%">HAProxy</th>
 			<th class="checkbox-head" style="width: 5%">Nginx</th>
-			<th class="checkbox-head" style="width: 5%">
-				<span title="If the server has a firewall enabled, enable this option">Firewall</span>
+			<th class="checkbox-head" style="width: 10%">
+				<span title="If the server has a firewall enabled, enable this option">Firewalld</span>
 			</th>
 			<th class="slave-field" style="width: 10%">
 				<span title="Actions with the master config will automatically apply on the slave">Slave for</span>
@@ -92,12 +92,15 @@
 				{% endif %}
 			</td>
 			<td class="checkbox">
-				{% set id = 'firewall-' + server.0|string() %}
-				{% if server.18 == 1 %}
-				{{ checkbox(id, checked='checked') }}
-				{% else %}
-				{{ checkbox(id) }}
-				{% endif %}
+				<div class="controlgroup">
+					{% set id = 'firewall-' + server.0|string() %}
+					{% if server.18 == 1 %}
+					{{ checkbox(id, checked='checked') }}
+					{% else %}
+					{{ checkbox(id) }}
+					{% endif %}
+					<button onclick="viewFirewallRules('{{server.2}}')" title="View firewall rules on server {{server.1}}">view</button>
+				</div>
 			</td>
 			<td>
 				<select id="slavefor-{{server.0}}">
diff --git a/app/templates/include/input_macros.html b/app/templates/include/input_macros.html
index 9be2472b..eeb5e80a 100644
--- a/app/templates/include/input_macros.html
+++ b/app/templates/include/input_macros.html
@@ -15,13 +15,18 @@
 	<label for="{{id}}" title="{{title}}" class="{{id}}">{{desc}}</label><input name="{{name}}" type="checkbox" id="{{id}}" value="{{value|e}}" {{checked}} />
 {%- endmacro %}
 
-{%- macro select(id, values, name='', required='', first='', class='', selected='') -%}
+{%- macro select(id, values, name='', required='', first='', class='', selected='', disabled='true') -%}
 	{% if name == '' %}
 		{% set name = id %}
 	{% endif %}
+	{% if disabled == 'true' %}
+		{% set disabled = 'disabled' %}
+	{% else %}
+		{% set disabled = '' %}
+	{% endif %}
 	<select {{required}} name="{{name}}" id="{{id}}" class="{{class}}">
 		{% if first %}
-			<option disabled selected>{{first}}</option>
+			<option {{disabled}} selected>{{first}}</option>
 		{% endif %}
 		{% for v, des in values|dictsort(false, 'value') %}
 			{% if v == selected %}
diff --git a/app/templates/servers.html b/app/templates/servers.html
index 0373f19a..6c2839eb 100644
--- a/app/templates/servers.html
+++ b/app/templates/servers.html
@@ -124,7 +124,7 @@
 	</div>
 	
 </div>
-<div id="group_error" style="display: none;">
+<div id="group_error" style="display: none; clear: both;">
 	<div class="alert alert-danger">
 		<b>Do not edit this section if your group is "ALL"!</b> Add first<a href="users.py#groups" title="Admin Area: Groups">group</a> or edit your own group at<a href="users.py#users" title="Admin Area: Users">users</a> page
 	</div>
@@ -152,8 +152,10 @@
 			$('#nginxaddserv').selectmenu('enable');
 			$('#haproxy_exp_addserv').selectmenu('enable');
 			$('#nginx_exp_addserv').selectmenu('enable');
+			$('#geoipserv').selectmenu('enable');
 			$('#syn_flood').checkboxradio('enable');
 			$('#nginx_syn_flood').checkboxradio('enable');
+			$('#updating_geoip').checkboxradio('enable');
 		}, 500 );
 		
 	}
diff --git a/inc/add.js b/inc/add.js
index 4463c60b..936a9092 100644
--- a/inc/add.js
+++ b/inc/add.js
@@ -1079,6 +1079,50 @@ $( function() {
 			$("#backend_checks_http_domain").removeAttr('required');
 		}
 	});
+	$( "#add_frontend_acl" ).on( "click", function() {
+		$( "#frontend_acl" ).show();
