diff --git a/plugin/business/pangu-http/src/pangu_http.cpp b/plugin/business/pangu-http/src/pangu_http.cpp
index 75dd1ca..b783997 100644
--- a/plugin/business/pangu-http/src/pangu_http.cpp
+++ b/plugin/business/pangu-http/src/pangu_http.cpp
@@ -619,8 +619,8 @@ void policy_table_new_cb(int table_id, const char* key, const char* table_line,
 		ply_obj->tpl = ctemplate::Template::GetTemplate(profile_path, ctemplate::DO_NOT_STRIP);
 	}else
 	{
-		ply_obj->profile_msg = rt_read_file(profile_path, &ply_obj->msg_len);
-		if (ply_obj->profile_msg == NULL || ply_obj->msg_len == 0)
+		ply_obj->profile_msg = execute_read_file(profile_path, &ply_obj->msg_len);
+		if (ply_obj->profile_msg == NULL)
 		{
 			TFE_LOG_ERROR(g_pangu_rt->local_logger, "Read file failed %d:%s:%s", cfg_id, profile_name, profile_path);
 		}
@@ -1149,14 +1149,15 @@ static int html_generate(int cfg_id, const char* msg, char ** page_buff, size_t
 	else
 	{
 		*page_size = ply_obj->msg_len;
-		*page_buff = tfe_strdup(ply_obj->profile_msg);
+		*page_buff = ply_obj->profile_msg;
 	}
 	return ret;
 }
 
 static void html_free(char ** page_buff)
 {
-	FREE(page_buff);
+	if (*page_buff)
+		FREE(page_buff);
 	return;
 }
 
@@ -1329,22 +1330,22 @@ void http_replace(const struct tfe_stream * stream, const struct tfe_http_sessio
 static void http_reject(const struct tfe_http_session * session, enum tfe_http_event events,
 	struct pangu_http_ctx * ctx)
 {
-	int resp_code = 0, ret = 0;
+	int resp_code = 0;
 	struct tfe_http_half * response = NULL;
 	char * page_buff = NULL;
 	size_t page_size = 0;
 
 	char cont_len_str[16];
 
-	char msg[TFE_STRING_MAX] = "";
+	char *msg = NULL;
 	struct tfe_http_session * to_write_sess = NULL;
 
-	ret = sscanf(ctx->enforce_para, "code=%d;content=%[^\n]", &resp_code, msg);
-	if (ret != 1 && ret != 2)
-	{
-		TFE_LOG_ERROR(g_pangu_rt->local_logger, "Invalid reject rule %d paramter %s",
-			ctx->enforce_rules[0].config_id, ctx->enforce_para);
+	struct plolicy_param *param = ctx->param;
 
+	resp_code = param->status_code;
+	msg = param->message;
+	if (resp_code <= 0 || msg != NULL){
+		TFE_LOG_ERROR(g_pangu_rt->local_logger, "Invalid block rule %d", ctx->enforce_rules[0].config_id);
 		ctx->action = PG_ACTION_NONE;
 		return;
 	}
@@ -1502,7 +1503,7 @@ static void http_hijack(const struct tfe_http_session * session, enum tfe_http_e
 		size_t page_size = ply_obj->msg_len;
 
 		size_t frag_size=8192; size_t sendlen=0;
-		unsigned char body_frag[frag_size];
+		unsigned char body_frag[frag_size + 1];
 
 		tfe_http_session_response_set(to_write_sess, response);
 		tfe_http_half_write_body_begin(response, 1);
diff --git a/plugin/business/pangu-http/src/pattern_replace.cpp b/plugin/business/pangu-http/src/pattern_replace.cpp
index b81da0b..a627c31 100644
--- a/plugin/business/pangu-http/src/pattern_replace.cpp
+++ b/plugin/business/pangu-http/src/pattern_replace.cpp
@@ -78,23 +78,55 @@ strtok_r_esc(char * s, const char delim, char ** save_ptr)
 	return s;
 }
 
