diff --git a/apisix/cli/ops.lua b/apisix/cli/ops.lua
index 36ea47af3eb8..e7f86f562e22 100644
--- a/apisix/cli/ops.lua
+++ b/apisix/cli/ops.lua
@@ -185,12 +185,9 @@ local function init(env)
     local checked_admin_key = false
     local allow_admin = yaml_conf.deployment.admin and
         yaml_conf.deployment.admin.allow_admin
-    if yaml_conf.apisix.enable_admin and allow_admin then
-        for _, allow_ip in ipairs(allow_admin) do
-            if allow_ip == "127.0.0.0/24" then
-                checked_admin_key = true
-            end
-        end
+    if yaml_conf.apisix.enable_admin and allow_admin
+       and #allow_admin == 1 and allow_admin[1] == "127.0.0.0/24" then
+        checked_admin_key = true
     end
 
     if yaml_conf.apisix.enable_admin and not checked_admin_key then
diff --git a/apisix/core/config_util.lua b/apisix/core/config_util.lua
index 4cc0ed33daf3..7e57ed402fd8 100644
--- a/apisix/core/config_util.lua
+++ b/apisix/core/config_util.lua
@@ -88,8 +88,14 @@ function _M.cancel_clean_handler(item, idx, fire)
     end
 
     core_tab.remove(item.clean_handlers, pos)
-    if fire then
+    if not fire then
+        return
+    end
+
+    if f then
         f(item)
+    else
+        log.error("The function used to clear the health checker is nil, please check")
     end
 end
 
diff --git a/apisix/core/utils.lua b/apisix/core/utils.lua
index 01c8b34c8503..70531e7c1fa9 100644
--- a/apisix/core/utils.lua
+++ b/apisix/core/utils.lua
@@ -335,4 +335,45 @@ end
 _M.resolve_var = resolve_var
 
 
+local resolve_var_with_captures
+do
+    local _captures
+    -- escape is not supported very well, like there is a redundant '\' after escape "$1"
+    local pat = [[ (?<! \\) \$ \{? (\d+) \}? ]]
+
+    local function resolve(m)
+        local v = _captures[tonumber(m[1])]
+        if not v then
+            v = ""
+        end
+        return v
+    end
+
+    -- captures is the match result of regex uri in proxy-rewrite plugin
+    function resolve_var_with_captures(tpl, captures)
+        if not tpl then
+            return tpl, nil
+        end
+
+        local from = core_str.find(tpl, "$")
+        if not from then
+            return tpl, nil
+        end
+
+        captures = captures or {}
+
+        _captures = captures
+        local res, _, err = re_gsub(tpl, pat, resolve, "jox")
+        _captures = nil
+        if not res then
+            return nil, err
+        end
+
+        return res, nil
+    end
+end
+-- Resolve {$1, $2, ...} in the given string
+_M.resolve_var_with_captures = resolve_var_with_captures
+
+
 return _M
diff --git a/apisix/plugins/cors.lua b/apisix/plugins/cors.lua
index 8e2a468aa6ad..4f0bfa5d37aa 100644
--- a/apisix/plugins/cors.lua
+++ b/apisix/plugins/cors.lua
@@ -237,10 +237,6 @@ local function process_with_allow_origins(allow_origins, ctx, req_origin,
 end
 
 local function process_with_allow_origins_by_regex(conf, ctx, req_origin)
-    if conf.allow_origins_by_regex == nil then
-        return
-    end
-
     if not conf.allow_origins_by_regex_rules_concat then
         local allow_origins_by_regex_rules = {}
         for i, re_rule in ipairs(conf.allow_origins_by_regex) do
@@ -293,13 +289,14 @@ end
 
