diff --git a/src/routes/api.js b/src/routes/api.js
index a2feeb65..37e12949 100644
--- a/src/routes/api.js
+++ b/src/routes/api.js
@@ -42,14 +42,14 @@ async function handleMessagesRequest(req, res) {
       })
     }
 
-    // 模型限制（允许列表）校验：统一在此处处理（去除供应商前缀）
+    // 模型限制（黑名单）校验：统一在此处处理（去除供应商前缀）
     if (
       req.apiKey.enableModelRestriction &&
       Array.isArray(req.apiKey.restrictedModels) &&
       req.apiKey.restrictedModels.length > 0
     ) {
       const effectiveModel = getEffectiveModel(req.body.model || '')
-      if (!req.apiKey.restrictedModels.includes(effectiveModel)) {
+      if (req.apiKey.restrictedModels.includes(effectiveModel)) {
         return res.status(403).json({
           error: {
             type: 'forbidden',
@@ -899,14 +899,14 @@ router.post('/v1/messages/count_tokens', authenticateApiKey, async (req, res) =>
 
     logger.info(`🔢 Processing token count request for key: ${req.apiKey.name}`)
 
-    // 模型限制（允许列表）校验：统一在此处处理（去除供应商前缀）
+    // 模型限制（黑名单）校验：统一在此处处理（去除供应商前缀）
     if (
       req.apiKey.enableModelRestriction &&
       Array.isArray(req.apiKey.restrictedModels) &&
       req.apiKey.restrictedModels.length > 0
     ) {
       const effectiveModel = getEffectiveModel(req.body.model || '')
-      if (!req.apiKey.restrictedModels.includes(effectiveModel)) {
+      if (req.apiKey.restrictedModels.includes(effectiveModel)) {
         return res.status(403).json({
           error: {
             type: 'forbidden',
diff --git a/src/services/claudeRelayService.js b/src/services/claudeRelayService.js
index 7bdb5c5d..b2680626 100644
--- a/src/services/claudeRelayService.js
+++ b/src/services/claudeRelayService.js
@@ -87,12 +87,12 @@ class ClaudeRelayService {
       ) {
         const requestedModel = requestBody.model
         logger.info(
-          `🔒 Model restriction check - Requested model: ${requestedModel}, Allowed models: ${JSON.stringify(apiKeyData.restrictedModels)}`
+          `🔒 Model restriction check - Requested model: ${requestedModel}, Restricted models: ${JSON.stringify(apiKeyData.restrictedModels)}`
         )
 
-        if (requestedModel && !apiKeyData.restrictedModels.includes(requestedModel)) {
+        if (requestedModel && apiKeyData.restrictedModels.includes(requestedModel)) {
           logger.warn(
-            `🚫 Model restriction violation for key ${apiKeyData.name}: Attempted model ${requestedModel} not in allowed list`
+            `🚫 Model restriction violation for key ${apiKeyData.name}: Attempted to use restricted model ${requestedModel}`
           )
           return {
             statusCode: 403,
@@ -874,12 +874,12 @@ class ClaudeRelayService {
       ) {
         const requestedModel = requestBody.model
         logger.info(
-          `🔒 [Stream] Model restriction check - Requested model: ${requestedModel}, Allowed models: ${JSON.stringify(apiKeyData.restrictedModels)}`
+          `🔒 [Stream] Model restriction check - Requested model: ${requestedModel}, Restricted models: ${JSON.stringify(apiKeyData.restrictedModels)}`
         )
 
-        if (requestedModel && !apiKeyData.restrictedModels.includes(requestedModel)) {
+        if (requestedModel && apiKeyData.restrictedModels.includes(requestedModel)) {
           logger.warn(
-            `🚫 Model restriction violation for key ${apiKeyData.name}: Attempted model ${requestedModel} not in allowed list`
+            `🚫 Model restriction violation for key ${apiKeyData.name}: Attempted to use restricted model ${requestedModel}`
           )
 
           // 对于流式响应，需要写入错误并结束流