-char *rt_read_file(const char* filename, size_t *input_sz)
+char *execute_read_file(const char *filename, size_t *filelen)
 {
-	FILE* fp=NULL;
-	struct stat file_info;
-	stat(filename, &file_info);
-	*input_sz=file_info.st_size;
+    FILE *file = NULL;
+    long length = 0;
+    char *content = NULL;
+    size_t read_chars = 0;
 
-	fp=fopen(filename,"r");
-	if(fp==NULL)
-	{
-		return NULL;
-	}
-	char* data=(char*)malloc((*input_sz));
-	fread(data,1,*input_sz,fp);
-	fclose(fp);
+    file = fopen(filename, "rb");
+    if (file == NULL)
+    {
+        goto cleanup;
+    }
+    if (fseek(file, 0, SEEK_END) != 0)
+    {
+        goto cleanup;
+    }
+    length = ftell(file);
+    if (length < 0)
+    {
+        goto cleanup;
+    }
+    if (fseek(file, 0, SEEK_SET) != 0)
+    {
+        goto cleanup;
+    }
 
-	return data;
+    /* allocate content buffer */
+    content = (char*)malloc((size_t)length + sizeof(""));
+    if (content == NULL)
+    {
+        goto cleanup;
+    }
+
+    /* read the file into memory */
+    read_chars = fread(content, sizeof(char), (size_t)length, file);
+    if ((long)read_chars != length)
+    {
+        free(content);
+        content = NULL;
+        goto cleanup;
+    }
+	*filelen = read_chars;
+    content[read_chars] = '\0';
+cleanup:
+    if (file != NULL)
+    {
+        fclose(file);
+    }
+    return content;
 }
 size_t __attribute__((__unused__))
 format_replace_rule(const char * exec_para, struct replace_rule * replace, size_t n_replace)
@@ -262,14 +294,14 @@ size_t insert_string(char * in, size_t in_sz, const char *insert_on, const char
 
 	if (0==strcasecmp(type, "css"))
 	{
-		target_size = in_sz+strlen(stype)+css_type_len;
-		target = ALLOC(char, target_size);
+		target_size = in_sz+strlen(stype)+1+css_type_len;
+		target = ALLOC(char, target_size + 1);
 	}
 
 	if (0==strcasecmp(type, "js"))
 	{
-		target_size = in_sz+strlen(stype)+js_type_len;
-		target = ALLOC(char, target_size);
+		target_size = in_sz+strlen(stype)+1+js_type_len;
+		target = ALLOC(char, target_size + 1);
 	}
 
 	if (insert_on != NULL && 0==strcasecmp(insert_on, "after-page-load"))
@@ -283,22 +315,24 @@ size_t insert_string(char * in, size_t in_sz, const char *insert_on, const char
 		size_t style_len = 0; char *style_msg = NULL;
 		if (0==strcasecmp(type, "js"))
 		{
-			style_len = strlen(stype)+js_type_len+1;
+			style_len = strlen(stype)+1+js_type_len;
 			style_msg = ALLOC(char, style_len);
 			snprintf(style_msg, style_len, "<script type=\"text/javascript\" class=\"RQ_SCRIPT\">%s</script>", stype);
 		}
 		if (0==strcasecmp(type, "css"))
 		{
-			style_len = strlen(stype)+css_type_len+1;
+			style_len = strlen(stype)+1+css_type_len;
 			style_msg = ALLOC(char, style_len);
-			snprintf(style_msg, style_len, "<style type=\"text/css\" class=\"RQ_SCRIPT\">%s</style>\n", stype);
+			snprintf(style_msg, style_len, "<style type=\"text/css\" class=\"RQ_SCRIPT\">%s</style>", stype);
 		}
-		strncat(target, style_msg, target_size);
+
+		strncat(target, style_msg, MIN(style_len, target_size));
 		free(style_msg);
 		style_msg = NULL;
-		strncat(target, head_string, target_size);
+		strncat(target, head_string, (target_size - (head_string-in) - style_len));
+		target[target_size-1] = '\0';
+		outlen = target_size;
 		*out = target;
-		outlen = strlen(target) + 1;
 	}else
 	{
 		free(target);
@@ -315,12 +349,13 @@ size_t execute_insert_rule(char * in, size_t in_sz, const struct insert_rule * r
 