 function _M.header_filter(conf, ctx)
     local req_origin =  ctx.original_request_origin
-    -- Try allow_origins first, if mismatched, try allow_origins_by_regex.
+    -- If allow_origins_by_regex is not nil, should be matched to it only
     local allow_origins
-    allow_origins = process_with_allow_origins(conf.allow_origins, ctx, req_origin)
-    if not match_origins(req_origin, allow_origins) then
+    if conf.allow_origins_by_regex == nil then
+        allow_origins = process_with_allow_origins(conf.allow_origins, ctx, req_origin)
+    else
         allow_origins = process_with_allow_origins_by_regex(conf, ctx, req_origin)
     end
-    if not allow_origins then
+    if not match_origins(req_origin, allow_origins) then
         allow_origins = process_with_allow_origins_by_metadata(
                 conf.allow_origins_by_metadata, ctx, req_origin
         )
diff --git a/apisix/plugins/proxy-rewrite.lua b/apisix/plugins/proxy-rewrite.lua
index 0308557ee44c..8b1df5aaa876 100644
--- a/apisix/plugins/proxy-rewrite.lua
+++ b/apisix/plugins/proxy-rewrite.lua
@@ -21,6 +21,7 @@ local ipairs      = ipairs
 local ngx         = ngx
 local type        = type
 local re_sub      = ngx.re.sub
+local re_match    = ngx.re.match
 local sub_str     = string.sub
 local str_find    = core.string.find
 
@@ -41,6 +42,10 @@ local lrucache = core.lrucache.new({
     type = "plugin",
 })
 
+core.ctx.register_var("proxy_rewrite_regex_uri_captures", function(ctx)
+    return ctx.proxy_rewrite_regex_uri_captures
+end)
+
 local schema = {
     type = "object",
     properties = {
@@ -257,6 +262,7 @@ do
         return re_sub(s, [[\?]], "%3F", "jo")
     end
 
+
 function _M.rewrite(conf, ctx)
     for _, name in ipairs(upstream_names) do
         if conf[name] then
@@ -278,15 +284,22 @@ function _M.rewrite(conf, ctx)
 
         local uri, _, err = re_sub(upstream_uri, conf.regex_uri[1],
                                    conf.regex_uri[2], "jo")
-        if uri then
-            upstream_uri = uri
-        else
+        if not uri then
             local msg = "failed to substitute the uri " .. ctx.var.uri ..
                         " (" .. conf.regex_uri[1] .. ") with " ..
                         conf.regex_uri[2] .. " : " .. err
             core.log.error(msg)
             return 500, {message = msg}
         end
+
+        local m, err = re_match(upstream_uri, conf.regex_uri[1], "jo")
+        if not m and err then
+            core.log.error("match error in proxy-rewrite plugin, please check: ", err)
+            return 500
+        end
+        ctx.proxy_rewrite_regex_uri_captures = m
+
+        upstream_uri = uri
     end
 
     if not conf.use_real_request_uri_unsafe then
@@ -325,14 +338,18 @@ function _M.rewrite(conf, ctx)
 
         local field_cnt = #hdr_op.add
         for i = 1, field_cnt, 2 do
-            local val = core.utils.resolve_var(hdr_op.add[i + 1], ctx.var)
+            local val = core.utils.resolve_var_with_captures(hdr_op.add[i + 1],
+                                            ctx.proxy_rewrite_regex_uri_captures)
+            val = core.utils.resolve_var(val, ctx.var)
             local header = hdr_op.add[i]
             core.request.add_header(ctx, header, val)
         end
 
         local field_cnt = #hdr_op.set
         for i = 1, field_cnt, 2 do
-            local val = core.utils.resolve_var(hdr_op.set[i + 1], ctx.var)
+            local val = core.utils.resolve_var_with_captures(hdr_op.set[i + 1],
+                                            ctx.proxy_rewrite_regex_uri_captures)
+            val = core.utils.resolve_var(val, ctx.var)
             core.request.set_header(ctx, hdr_op.set[i], val)
         end
 
diff --git a/apisix/upstream.lua b/apisix/upstream.lua
index a2a0cd3e899a..416bbea7cfa4 100644
--- a/apisix/upstream.lua
+++ b/apisix/upstream.lua
@@ -23,6 +23,7 @@ local error = error
 local tostring = tostring
 local ipairs = ipairs
 local pairs = pairs
+local pcall = pcall
 local ngx_var = ngx.var
 local is_http = ngx.config.subsystem == "http"
 local upstreams
@@ -103,6 +104,12 @@ local function create_checker(upstream)
         return healthcheck_parent.checker
     end
 
