多命中情况下，优先级：WHITELIST>REJEC >REDIRECTT>REPLACE。相同优先级执行配置ID较大的。MONIT支持多命中。

platform/CMakeLists.txt

@@ -42,9 +42,7 @@ target_link_libraries(test_key_keeper pthread dl
 		curl
 		MESA_htable wiredcfg
 		MESA_field_stat)
-
-install(TARGETS test_key_keeper RUNTIME DESTINATION ./)
-
+		
 ### test_tfe_rpc
 add_executable(test_tfe_rpc test/test_tfe_rpc.cpp src/key_keeper.cpp src/ssl_sess_cache.cpp  src/ssl_utils.cc)
 
@@ -64,9 +62,6 @@ target_link_libraries(test_tfe_rpc pthread dl
 		curl
 		MESA_field_stat)
 
-install(TARGETS test_tfe_rpc RUNTIME DESTINATION ./)
-
-
 ### test_chello_parse
 add_executable(test_chello_parse test/test_chello_parse.cpp src/ssl_utils.cc)
 
@@ -84,5 +79,3 @@ target_link_libraries(test_chello_parse pthread dl
 		MESA_htable wiredcfg
 		cjson
 		MESA_field_stat)
-
-install(TARGETS test_chello_parse RUNTIME DESTINATION ./)

plugin/business/pangu-http/pangu_http.cpp

@@ -36,7 +36,8 @@ enum pangu_action//Bigger action number is prior.
 	PG_ACTION_RATELIMIT = 0x40,    /* N/A */
 	PG_ACTION_REPLACE = 0x50,
 	PG_ACTION_LOOP = 0x60,    /* N/A */
-	PG_ACTION_WHITELIST = 0x80
+	PG_ACTION_WHITELIST = 0x80,
+	__PG_ACTION_MAX
 };
 
 enum scan_table
@@ -288,7 +289,17 @@ inline void addr_tfe2sapp(const struct tfe_stream_addr * tfe_addr, struct ipaddr
 	sapp_addr->paddr = (char *) tfe_addr->paddr;
 	return;
 }
-
+int action_cmp(enum pangu_action a1, enum pangu_action a2)
+{
+	int weight[__PG_ACTION_MAX];
+	memset(weight, 0, sizeof(weight));
+	weight[PG_ACTION_MONIT]		=	0;
+	weight[PG_ACTION_REPLACE]	=	1;
+	weight[PG_ACTION_REDIRECT]	=	2;
+	weight[PG_ACTION_REJECT]	=	3;
+	weight[PG_ACTION_WHITELIST]	=	4;
+	return weight[a1]-weight[a2];
+}
 //enforce_rules[0] contains execute action.
 static enum pangu_action decide_ctrl_action(const struct Maat_rule_t * hit_rules, size_t n_hit,
 	struct Maat_rule_t ** enforce_rules, size_t * n_enforce)
@@ -305,14 +316,14 @@ static enum pangu_action decide_ctrl_action(const struct Maat_rule_t * hit_rules
 			memcpy(monit_rule + n_monit, hit_rules + i, sizeof(struct Maat_rule_t));
 			n_monit++;
 		}
-		if ((enum pangu_action) hit_rules[i].action > prior_action)
+		if (action_cmp((enum pangu_action) hit_rules[i].action, prior_action)>0)
 		{
 			prior_rule = hit_rules + i;
 			prior_action = (enum pangu_action) hit_rules[i].action;
 		}
-		else if ((enum pangu_action) hit_rules[i].action == prior_action)
+		else if (action_cmp((enum pangu_action) hit_rules[i].action, prior_action) == 0)
 		{
-			if (hit_rules[i].config_id < prior_rule->config_id)
+			if (hit_rules[i].config_id > prior_rule->config_id)
 			{
 				prior_rule = hit_rules + i;
 			}
@@ -749,8 +760,29 @@ void pangu_on_http_end(const struct tfe_stream * stream,
 	const struct tfe_http_session * session, unsigned int thread_id, void ** pme)
 {
 	struct pangu_http_ctx * ctx = *(struct pangu_http_ctx **) pme;
-	struct pangu_log log_msg = {.stream=stream, .http=session, .result=ctx->enforce_rules, .result_num=ctx->n_enforce};
-	if (ctx->action != PG_ACTION_NONE&& !(ctx->action == PG_ACTION_REPLACE && ctx->rep_ctx->actually_replaced==0))
+	int i=0, j=0;
+	if(ctx->action == PG_ACTION_REPLACE && ctx->rep_ctx->actually_replaced==0)
+	{
+		for(i=0; i< ctx->n_enforce; i++)
+		{
+			if(ctx->enforce_rules[i].action == PG_ACTION_REPLACE)
+			{
+				if(i+1 > ctx->n_enforce)
+				{
+					memmove(ctx->enforce_rules+i, ctx->enforce_rules+i+1, sizeof(struct Maat_rule_t));
+				}
+				j++;
+			}
+		}
+		ctx->n_enforce-=j;
+		if(ctx->n_enforce==0)
+		{
+			ctx->action = PG_ACTION_NONE;
+			FREE(&(ctx->enforce_rules));
+		}
+	}
+	struct pangu_log log_msg =  {.stream=stream, .http=session, .result=ctx->enforce_rules, .result_num=ctx->n_enforce};
+	if (ctx->action != PG_ACTION_NONE&& !(ctx->action == PG_ACTION_REPLACE && ctx->n_enforce==1 && ctx->rep_ctx->actually_replaced==0))
 	{
 		pangu_send_log(g_pangu_rt->send_logger, &log_msg);
 	}