+		$( "#frontend_add_acl" ).show();
+		$( "#add_frontend_acl" ).hide();
+	} );
+	$( "#add_listener_acl" ).on( "click", function() {
+		$( "#listener_acl" ).show();
+		$( "#listener_add_acl" ).show();
+		$( "#add_listener_acl" ).hide();
+	} );
+	var acl_option = '<b class="padding10">if</b>\n' +
+		'<select name="acl_if">\n' +
+		'\t<option selected>Choose if</option>\n' +
+		'\t<option value="1">Host name starts with</option>\n' +
+		'\t<option value="2">Host name ends with</option>\n' +
+		'\t<option value="3">Path starts with</option>\n' +
+		'\t<option value="4">Path ends with</option>\n' +
+		'</select>' +
+		'<b class="padding10">value</b>\n' +
+		'<input type="text" name="acl_value" class="form-control">\n' +
+		'<p style="border-bottom: 1px solid #ddd; padding-bottom: 10px;">\n' +
+		'<b class="padding10">then</b>\n' +
+		'<select name="acl_then">\n' +
+		'\t<option selected>Choose then</option>\n' +
+		'\t<option value="5">Use backend</option>\n' +
+		'\t<option value="2">Redirect to</option>\n' +
+		'\t<option value="3">Allow</option>\n' +
+		'\t<option value="4">Deny</option>\n' +
+		'</select>\n' +
+		'<b class="padding10">value</b>\n' +
+		'<input type="text" name="acl_then_value" class="form-control" value="" title="Required if \"then\" is \"Use backend\" or \"Redirect\""></p>'
+	$("#listener_add_acl").click(function(){
+		$("#listener_acl").append(acl_option);
+		$("#listener_acl").find('option[value=5]').remove();
+		$( "select" ).selectmenu();
+		$('[name=acl_if]').selectmenu({width: 180});
+		$('[name=acl_then]').selectmenu({width: 180});
+	});
+	$("#frontend_add_acl").click(function(){
+		$("#frontend_acl").append(acl_option);
+		$( "select" ).selectmenu();
+		$('[name=acl_if]').selectmenu({width: 180});
+		$('[name=acl_then]').selectmenu({width: 180});
+	});
 });
 function resetProxySettings() {
 	$('[name=port]').val('');
@@ -1453,4 +1497,75 @@ function deleteList(list, color) {
 			}
 		});
 	}
+}
+function generateConfig(form_name) {
+	var frm = $('#'+form_name);
+	var input = $("<input>")
+		.attr("name", "generateconfig").val("1").attr("type", "hidden").attr("id", "generateconfig");
+	$('#'+form_name +' input[name=acl_then_value]').each(function(){
+		if (!$(this).val()){
+			$(this).val('IsEmptY')
+		}
+	});
+	frm.append(input);
+	$.ajax({
+		url: frm.attr('action'),
+		data: frm.serialize(),
+		type: frm.attr('method'),
+		success: function (data) {
+			$('#dialog-confirm-body').text(data);
+			$( "#dialog-confirm-cert" ).dialog({
+				resizable: false,
+				height: "auto",
+				width: 650,
+				modal: true,
+				title: "Generated config",
+				buttons: {
+					Ok: function() {
+						$( this ).dialog( "close" );
+					}
+				}
+			});
+		}
+	});
+	$("#generateconfig").remove();
+	$('#'+form_name +' input[name=acl_then_value]').each(function(){
+		if ($(this).val() == 'IsEmptY'){
+			$(this).val('')
+		}
+	});
+}
+function addProxy(form_name) {
+	var frm = $('#'+form_name);
+	$('#'+form_name +' input').each(function(){
+		if ($(this).val().length === 0){
+			$(this).val() = 'IsEmptY'
+		}
+	});
+	$.ajax({
+		url: frm.attr('action'),
+		data: frm.serialize(),
+		type: frm.attr('method'),
+		success: function( data ) {
+			data = data.replace(/\s+/g, ' ');
+			if (data.indexOf('error: ') != '-1' || data.indexOf('Fatal') != '-1') {
+				toastr.clear();
+				toastr.error(data);
+			} else if (data == '') {
+				toastr.clear();
+				toastr.error('error: Proxy cannot be empty');
+			} else {
+				toastr.clear();
+				toastr.success('Section: ' + data + 'has been added. Do not forget restart server');