+    if upstream.is_creating_checker then
+        core.log.info("another request is creating new checker")
+        return nil
+    end
+    upstream.is_creating_checker = true
+
     local checker, err = healthcheck.new({
         name = get_healthchecker_name(healthcheck_parent),
         shm_name = "upstream-healthcheck",
@@ -111,12 +118,16 @@ local function create_checker(upstream)
 
     if not checker then
         core.log.error("fail to create healthcheck instance: ", err)
+        upstream.is_creating_checker = nil
         return nil
     end
 
     if healthcheck_parent.checker then
-        core.config_util.cancel_clean_handler(healthcheck_parent,
+        local ok, err = pcall(core.config_util.cancel_clean_handler, healthcheck_parent,
                                               healthcheck_parent.checker_idx, true)
+        if not ok then
+            core.log.error("cancel clean handler error: ", err)
+        end
     end
 
     core.log.info("create new checker: ", tostring(checker))
@@ -124,7 +135,7 @@ local function create_checker(upstream)
     local host = upstream.checks and upstream.checks.active and upstream.checks.active.host
     local port = upstream.checks and upstream.checks.active and upstream.checks.active.port
     local up_hdr = upstream.pass_host == "rewrite" and upstream.upstream_host
-    local use_node_hdr = upstream.pass_host == "node"
+    local use_node_hdr = upstream.pass_host == "node" or nil
     for _, node in ipairs(upstream.nodes) do
         local host_hdr = up_hdr or (use_node_hdr and node.domain)
         local ok, err = checker:add_target(node.host, port or node.port, host,
@@ -140,6 +151,8 @@ local function create_checker(upstream)
     healthcheck_parent.checker_idx =
         core.config_util.add_clean_handler(healthcheck_parent, release_checker)
 
+    upstream.is_creating_checker = nil
+
     return checker
 end
 
diff --git a/docs/en/latest/mtls.md b/docs/en/latest/mtls.md
index eae5a17fe615..fe0f43ef7ef9 100644
--- a/docs/en/latest/mtls.md
+++ b/docs/en/latest/mtls.md
@@ -1,5 +1,10 @@
 ---
 title: Mutual TLS Authentication
+keywords:
+  - Apache APISIX
+  - Mutual TLS
+  - mTLS
+description: This document describes how you can secure communication to and within APISIX with mTLS.
 ---
 
 <!--
@@ -68,7 +73,7 @@ curl --cacert /data/certs/mtls_ca.crt --key /data/certs/mtls_client.key --cert /
 
