diff --git a/src/log-manager/src/nginx/get_log_content.lua b/src/log-manager/src/nginx/get_log_content.lua
index 5ebc590450..ffcbf81b75 100644
--- a/src/log-manager/src/nginx/get_log_content.lua
+++ b/src/log-manager/src/nginx/get_log_content.lua
@@ -93,5 +93,6 @@ end
 
 -- Refer https://www.openwall.com/lists/oss-security/2020/03/18/1. set_uri may cause security issue.
 -- Here we need to make sure the log_path is valid
+ngx.req.set_uri_args("filename="..log_name)
 ngx.req.set_uri("/~/"..string.sub(path.abspath(log_path), string.len(file_prefix) + 1), true)
 
diff --git a/src/log-manager/src/nginx/nginx.conf.default b/src/log-manager/src/nginx/nginx.conf.default
index 045e888444..cbce51fafa 100644
--- a/src/log-manager/src/nginx/nginx.conf.default
+++ b/src/log-manager/src/nginx/nginx.conf.default
@@ -70,7 +70,7 @@ server {
   location ~ ^/api/v1/logs/(.*)$ {
     add_header Access-Control-Allow-Origin *;
     add_header Access-Control-Allow-Methods 'GET';
-    add_header Content-Disposition 'attachment';
+
     limit_except GET {
       deny all;
     }
@@ -86,6 +86,15 @@ server {
     add_header Accept-Ranges bytes;
     add_header Access-Control-Allow-Origin *;
     rewrite ^/~/(.*)$ $1 break;
+    rewrite_by_lua_block {
+      local args = ngx.req.get_uri_args()
+      local filename = args["filename"]
+      if string.match(filename, "^user%-.*$") then
+        ngx.header["Content-Disposition"] = "attachment; filename=\""..filename..".log\""
+      else
+        ngx.header["Content-Disposition"] = "attachment"
+      end
+    }
 
     root /usr/local/pai/logs/;
   }