diff --git a/internal/nodes/http_request_waf.go b/internal/nodes/http_request_waf.go
index c9ae1ad..fa16f3a 100644
--- a/internal/nodes/http_request_waf.go
+++ b/internal/nodes/http_request_waf.go
@@ -198,7 +198,7 @@ func (this *HTTPRequest) checkWAFRequest(firewallPolicy *firewallconfigs.HTTPFir
 			stats.SharedHTTPRequestStatManager.AddFirewallRuleGroupId(this.Server.Id, this.firewallRuleGroupId, ruleSet.Actions)
 		}
 
-		this.firewallActions = ruleSet.ActionCodes()
+		this.firewallActions = append(ruleSet.ActionCodes(), firewallPolicy.Mode)
 	}
 
 	return !goNext, false
@@ -262,7 +262,7 @@ func (this *HTTPRequest) checkWAFResponse(firewallPolicy *firewallconfigs.HTTPFi
 			stats.SharedHTTPRequestStatManager.AddFirewallRuleGroupId(this.Server.Id, this.firewallRuleGroupId, ruleSet.Actions)
 		}
 
-		this.firewallActions = ruleSet.ActionCodes()
+		this.firewallActions = append(ruleSet.ActionCodes(), firewallPolicy.Mode)
 	}
 
 	return !goNext
diff --git a/internal/waf/rule_set.go b/internal/waf/rule_set.go
index b6ac650..b3f1b2d 100644
--- a/internal/waf/rule_set.go
+++ b/internal/waf/rule_set.go
@@ -8,6 +8,7 @@ import (
 	"github.com/iwind/TeaGo/maps"
 	"github.com/iwind/TeaGo/utils/string"
 	"net/http"
+	"sort"
 )
 
 type RuleConnector = string
@@ -122,6 +123,18 @@ func (this *RuleSet) PerformActions(waf *WAF, group *RuleGroup, req requests.Req
 		return true
 	}
 
+	// 排序
+	sort.Slice(this.actionInstances, func(i, j int) bool {
+		var instance1 = this.actionInstances[i]
+		if !instance1.WillChange() {
+			return true
+		}
+		if instance1.Code() == ActionRecordIP {
+			return true
+		}
+		return false
+	})
+
 	// 先执行allow
 	for _, instance := range this.actionInstances {
 		if !instance.WillChange() {