 ### How to configure
 
-You need to build [APISIX-Base](./FAQ.md#how-do-i-build-the-apisix-base-environment) and configure `etcd.tls` section if you want APISIX to work on an etcd cluster with mTLS enabled.
+You need to configure `etcd.tls` for APISIX to work on an etcd cluster with mTLS enabled as shown below:
 
 ```yaml title="conf/config.yaml"
 deployment:
@@ -163,7 +168,7 @@ Sometimes the upstream requires mTLS. In this situation, the APISIX acts as the
 
 When configuring `upstreams`, we could use parameter `tls.client_cert` and `tls.client_key` to configure the client certificate APISIX used to communicate with upstreams. Please refer to [Admin API](./admin-api.md#upstream) for details.
 
-This feature requires APISIX to run on [APISIX-Base](./FAQ/#how-do-i-build-the-apisix-base-environment).
+This feature requires APISIX to run on [APISIX-Base](./FAQ.md#how-do-i-build-the-apisix-base-environment).
 
 Here is a similar Python script to patch a existed upstream with mTLS (changes admin API url if needed):
 
diff --git a/docs/en/latest/plugins/cors.md b/docs/en/latest/plugins/cors.md
index a1ddb255649c..fc1e3e326835 100644
--- a/docs/en/latest/plugins/cors.md
+++ b/docs/en/latest/plugins/cors.md
@@ -40,7 +40,7 @@ The `cors` Plugins lets you enable [CORS](https://developer.mozilla.org/en-US/do
 | expose_headers            | string  | False    | "*"     | Headers in the response allowed when accessing a cross-origin resource. Use `,` to add multiple headers. If `allow_credential` is set to `false`, you can enable CORS for all response headers by using `*`. If `allow_credential` is set to `true`, you can forcefully allow CORS on all response headers by using `**` but it will pose some security issues.                                    |
 | max_age                   | integer | False    | 5       | Maximum time in seconds the result is cached. If the time is within this limit, the browser will check the cached result. Set to `-1` to disable caching. Note that the maximum value is browser dependent. See [Access-Control-Max-Age](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age#Directives) for more details.                                            |
 | allow_credential          | boolean | False    | false   | When set to `true`, allows requests to include credentials like cookies. According to CORS specification, if you set this to `true`, you cannot use '*' to allow all for the other attributes.                                                                                                                                                                                                     |
-| allow_origins_by_regex    | array   | False    | nil     | Regex to match with origin for enabling CORS. For example, `[".*\.test.com"]` can match all subdomain of `test.com`.                                                                                                                                                                                                                                                                               |
+| allow_origins_by_regex    | array   | False    | nil     | Regex to match with origin for enabling CORS. For example, `[".*\.test.com"]` can match all subdomain of `test.com`. When set to specified range, only domains in this range will be allowed, no matter what `allow_origins` is.                                                                                                                                                                   |
 | allow_origins_by_metadata | array   | False    | nil     | Origins to enable CORS referenced from `allow_origins` set in the Plugin metadata. For example, if `"allow_origins": {"EXAMPLE": "https://example.com"}` is set in the Plugin metadata, then `["EXAMPLE"]` can be used to allow CORS on the origin `https://example.com`.                                                                                                                          |
 
 :::info IMPORTANT
diff --git a/docs/en/latest/plugins/proxy-rewrite.md b/docs/en/latest/plugins/proxy-rewrite.md
index bedd246d976e..0e18d9c5d79c 100644
--- a/docs/en/latest/plugins/proxy-rewrite.md
+++ b/docs/en/latest/plugins/proxy-rewrite.md
@@ -41,8 +41,8 @@ The `proxy-rewrite` Plugin rewrites Upstream proxy information such as `scheme`,
