diff --git a/internal/nodes/http_request_waf.go b/internal/nodes/http_request_waf.go
index 76cd9b1..c2846cb 100644
--- a/internal/nodes/http_request_waf.go
+++ b/internal/nodes/http_request_waf.go
@@ -163,47 +163,52 @@ func (this *HTTPRequest) checkWAFRequest(firewallPolicy *firewallconfigs.HTTPFir
 	// 检查地区封禁
 	if firewallPolicy.Mode == firewallconfigs.FirewallModeDefend {
 		if firewallPolicy.Inbound.Region != nil && firewallPolicy.Inbound.Region.IsOn {
-			regionConfig := firewallPolicy.Inbound.Region
+			var regionConfig = firewallPolicy.Inbound.Region
 			if regionConfig.IsNotEmpty() {
 				for _, remoteAddr := range remoteAddrs {
 					var result = iplib.LookupIP(remoteAddr)
 					if result != nil && result.IsOk() {
-						// 检查国家/地区级别封禁
-						var countryId = result.CountryId()
-						if countryId > 0 && lists.ContainsInt64(regionConfig.DenyCountryIds, countryId) {
-							this.firewallPolicyId = firewallPolicy.Id
+						var currentURL = this.URL()
+						if regionConfig.MatchCountryURL(currentURL) {
+							// 检查国家/地区级别封禁
+							var countryId = result.CountryId()
+							if countryId > 0 && lists.ContainsInt64(regionConfig.DenyCountryIds, countryId) {
+								this.firewallPolicyId = firewallPolicy.Id
 
-							this.writeCode(http.StatusForbidden, "", "")
-							this.writer.Flush()
-							this.writer.Close()
+								this.writeCode(http.StatusForbidden, "", "")
+								this.writer.Flush()
+								this.writer.Close()
 
-							// 停止日志
-							if !logDenying {
-								this.disableLog = true
-							} else {
-								this.tags = append(this.tags, "denyCountry")
+								// 停止日志
+								if !logDenying {
+									this.disableLog = true
+								} else {
+									this.tags = append(this.tags, "denyCountry")
+								}
+
+								return true, false
 							}
-
-							return true, false
 						}
 
-						// 检查省份封禁
-						var provinceId = result.ProvinceId()
-						if provinceId > 0 && lists.ContainsInt64(regionConfig.DenyProvinceIds, provinceId) {
-							this.firewallPolicyId = firewallPolicy.Id
+						if regionConfig.MatchProvinceURL(currentURL) {
+							// 检查省份封禁
+							var provinceId = result.ProvinceId()
+							if provinceId > 0 && lists.ContainsInt64(regionConfig.DenyProvinceIds, provinceId) {
+								this.firewallPolicyId = firewallPolicy.Id
 
-							this.writeCode(http.StatusForbidden, "", "")
-							this.writer.Flush()
-							this.writer.Close()
+								this.writeCode(http.StatusForbidden, "", "")
+								this.writer.Flush()
+								this.writer.Close()
 
-							// 停止日志
-							if !logDenying {
-								this.disableLog = true
-							} else {
-								this.tags = append(this.tags, "denyProvince")
+								// 停止日志
+								if !logDenying {
+									this.disableLog = true
+								} else {
+									this.tags = append(this.tags, "denyProvince")
+								}
+
+								return true, false
 							}
-
-							return true, false
 						}
 					}
 				}