Firewall access control works on development mode but not production mode

I have set up the roles restriction to the admin page. It has successfully blocked the users on development mode, but not on product mode.

# vim app/config/security.yml

# app/config/security.yml
security:
    access_control:
        - { path: ^/admin, roles: [ROLE_ADMIN, ROLE_MANAGER] }

Try to clear the cache:

# php app/console cache:clear --env=prod