 | regex_uri                   | array[string] | False    |         |                                                                                                                                        | New upstream forwarding address. Regular expressions can be used to match the URL from client. If it matches, the URL template is forwarded to the Upstream otherwise, the URL from the client is forwarded. When both `uri` and `regex_uri` are configured, `uri` is used first. For example, `[" ^/iresty/(.*)/(.*)/(.*)", "/$1-$2-$3"]`. Here, the first element is the regular expression to match and the second element is the URL template forwarded to the Upstream. |
 | host                        | string        | False    |         |                                                                                                                                        | New Upstream host address.                                                                                                                                                                                                                                                                                                                                                                                                                                                   |
 | headers                     | object        | False    |         |                                                                                                                                   |                   |
-| headers.add     | object   | false     |        |                 | Append the new headers. The format is `{"name: value",...}`. The values in the header can contain Nginx variables like $remote_addr and $balancer_ip.                                                                                              |
-| headers.set     | object  | false     |        |                 | Overwrite the headers. If the header does not exist, it will be added. The format is  `{"name": "value", ...}`. The values in the header can contain Nginx variables like $remote_addr and $balancer_ip.                                                                                                |
+| headers.add     | object   | false     |        |                 | Append the new headers. The format is `{"name: value",...}`. The values in the header can contain Nginx variables like `$remote_addr` and `$balancer_ip`. It also supports referencing the match result of `regex_uri` as a variable like `$1-$2-$3`.                                                                                              |
+| headers.set     | object  | false     |        |                 | Overwrite the headers. If the header does not exist, it will be added. The format is  `{"name": "value", ...}`. The values in the header can contain Nginx variables like `$remote_addr` and `$balancer_ip`. It also supports referencing the match result of `regex_uri` as a variable like `$1-$2-$3`.                                                                                        |
 | headers.remove  | array   | false     |        |                 | Remove the headers. The format is `["name", ...]`.
 | use_real_request_uri_unsafe | boolean       | False    | false   |                                                                                                                                        | Use real_request_uri (original $request_uri in nginx) to bypass URI normalization. **Enabling this is considered unsafe as it bypasses all URI normalization steps**.                                                                                                                                                                                                                                                                                                     |
 
diff --git a/docs/zh/latest/plugins/cors.md b/docs/zh/latest/plugins/cors.md
index 054c00a1b4dd..01c9791564eb 100644
--- a/docs/zh/latest/plugins/cors.md
+++ b/docs/zh/latest/plugins/cors.md
@@ -40,7 +40,7 @@ description: 本文介绍了 Apache APISIX cors 插件的基本信息及使用
 | expose_headers   | string  | 否   | "*"    | 允许跨域访问时响应方携带哪些非 `CORS 规范` 以外的 Header。如果你有多个 Header，请使用 `,` 分割。当 `allow_credential` 为 `false` 时，可以使用 `*` 来表示允许任意 Header 。你也可以在启用了 `allow_credential` 后使用 `**` 强制允许任意 Header，但请注意这样存在安全隐患。 |
 | max_age          | integer | 否   | 5      | 浏览器缓存 CORS 结果的最大时间，单位为秒。在这个时间范围内，浏览器会复用上一次的检查结果，`-1` 表示不缓存。请注意各个浏览器允许的最大时间不同，详情请参考 [Access-Control-Max-Age - MDN](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age#directives)。 |
 | allow_credential | boolean | 否   | false  | 是否允许跨域访问的请求方携带凭据（如 Cookie 等）。根据 CORS 规范，如果设置该选项为 `true`，那么将不能在其他属性中使用 `*`。 |
-| allow_origins_by_regex | array | 否   | nil  | 使用正则表达式数组来匹配允许跨域访问的 Origin，如 `[".*\.test.com"]` 可以匹配任何 `test.com` 的子域名 `*`。 |
