diff --git a/plugin/business/pangu-http/src/pangu_http.cpp b/plugin/business/pangu-http/src/pangu_http.cpp
index f455b86..f2aa2b4 100644
--- a/plugin/business/pangu-http/src/pangu_http.cpp
+++ b/plugin/business/pangu-http/src/pangu_http.cpp
@@ -546,7 +546,7 @@ static inline int action_cmp(enum pangu_action a1, enum pangu_action a2)
 
 //enforce_rules[0] contains execute action.
 static enum pangu_action decide_ctrl_action(const struct Maat_rule_t * hit_rules, size_t n_hit,
-	struct Maat_rule_t ** enforce_rules, size_t * n_enforce)
+	struct Maat_rule_t ** enforce_rules, size_t * n_enforce, char** enforce_para)
 {
 	size_t n_monit = 0, exist_enforce_num = 0, i = 0;
 	const struct Maat_rule_t * prior_rule = hit_rules;
@@ -603,9 +603,25 @@ static enum pangu_action decide_ctrl_action(const struct Maat_rule_t * hit_rules
 	}
 	else
 	{
-		memcpy(*enforce_rules + exist_enforce_num, prior_rule, sizeof(struct Maat_rule_t));
+		memmove(*enforce_rules+1, *enforce_rules, exist_enforce_num*sizeof(struct Maat_rule_t));
+		memcpy(*enforce_rules, prior_rule, sizeof(struct Maat_rule_t));
 		memcpy(*enforce_rules + exist_enforce_num + 1, monit_rule, n_monit * sizeof(struct Maat_rule_t));
 	}
+	if(*enforce_para!=NULL)
+	{
+		free(*enforce_para);
+	}
+	size_t __serv_def_len = (size_t)prior_rule->serv_def_len;
+	*enforce_para = ALLOC(char, __serv_def_len);
+	
+	if (__serv_def_len > MAX_SERVICE_DEFINE_LEN)
+	{
+		Maat_read_rule(g_pangu_rt->maat,prior_rule, MAAT_RULE_SERV_DEFINE, *enforce_para, __serv_def_len);
+	}
+	else
+	{
+		strcpy(*enforce_para, prior_rule->service_defined);
+	}
 
 	return prior_action;
 }
@@ -940,23 +956,9 @@ enum pangu_action http_scan(const struct tfe_http_session * session, enum tfe_ht
 
 	if (hit_cnt > 0)
 	{
-		ctx->action = decide_ctrl_action(result, hit_cnt, &ctx->enforce_rules, &ctx->n_enforce);
+		ctx->action = decide_ctrl_action(result, hit_cnt, &ctx->enforce_rules, &ctx->n_enforce, &ctx->enforce_para);
 		if (ctx->action == PG_ACTION_WHITELIST) goto __out;
 
-		size_t __serv_def_len = (size_t)ctx->enforce_rules[0].serv_def_len;
-		ctx->enforce_para = ALLOC(char, __serv_def_len);
-
-		if (__serv_def_len > MAX_SERVICE_DEFINE_LEN)
-		{
-			read_rule_ret = Maat_read_rule(g_pangu_rt->maat, &ctx->enforce_rules[0], MAAT_RULE_SERV_DEFINE,
-				ctx->enforce_para, ctx->enforce_rules[0].serv_def_len);
-			assert(read_rule_ret == ctx->enforce_rules[0].serv_def_len);
-		}
-		else
-		{
-			strcpy(ctx->enforce_para, ctx->enforce_rules[0].service_defined);
-		}
-
 		if (hit_cnt > 1)
 		{
 			p = buff;
@@ -1258,7 +1260,7 @@ void pangu_on_http_begin(const struct tfe_stream * stream,
 
 	if (hit_cnt > 0)
 	{
-		ctx->action = decide_ctrl_action(result, hit_cnt, &ctx->enforce_rules, &ctx->n_enforce);
+		ctx->action = decide_ctrl_action(result, hit_cnt, &ctx->enforce_rules, &ctx->n_enforce, &ctx->enforce_para);
 	}
 	if (ctx->action == PG_ACTION_WHITELIST)
 	{