diff --git a/apisix/plugin.lua b/apisix/plugin.lua
index f6ea4274350e..0c30b419d542 100644
--- a/apisix/plugin.lua
+++ b/apisix/plugin.lua
@@ -736,11 +736,20 @@ function _M.run_plugin(phase, plugins, api_ctx)
         and phase ~= "delayed_body_filter"
     then
         for i = 1, #plugins, 2 do
-            if phase == "rewrite_in_consumer" and plugins[i + 1]._from_consumer
-                    and plugins[i].type ~= "auth"then
-                phase = "rewrite"
+            local phase_func
+            if phase == "rewrite_in_consumer" then
+                if plugins[i].type == "auth" then
+                    plugins[i + 1]._skip_rewrite_in_consumer = true
+                end
+                phase_func = plugins[i]["rewrite"]
+            else
+                phase_func = plugins[i][phase]
             end
-            local phase_func = plugins[i][phase]
+
+            if phase == "rewrite_in_consumer" and plugins[i + 1]._skip_rewrite_in_consumer then
+                goto CONTINUE
+            end
+
             if phase_func then
                 plugin_run = true
                 local code, body = phase_func(plugins[i + 1], api_ctx)
@@ -760,6 +769,8 @@ function _M.run_plugin(phase, plugins, api_ctx)
                     end
                 end
             end
+
+            ::CONTINUE::
         end
         return api_ctx, plugin_run
     end
diff --git a/t/node/consumer-plugin2.t b/t/node/consumer-plugin2.t
index 249441a6c1a4..c05762f40e2d 100644
--- a/t/node/consumer-plugin2.t
+++ b/t/node/consumer-plugin2.t
@@ -238,3 +238,68 @@ x-real-ip: 127.0.0.1
     }
 --- response_body
 {"key-auth":true,"proxy-rewrite":true}
+
+
+
+=== TEST 7: configure non-auth plugins in the consumer and run it's rewrite phase
+--- config
+    location /t {
+        content_by_lua_block {
+            local t = require("lib.test_admin").test
+            local code, body = t('/apisix/admin/consumers/jack',
+                 ngx.HTTP_PUT,
+                [[{
+                    "username": "jack",
+                    "plugins": {
+                        "key-auth": {
+                            "key": "auth-jack"
+                        },
+                        "ip-restriction": {
+                            "blacklist": [
+                                "127.0.0.0/24"
+                            ]
+                        }
+                    }
+                }]]
+            )
+            if code >= 300 then
+                ngx.status = code
+                ngx.say(body)
+                return
+            end
+
+            local code, body = t('/apisix/admin/routes/1',
+                 ngx.HTTP_PUT,
+                 [[{
+                        "plugins": {
+                            "key-auth": {}
+                        },
+                        "upstream": {
+                            "nodes": {
+                                "127.0.0.1:1980": 1
+                            },
+                            "type": "roundrobin"
+                        },
+                        "uri": "/hello"
+                }]]
+            )
+
+            if code >= 300 then
+                ngx.status = code
+            end
+            ngx.say(body)
+        }
+    }
+--- response_body
+passed
+
+
+
+=== TEST 8: hit routes and ip-restriction work well
+--- request
+GET /hello
+--- more_headers
+apikey: auth-jack
+--- error_code: 403
+--- response_body
+{"message":"Your IP address is not allowed"}