+| allow_origins_by_regex | array | 否   | nil  | 使用正则表达式数组来匹配允许跨域访问的 Origin，如 `[".*\.test.com"]` 可以匹配任何 `test.com` 的子域名 `*`。如果 `allow_origins_by_regex` 属性已经指定，则会忽略 `allow_origins` 属性。 |
 | allow_origins_by_metadata | array | 否    | nil   | 通过引用插件元数据的 `allow_origins` 配置允许跨域访问的 Origin。比如当插件元数据为 `"allow_origins": {"EXAMPLE": "https://example.com"}` 时，配置 `["EXAMPLE"]` 将允许 Origin `https://example.com` 的访问。  |
 
 :::info IMPORTANT
diff --git a/docs/zh/latest/plugins/proxy-rewrite.md b/docs/zh/latest/plugins/proxy-rewrite.md
index 881be42ace1d..ff6feaffded3 100644
--- a/docs/zh/latest/plugins/proxy-rewrite.md
+++ b/docs/zh/latest/plugins/proxy-rewrite.md
@@ -41,8 +41,8 @@ description: 本文介绍了关于 Apache APISIX `proxy-rewrite` 插件的基本
 | regex_uri | array[string] | 否    |         |                                                                                                                                        | 转发到上游的新 `uri` 地址。使用正则表达式匹配来自客户端的 `uri`，如果匹配成功，则使用模板替换转发到上游的 `uri`，如果没有匹配成功，则将客户端请求的 `uri` 转发至上游。当同时配置 `uri` 和 `regex_uri` 属性时，优先使用 `uri`。例如：["^/iresty/(.*)/(.*)/(.*)","/$1-$2-$3"] 第一个元素代表匹配来自客户端请求的 `uri` 正则表达式，第二个元素代表匹配成功后转发到上游的 `uri` 模板。但是目前 APISIX 仅支持一个 `regex_uri`，所以 `regex_uri` 数组的长度是 `2`。 |
 | host      | string        | 否    |         |                   | 转发到上游的新 `host` 地址，例如：`iresty.com`。|
 | headers   | object        | 否    |         |                   |   |
-| headers.add     | object   | 否     |        |                 | 添加新的请求头，如果头已经存在，会追加到末尾。格式为 `{"name: value", ...}`。这个值能够以 `$var` 的格式包含 NGINX 变量，比如 `$remote_addr $balancer_ip`。                                                                                              |
-| headers.set     | object  | 否     |        |                 | 改写请求头，如果请求头不存在，则会添加这个请求头。格式为 `{"name": "value", ...}`。这个值能够以 `$var` 的格式包含 NGINX 变量，比如 `$remote_addr $balancer_ip`。                                                                                                |
+| headers.add     | object   | 否     |        |                 | 添加新的请求头，如果头已经存在，会追加到末尾。格式为 `{"name: value", ...}`。这个值能够以 `$var` 的格式包含 NGINX 变量，比如 `$remote_addr $balancer_ip`。也支持以变量的形式引用 `regex_uri` 的匹配结果，比如 `$1-$2-$3`。                                                                                              |
+| headers.set     | object  | 否     |        |                 | 改写请求头，如果请求头不存在，则会添加这个请求头。格式为 `{"name": "value", ...}`。这个值能够以 `$var` 的格式包含 NGINX 变量，比如 `$remote_addr $balancer_ip`。也支持以变量的形式引用 `regex_uri` 的匹配结果，比如 `$1-$2-$3`。                                                                                           |
 | headers.remove  | array   | 否     |        |                 | 移除响应头。格式为 `["name", ...]`。
 
 ## Header 优先级
diff --git a/t/cli/test_admin.sh b/t/cli/test_admin.sh
index 5336244e3372..6f39ffae170a 100755
--- a/t/cli/test_admin.sh
+++ b/t/cli/test_admin.sh
@@ -154,6 +154,41 @@ fi
 
 echo "pass: missing admin key and show ERROR message"
 
+# missing admin key, only allow 127.0.0.0/24 to access admin api
+
+echo '
+deployment:
+  admin:
+    admin_key: ~
+    allow_admin:
+      - 127.0.0.0/24
+' > conf/config.yaml
+
+make init > output.log 2>&1 | true
+
+if grep -E "ERROR: missing valid Admin API token." output.log > /dev/null; then
+    echo "failed: should not show 'ERROR: missing valid Admin API token.'"
+    exit 1
+fi
+
+echo '
+deployment:
+  admin:
+    admin_key: ~
+    allow_admin:
+      - 0.0.0.0/0
+      - 127.0.0.0/24
+' > conf/config.yaml
+
+make init > output.log 2>&1 | true
+
+if ! grep -E "ERROR: missing valid Admin API token." output.log > /dev/null; then
+    echo "failed: should show 'ERROR: missing valid Admin API token.'"
+    exit 1
+fi
+
+echo "pass: missing admin key and only allow 127.0.0.0/24 to access admin api"
+
 # admin api, allow any IP but use default key
 
 echo '
diff --git a/t/node/healthcheck3.t b/t/node/healthcheck3.t
new file mode 100644
index 000000000000..a1209afa9f7b
--- /dev/null
+++ b/t/node/healthcheck3.t
@@ -0,0 +1,122 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+use t::APISIX 'no_plan';
+
+repeat_each(1);
+log_level('info');
+no_root_location();
+no_shuffle();
+worker_connections(256);
+
+run_tests();
+
+__DATA__
+
+=== TEST 1: set route(two healthy upstream nodes)
+--- config
+    location /t {
+        content_by_lua_block {
+            local t = require("lib.test_admin").test
+            local code, body = t('/apisix/admin/routes/1',
+                 ngx.HTTP_PUT,
+                 [[{
+                    "uri": "/server_port",
+                    "upstream": {
+                        "type": "roundrobin",
