diff --git a/core/xray/app/dispatcher/default.go b/core/xray/app/dispatcher/default.go
index 18173bc..c4bf662 100644
--- a/core/xray/app/dispatcher/default.go
+++ b/core/xray/app/dispatcher/default.go
@@ -414,48 +414,48 @@ func (d *DefaultDispatcher) routedDispatch(ctx context.Context, link *transport.
 	}
 
 	sessionInbound := session.InboundFromContext(ctx)
-	if l != nil {
-		// del connect count
-		if sessionInbound.User != nil {
+	if sessionInbound.User != nil {
+		if l != nil {
+			// del connect count
 			if destination.Network == net.Network_TCP {
 				defer func() {
 					l.ConnLimiter.DelConnCount(sessionInbound.User.Email, sessionInbound.Source.Address.IP().String())
 				}()
 			}
+		} else {
+			var err error
+			l, err = limiter.GetLimiter(sessionInbound.Tag)
+			if err != nil {
+				newError("get limiter ", sessionInbound.Tag, " error: ", err).AtWarning().WriteToLog(session.ExportIDToError(ctx))
+			}
 		}
-	} else {
-		var err error
-		l, err = limiter.GetLimiter(sessionInbound.Tag)
-		if err != nil {
-			newError("get limiter ", sessionInbound.Tag, " error: ", err).AtWarning().WriteToLog(session.ExportIDToError(ctx))
-		}
-	}
-	var destStr string
-	if destination.Address.Family().IsDomain() {
-		destStr = destination.Address.Domain()
-	} else {
-		destStr = destination.Address.IP().String()
-	}
-	if l != nil {
-		if l.CheckDomainRule(destStr) {
-			newError(fmt.Sprintf(
-				"User %s access domain %s reject by rule",
-				sessionInbound.User.Email,
-				destStr)).AtWarning().WriteToLog(session.ExportIDToError(ctx))
-			common.Close(link.Writer)
-			common.Interrupt(link.Reader)
-			return
-		}
-		if len(protocol) != 0 {
-			if l.CheckProtocolRule(protocol) {
+		if l != nil {
+			var destStr string
+			if destination.Address.Family().IsDomain() {
+				destStr = destination.Address.Domain()
+			} else {
+				destStr = destination.Address.IP().String()
+			}
+			if l.CheckDomainRule(destStr) {
 				newError(fmt.Sprintf(
-					"User %s access protocol %s reject by rule",
+					"User %s access domain %s reject by rule",
 					sessionInbound.User.Email,
-					protocol)).AtWarning().WriteToLog(session.ExportIDToError(ctx))
+					destStr)).AtWarning().WriteToLog(session.ExportIDToError(ctx))
 				common.Close(link.Writer)
 				common.Interrupt(link.Reader)
 				return
 			}
+			if len(protocol) != 0 {
+				if l.CheckProtocolRule(protocol) {
+					newError(fmt.Sprintf(
+						"User %s access protocol %s reject by rule",
+						sessionInbound.User.Email,
+						protocol)).AtWarning().WriteToLog(session.ExportIDToError(ctx))
+					common.Close(link.Writer)
+					common.Interrupt(link.Reader)
+					return
+				}
+			}
 		}
 	}