 void simple_replace(const char* find, const char* replacement, const char* input, size_t in_sz, char** output, size_t *output_sz)
 {
-	size_t n_got_rule=1;
+	char* exec_para=NULL;
+	asprintf(&exec_para,"zone=http_resp_body;substitute=/%s/%s", find, replacement);
+	size_t n_got_rule=0;
 	struct replace_rule rules[16];
-	rules[0].zone = kZoneResponseBody;
-	rules[0].find = tfe_strdup(find);
-	rules[0].replace_with = tfe_strdup(replacement);
+	n_got_rule=format_replace_rule(exec_para, rules, sizeof(rules)/sizeof(rules[0]));
 	*output_sz=execute_replace_rule(input, strlen(input), kZoneResponseBody, rules, n_got_rule, output);
+	free(exec_para);
 	return;
 }
 
diff --git a/plugin/business/pangu-http/src/pattern_replace.h b/plugin/business/pangu-http/src/pattern_replace.h
index 6c89dd7..639a02d 100644
--- a/plugin/business/pangu-http/src/pattern_replace.h
+++ b/plugin/business/pangu-http/src/pattern_replace.h
@@ -37,6 +37,6 @@ size_t insert_string(char * in, size_t in_sz, const char *insert_on, const char
 void simple_replace(const char* find, const char* replacement, const char* input, size_t in_sz, char** output, size_t *output_sz);
 
 enum replace_zone zone_name_to_id(const char * name);
-char *rt_read_file(const char* filename, size_t *input_sz);
+char *execute_read_file(const char *filename, size_t *filelen);
 
 
diff --git a/plugin/business/pangu-http/src/test_pattern_replace.cpp b/plugin/business/pangu-http/src/test_pattern_replace.cpp
index b5ef209..0672703 100644
--- a/plugin/business/pangu-http/src/test_pattern_replace.cpp
+++ b/plugin/business/pangu-http/src/test_pattern_replace.cpp
@@ -120,13 +120,11 @@ TEST(PatternInsert, CSS)
 	char *input=NULL, *output=NULL;
 	size_t output_sz=0, input_sz = 0;
 
-	input = rt_read_file(filename, &input_sz);
+	input = execute_read_file(filename, &input_sz);
 	EXPECT_TRUE(input_sz>0);
 
     output_sz = insert_string(input, input_sz, NULL, custom, "css", &output);
 
-	//printf("output = %s\n", output);
-
 	EXPECT_TRUE(output_sz>0);
 	EXPECT_TRUE(NULL!=strstr(output, custom));
 	free(output);
@@ -141,19 +139,14 @@ TEST(PatternInsert, after_body)
 	char *input=NULL, *output=NULL;
 	size_t output_sz=0, input_sz = 0;
 
-	input = rt_read_file(filename, &input_sz);
+	input = execute_read_file(filename, &input_sz);
 	EXPECT_TRUE(input_sz>0);
-
     output_sz = insert_string(input, input_sz, "after-page-load", custom, "js", &output);
 
-	//printf("%s\n", output);
-
 	EXPECT_TRUE(output_sz>0);
 	EXPECT_TRUE(NULL!=strstr(output, custom));
-
 	free(input);
 	free(output);
-	output = NULL;
 }
 
 TEST(PatternInsert, before_body)
@@ -164,18 +157,14 @@ TEST(PatternInsert, before_body)
 	char *input=NULL, *output=NULL;
 	size_t output_sz=0, input_sz = 0;
 
-	input = rt_read_file(filename, &input_sz);
+	input = execute_read_file(filename, &input_sz);
 	EXPECT_TRUE(input_sz>0);
-
     output_sz = insert_string(input, input_sz, "before-page-load", custom, "js", &output);
-	//printf("%s\n", output);
 
 	EXPECT_TRUE(output_sz>0);
 	EXPECT_TRUE(NULL!=strstr(output, custom));
-
 	free(input);
 	free(output);
-	output = NULL;
 }
 
 int main(int argc, char ** argv)