+                        "nodes": {
+                            "127.0.0.1:1980": 1,
+                            "127.0.0.1:1981": 1
+                        },
+                        "checks": {
+                            "active": {
+                                "http_path": "/status",
+                                "host": "foo.com",
+                                "healthy": {
+                                    "interval": 1,
+                                    "successes": 1
+                                },
+                                "unhealthy": {
+                                    "interval": 1,
+                                    "http_failures": 2
+                                }
+                            }
+                        }
+                    }
+                }]]
+                )
+
+            if code >= 300 then
+                ngx.status = code
+            end
+            ngx.say(body)
+        }
+    }
+--- request
+GET /t
+--- response_body
+passed
+--- grep_error_log eval
+qr/^.*?\[error\](?!.*process exiting).*/
+--- grep_error_log_out
+
+
+
+=== TEST 2: In case of concurrency only one request can create a checker
+--- config
+    location /t {
+        content_by_lua_block {
+            local healthcheck = require("resty.healthcheck")
+            local test = healthcheck.new
+            healthcheck.new = function(...)
+                ngx.sleep(1)
+                return test(...)
+            end
+
+            local http = require "resty.http"
+            local uri = "http://127.0.0.1:" .. ngx.var.server_port
+                        .. "/server_port"
+
+            local send_request = function()
+                local httpc = http.new()
+                local res, err = httpc:request_uri(uri, {method = "GET", keepalive = false})
+                if not res then
+                    ngx.log(ngx.ERR, err)
+                    return
+                end
+            end
+
+            local t = {}
+
+            for i = 1, 10 do
+                local th = assert(ngx.thread.spawn(send_request))
+                table.insert(t, th)
+            end
+
+            for i, th in ipairs(t) do
+                ngx.thread.wait(th)
+            end
+
+            ngx.exit(200)
+        }
+    }
+--- request
+GET /t
+--- grep_error_log eval
+qr/create new checker/
+--- grep_error_log_out
+create new checker
diff --git a/t/plugin/cors2.t b/t/plugin/cors2.t
index 67f6d6baa2fb..1bc223bd3e8b 100644
--- a/t/plugin/cors2.t
+++ b/t/plugin/cors2.t
@@ -89,3 +89,88 @@ __DATA__
     }
 --- response_body
 done
+
+
+
+=== TEST 2: set route ( regex specified and allow_origins is default value )
+--- config
+    location /t {
+        content_by_lua_block {
+            local t = require("lib.test_admin").test
+            local code, body = t('/apisix/admin/routes/1',
+                 ngx.HTTP_PUT,
+                 [[{
+                    "plugins": {
+                        "cors": {
+                            "allow_origins": "*",
+                            "allow_methods": "GET,POST",
+                            "allow_headers": "request-h",
+                            "expose_headers": "expose-h",
+                            "max_age": 10,
+                            "allow_origins_by_regex":[".*\\.domain.com"]
+                        }
+                    },
+                    "upstream": {
+                        "nodes": {
+                            "127.0.0.1:1980": 1
+                        },
+                        "type": "roundrobin"
+                    },
+                    "uri": "/hello"
+                }]]
+                )
+            if code >= 300 then
+                ngx.status = code
+            end
+            ngx.say(body)
+        }
+    }
+--- request
+GET /t
+--- response_body
+passed
+
+
+
+=== TEST 3: regex specified not match
+--- request
+GET /hello HTTP/1.1
+--- more_headers
+Origin: http://sub.test.com
+resp-vary: Via
+--- response_headers
+Access-Control-Allow-Origin:
+Access-Control-Allow-Methods:
+Access-Control-Allow-Headers:
+Access-Control-Expose-Headers:
+Access-Control-Max-Age:
+Access-Control-Allow-Credentials:
+
+
+
+=== TEST 4: regex no origin specified
+--- request
+GET /hello HTTP/1.1
+--- response_headers
+Access-Control-Allow-Origin:
+Access-Control-Allow-Methods:
+Access-Control-Allow-Headers:
+Access-Control-Expose-Headers:
+Access-Control-Max-Age:
+Access-Control-Allow-Credentials:
+
+
+
+=== TEST 5: regex specified match
+--- request
+GET /hello HTTP/1.1
+--- more_headers