+				var ip = frm.find('select[name=serv]').val();
+				localStorage.setItem('restart', ip);
+				resetProxySettings();
+			}
+		}
+	});
+	$('#'+form_name +' input[name=acl_then_value]').each(function(){
+		if ($(this).val() == 'IsEmptY'){
+			$(this).val('')
+		}
+	});
 }
\ No newline at end of file
diff --git a/inc/overview.js b/inc/overview.js
index 9e843a8b..f4662aba 100644
--- a/inc/overview.js
+++ b/inc/overview.js
@@ -242,7 +242,7 @@ $( function() {
 	}
 	$('#apply_close').click( function() {
 		$("#apply").css('display', 'none');
-		Cookies.remove('restart', { path: '' });
+		localStorage.removeItem('restart');
 	});
 	$( ".server-act-links" ).change(function() {
 		var id = $(this).attr('id').split('-');
@@ -270,8 +270,8 @@ function confirmAjaxAction(action, service, id) {
 				if(service == "hap") {
 					ajaxActionServers(action, id);
 					if(action == "restart" || action == "reload") {
-						if(Cookies.get('restart')) {
-							Cookies.remove('restart', { path: '' });
+						if(localStorage.getItem('restart')) {
+							localStorage.removeItem('restart');
 							$("#apply").css('display', 'none');
 						}
 					}
@@ -363,3 +363,25 @@ function showBytes(serv) {
 		}
 	} );
 }
+function showNginxConnections(serv) {
+	$.ajax( {
+		url: "options.py",
+		data: {
+			nginxConnections: serv,
+			token: $('#token').val()
+		},
+		type: "POST",
+		beforeSend: function() {
+			$("#sessions").html('<img class="loading_small_bin_bout" src="/inc/images/loading.gif" />');
+		},
+		success: function( data ) {
+			data = data.replace(/\s+/g,' ');
+			if (data.indexOf('error:') != '-1') {
+				toastr.error(data);
+			} else {
+				$("#bin_bout").html(data);
+				$.getScript("/inc/fontawesome.min.js")
+			}
+		}
+	} );
+}
diff --git a/inc/script.js b/inc/script.js
index dfdac81a..807c55b3 100644
--- a/inc/script.js
+++ b/inc/script.js
@@ -165,8 +165,8 @@ window.onblur= function() {
 		} 
 	}
 };
-if(Cookies.get('restart')) {
-	var ip = Cookies.get('restart');
+if(localStorage.getItem('restart')) {
+	var ip = localStorage.getItem('restart');
 	$.ajax( {
 		url: "options.py",
 		data: {
@@ -181,9 +181,9 @@ if(Cookies.get('restart')) {
 				$("#apply_div").css('width', '850px');
 				if (cur_url[0] == "hapservers.py") {
 					$("#apply_div").css('width', '650px');
-					$("#apply_div").html("You made changes to the server: "+ip+". Changes will take effect only after<a id='"+ip+"' class='restart' title='Restart HAproxy service' onclick=\"confirmAjaxAction('stop', 'hap', '"+ip+"')\">restart</a><a href='#' title='close' id='apply_close' style='float: right'><b>X</b></a>");					
+					$("#apply_div").html("You have made changes to the server: "+ip+". Changes will take effect only after<a id='"+ip+"' class='restart' title='Restart HAproxy service' onclick=\"confirmAjaxAction('stop', 'hap', '"+ip+"')\">restart</a><a href='#' title='close' id='apply_close' style='float: right'><b>X</b></a>");
 				} else {
-					$("#apply_div").html("You made changes to the server: "+ip+". Changes will take effect only after restart. <a href='hapservers.py' title='Overview'>Go to the HAProxy Overview page and restart</a><a href='#' title='close' id='apply_close' style='float: right'><b>X</b></a>");
+					$("#apply_div").html("You have made changes to the server: "+ip+". Changes will take effect only after restart. <a href='hapservers.py' title='Overview'>Go to the HAProxy Overview page and restart</a><a href='#' title='close' id='apply_close' style='float: right'><b>X</b></a>");
