diff --git a/plugin/business/pangu-http/src/pangu_http.cpp b/plugin/business/pangu-http/src/pangu_http.cpp
index 8d47e4e..512dd83 100644
--- a/plugin/business/pangu-http/src/pangu_http.cpp
+++ b/plugin/business/pangu-http/src/pangu_http.cpp
@@ -945,6 +945,8 @@ struct pangu_http_ctx
 	int magic_num;
 	enum pangu_action action;
 	char * action_para;
+	int hit_cnt;
+	struct Maat_rule_t result[MAX_SCAN_RESULT];
 	scan_status_t scan_mid;
 	stream_para_t sp;
 	struct cache_mid* cmid;
@@ -1931,10 +1933,10 @@ enum pangu_action http_scan(const struct tfe_http_session * session, enum tfe_ht
 	const char * field_val = NULL;
 	struct http_field_name field_name;
 	struct tfe_http_half * http_half;
-	struct Maat_rule_t result[MAX_SCAN_RESULT];
+	struct Maat_rule_t *result = ctx->result;
 	char buff[TFE_STRING_MAX], * p = NULL;
 	int scan_ret = 0, table_id = 0;
-	size_t hit_cnt = 0, i = 0;
+	size_t hit_cnt = ctx->hit_cnt, i = 0;
 
 	if (events & EV_HTTP_REQ_HDR)
 	{
@@ -1943,7 +1945,7 @@ enum pangu_action http_scan(const struct tfe_http_session * session, enum tfe_ht
 		{
 			int str_host_length = (int) (strlen(session->req->req_spec.host));
 			scan_ret = Maat_full_scan_string(g_pangu_rt->maat, g_pangu_rt->scan_table_id[PXY_CTRL_HTTP_FQDN],
-								CHARSET_UTF8, str_host, str_host_length, result, NULL, MAX_SCAN_RESULT, &(ctx->scan_mid), ctx->thread_id);
+								CHARSET_UTF8, str_host, str_host_length, result + hit_cnt, NULL, MAX_SCAN_RESULT - hit_cnt, &(ctx->scan_mid), ctx->thread_id);
 			if (scan_ret > 0)
 			{
 				hit_cnt += scan_ret;
@@ -2338,7 +2340,6 @@ void cache_write(const struct tfe_http_session * session, enum tfe_http_event ev
 	{
 		ctx->cache_wirte_result=web_cache_write_end(ctx->cache_write_ctx);
 		ctx->cache_write_ctx=NULL;
-		//printf("cache update success: %s\n", ctx->ref_session->req->req_spec.url);
 	}
 }
 
@@ -2351,12 +2352,12 @@ void pangu_on_http_begin(const struct tfe_stream * stream,
 	}
 
 	struct pangu_http_ctx * ctx = *(struct pangu_http_ctx **) pme;
-	struct Maat_rule_t result[MAX_SCAN_RESULT];
 	struct ipaddr sapp_addr;
 	int hit_cnt = 0, scan_ret=0;
 	assert(ctx == NULL);
 	ATOMIC_INC(&(g_pangu_rt->stat_val[STAT_SESSION]));
 	ctx = pangu_http_ctx_new(thread_id);
+	struct Maat_rule_t *result = ctx->result;
 
 	scan_ret = tfe_scan_subscribe_id(stream, result, &(ctx->scan_mid), hit_cnt, ctx->thread_id, g_pangu_rt->local_logger);
 	if(scan_ret>0)
@@ -2388,16 +2389,10 @@ void pangu_on_http_begin(const struct tfe_stream * stream,
 	{
 		hit_cnt+=scan_ret;
 	}
-	if (hit_cnt > 0)
+
+	if(hit_cnt > 0)
 	{
-		ctx->action = decide_ctrl_action(result, hit_cnt, &ctx->enforce_rules, &ctx->n_enforce, &ctx->param);
-	}
-	if (ctx->action == PG_ACTION_WHITELIST)
-	{
-		ATOMIC_INC(&(g_pangu_rt->stat_val[STAT_ACTION_WHITELSIT]));
-		TFE_LOG_INFO(g_pangu_rt->local_logger, "Bypass rules matched on http begin: url=%s policy id=%d.",
-			session->req->req_spec.url, ctx->enforce_rules[0].config_id);
-		tfe_http_session_detach(session);
+		ctx->hit_cnt = hit_cnt;
 	}
 
 	*pme = ctx;
diff --git a/plugin/business/pangu-http/src/pangu_logger.cpp b/plugin/business/pangu-http/src/pangu_logger.cpp
index a27364e..e303b1e 100644
--- a/plugin/business/pangu-http/src/pangu_logger.cpp
+++ b/plugin/business/pangu-http/src/pangu_logger.cpp
@@ -81,6 +81,34 @@ error_out:
 	return NULL;
 }
 
+static int pangu_log_get_fqdn_cat(struct tfe_cmsg *cmsg, char *fqdn_cat_buff)
+{
+	int ret=0;
+    unsigned int i=0, category_id_num=0;
+	uint16_t opt_out_size;
+	unsigned int category_id_val[TFE_SYMBOL_MAX]={0};
+
+	char *p = fqdn_cat_buff;
+
+    ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_FQDN_CAT_ID_NUM, (unsigned char *)&category_id_num, sizeof(category_id_num), &opt_out_size);
+    if (ret != 0 || category_id_num == 0)
+    {
+        return -1;
+    }
+    ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_FQDN_CAT_ID_VAL, (unsigned char *)category_id_val, sizeof(category_id_val), &opt_out_size);
+    if (ret != 0)
+    {
+        return -1;
+    }
+
+    for (i = 0; i < category_id_num && i < 8; i++)
+    {
+    	p += snprintf(p, sizeof(fqdn_cat_buff) - (p - fqdn_cat_buff), "%s%d",  i>0 ? "," : "", category_id_val[i]);
+	}
+
+	return 0;
+}
+
 int pangu_send_log(struct pangu_logger* handle, const struct pangu_log* log_msg)
 {
 	const struct tfe_http_session* http=log_msg->http;
@@ -126,6 +154,7 @@ int pangu_send_log(struct pangu_logger* handle, const struct pangu_log* log_msg)
 	cJSON_AddStringToObject(common_obj, "common_schema_type", "HTTP");
 
 	unsigned int common_direction=0;
+	char category_id_val[TFE_SYMBOL_MAX];
 	char opt_val[24] = { 0 }; uint16_t opt_out_size;
 	struct tfe_cmsg * cmsg = tfe_stream_get0_cmsg(log_msg->stream);
 	if (cmsg!=NULL)
@@ -140,6 +169,11 @@ int pangu_send_log(struct pangu_logger* handle, const struct pangu_log* log_msg)
         {
 			cJSON_AddNumberToObject(common_obj, "common_direction", common_direction);	//0：域内->域外，1：域外->域内，描述的是CLIENT_IP信息
         }
+		ret = pangu_log_get_fqdn_cat(cmsg, category_id_val);
+		if (ret==0)
+		{
+			cJSON_AddStringToObject(common_obj, "common_service_category", category_id_val);
+		}
 	}
 
 	if (http->req)