+Origin: http://sub.domain.com
+resp-vary: Via
+--- response_headers
+Access-Control-Allow-Origin: http://sub.domain.com
+Vary: Via
+Access-Control-Allow-Methods: GET,POST
+Access-Control-Allow-Headers: request-h
+Access-Control-Expose-Headers: expose-h
+Access-Control-Max-Age: 10
diff --git a/t/plugin/proxy-rewrite3.t b/t/plugin/proxy-rewrite3.t
index eaea849cd432..45bcd6f5c918 100644
--- a/t/plugin/proxy-rewrite3.t
+++ b/t/plugin/proxy-rewrite3.t
@@ -622,3 +622,152 @@ GET /test/plugin/proxy/rewrite HTTP/1.1
     }
 --- response_body
 /plugin_proxy_rewrite?a=c
+
+
+
+=== TEST 27: use variables in headers when captured by regex_uri
+--- config
+    location /t {
+        content_by_lua_block {
+            local t = require("lib.test_admin").test
+            local code, body = t('/apisix/admin/routes/1',
+                ngx.HTTP_PUT,
+                [[{
+                      "uri": "/test/*",
+                      "plugins": {
+                        "proxy-rewrite": {
+                            "regex_uri": ["^/test/(.*)/(.*)/(.*)", "/echo"],
+                            "headers": {
+                                "add": {
+                                    "X-Request-ID": "$1/$2/$3"
+                                }
+                            }
+                        }
+                      },
+                      "upstream": {
+                          "nodes": {
+                              "127.0.0.1:1980": 1
+                          },
+                          "type": "roundrobin"
+                      }
+                 }]]
+                 )
+
+            if code >= 300 then
+                ngx.status = code
+            end
+            ngx.say(body)
+        }
+    }
+--- request
+GET /t
+--- response_body
+passed
+
+
+
+=== TEST 28: hit
+--- request
+GET /test/plugin/proxy/rewrite HTTP/1.1
+--- response_headers
+X-Request-ID: plugin/proxy/rewrite
+
+
+
+=== TEST 29: use variables in header when not matched regex_uri
+--- config
+    location /t {
+        content_by_lua_block {
+            local t = require("lib.test_admin").test
+            local code, body = t('/apisix/admin/routes/1',
+                ngx.HTTP_PUT,
+                [[{
+                      "uri": "/echo*",
+                      "plugins": {
+                        "proxy-rewrite": {
+                            "regex_uri": ["^/test/(.*)/(.*)/(.*)", "/echo"],
+                            "headers": {
+                                "add": {
+                                    "X-Request-ID": "$1/$2/$3"
+                                }
+                            }
+                        }
+                      },
+                      "upstream": {
+                          "nodes": {
+                              "127.0.0.1:1980": 1
+                          },
+                          "type": "roundrobin"
+                      }
+                 }]]
+                 )
+
+            if code >= 300 then
+                ngx.status = code
+            end
+            ngx.say(body)
+        }
+    }
+--- request
+GET /t
+--- response_body
+passed
+
+
+
+=== TEST 30: hit
+--- request
+GET /echo HTTP/1.1
+--- more_headers
+X-Foo: Foo
+--- response_headers
+X-Foo: Foo
+
+
+
+=== TEST 31: use variables in headers when captured by regex_uri
+--- config
+    location /t {
+        content_by_lua_block {
+            local t = require("lib.test_admin").test
+            local code, body = t('/apisix/admin/routes/1',
+                ngx.HTTP_PUT,
+                [[{
+                      "uri": "/test/*",
+                      "plugins": {
+                        "proxy-rewrite": {
+                            "regex_uri": ["^/test/(not_matched)?.*", "/echo"],
+                            "headers": {
+                                "add": {
+                                    "X-Request-ID": "test1/$1/$2/test2"
+                                }
+                            }
+                        }
+                      },
+                      "upstream": {
+                          "nodes": {
+                              "127.0.0.1:1980": 1
+                          },
+                          "type": "roundrobin"
+                      }
+                 }]]
+                 )
+
+            if code >= 300 then
+                ngx.status = code
+            end
+            ngx.say(body)
+        }
+    }
+--- request
+GET /t
+--- response_body
+passed
+
+
+
+=== TEST 32: hit
+--- request
+GET /test/plugin/proxy/rewrite HTTP/1.1
+--- response_headers
+X-Request-ID: test1///test2