 				}
 				$.getScript('/inc/overview.js');
 			}
diff --git a/inc/style.css b/inc/style.css
index 7d45f828..b3ddff8b 100644
--- a/inc/style.css
+++ b/inc/style.css
@@ -1181,4 +1181,11 @@ label {
 	margin-left: 99%;
 	color: #a0d100;
 	cursor: pointer;
+}
+.geoip_country_code {
+	padding: 10px;
+	float: left;
+	font-weight: bold;
+	width: 110px;
+	height: 60px;
 }
\ No newline at end of file
diff --git a/inc/users.js b/inc/users.js
index bacfd768..cb5a3bc1 100644
--- a/inc/users.js
+++ b/inc/users.js
@@ -708,6 +708,36 @@ $( function() {
 			clearTips();
 		}
 	});
+	$('#show_country_codes').click(function() {
+		$('#hide_country_codes').show();
+		$('#geoip_country_codes').show();
+		$('#show_country_codes').hide();
+	});
+	$('#hide_country_codes').click(function() {
+		$('#show_country_codes').show();
+		$('#geoip_country_codes').hide();
+		$('#hide_country_codes').hide();
+	});
+	$( "#geoipserv" ).on('selectmenuchange',function() {
+		$.ajax( {
+			url: "options.py",
+			data: {
+				geoipserv: $('#geoipserv option:selected').val(),
+				token: $('#token').val()
+			},
+			type: "POST",
+			success: function( data ) {
+				data = data.replace(/^\s+|\s+$/g,'');
+				if(data.indexOf('No such file or directory') != '-1') {
+					$('#cur_geoip').text('GeoLite2 has not installed');
+					$('#geoip_install').show();
+				} else {
+					$('#cur_geoip').text('GeoLite2 has already installed');
+					$('#geoip_install').hide();
+				}
+			}
+		} );
+	});
 } );
 function common_ajax_action_after_success(dialog_id, new_group, ajax_append_id, data) {
 	toastr.clear();
@@ -1943,16 +1973,16 @@ function updateService(service) {
 				toastr.success('Update was success!');
 			} else if (data.indexOf('Unauthorized') != '-1') {
 				toastr.clear();
-				toastr.error('It seems like Unauthorized in the HAProxy-WI repository. How to get HAProxy-WI auth you can read <a href="https://haproxy-wi.org/installation.py" title="How to get HAProxy-WI auth">hear</a>');
+				toastr.error('It seems like Unauthorized in the HAProxy-WI repository. How to get HAProxy-WI auth you can read <b><a href="https://haproxy-wi.org/installation.py" title="How to get HAProxy-WI auth">hear</a></b>');
 			} else if (data.indexOf('but not installed') != '-1') {
 				toastr.clear();
 				toastr.error('There is settings for HAProxy-WI repository, but HAProxy-WI is installed without repository. Please reinstall with yum');
 			} else if (data.indexOf('No Match for argument') != '-1') {
 				toastr.clear();
-				toastr.error('It seems like HAProxy-WI repository is not set. Please read docs for <a href="https://haproxy-wi.org/updates.py">detail</a>');
+				toastr.error('It seems like HAProxy-WI repository is not set. Please read docs for <b><a href="https://haproxy-wi.org/updates.py">detail</a></b>');
 			} else if (data.indexOf('password for') != '-1') {
 				toastr.clear();
-				toastr.error('It seems like apache user needs to be add to sudoers. Please read docs for<a href="https://haproxy-wi.org/updates.py">detail</a>');
+				toastr.error('It seems like apache user needs to be add to sudoers. Please read docs for <b><a href="https://haproxy-wi.org/updates.py">detail</a></b>');
 			} else if (data.indexOf('No packages marked for update') != '-1') {
 				toastr.clear();
 				toastr.info('It seems like the lastest version HAProxy-WI is installed');
@@ -1969,6 +1999,7 @@ function updateService(service) {
 				toastr.clear();
 				toastr.error(data);
 			}
+			$("#ajax-update").html('')
 		}
 	} );
 }