diff --git a/internal/appsec/emitter/httpsec/http.go b/internal/appsec/emitter/httpsec/http.go
index 9f81cdc20e..07f6dd9ba8 100644
--- a/internal/appsec/emitter/httpsec/http.go
+++ b/internal/appsec/emitter/httpsec/http.go
@@ -136,6 +136,7 @@ func BeforeHandle(
 		PathParams:  pathParams,
 	})
 	tr := r.WithContext(ctx)
+	var blocked atomic.Bool
 
 	afterHandle := func() {
 		var statusCode int
@@ -147,27 +148,27 @@ func BeforeHandle(
 			StatusCode: statusCode,
 		}, span)
 
+		if blockPtr := blockAtomic.Swap(nil); blockPtr != nil {
+			blockPtr.Handler.ServeHTTP(w, tr)
+			blocked.Store(true)
+		}
+
 		// Execute the onBlock functions to make sure blocking works properly
 		// in case we are instrumenting the Gin framework
-		if blockPtr := blockAtomic.Load(); blockPtr != nil {
+		if blocked.Load() {
 			for _, f := range opts.OnBlock {
 				f()
 			}
-
-			if blockPtr.Handler != nil {
-				blockPtr.Handler.ServeHTTP(w, tr)
-			}
 		}
 	}
 
-	handled := false
-	if blockPtr := blockAtomic.Load(); blockPtr != nil && blockPtr.Handler != nil {
+	if blockPtr := blockAtomic.Swap(nil); blockPtr != nil {
 		// handler is replaced
 		blockPtr.Handler.ServeHTTP(w, tr)
-		blockPtr.Handler = nil
-		handled = true
+		blocked.Store(true)
 	}
-	return w, tr, afterHandle, handled
+
+	return w, tr, afterHandle, blocked.Load()
 }
 
 // WrapHandler wraps the given HTTP handler with the abstract HTTP operation defined by HandlerOperationArgs and