diff --git a/server/lib/traefik/getTraefikConfig.ts b/server/lib/traefik/getTraefikConfig.ts
index e5bf3881..06754ffa 100644
--- a/server/lib/traefik/getTraefikConfig.ts
+++ b/server/lib/traefik/getTraefikConfig.ts
@@ -41,9 +41,10 @@ type TargetWithSite = Target & {
 export async function getTraefikConfig(
     exitNodeId: number,
     siteTypes: string[],
-    filterOutNamespaceDomains = false,
-    generateLoginPageRouters = false,
-    allowRawResources = true
+    filterOutNamespaceDomains = false, // UNUSED BUT USED IN PRIVATE
+    generateLoginPageRouters = false, // UNUSED BUT USED IN PRIVATE
+    allowRawResources = true,
+    allowMaintenancePage = true, // UNUSED BUT USED IN PRIVATE
 ): Promise<any> {
     // Get resources with their targets and sites in a single optimized query
     // Start from sites on this exit node, then join to targets and resources
diff --git a/server/private/lib/traefik/getTraefikConfig.ts b/server/private/lib/traefik/getTraefikConfig.ts
index 62c60696..18410e62 100644
--- a/server/private/lib/traefik/getTraefikConfig.ts
+++ b/server/private/lib/traefik/getTraefikConfig.ts
@@ -358,18 +358,6 @@ export async function getTraefikConfig(
                 }
             }
 
-            if (resource.ssl) {
-                config_output.http.routers![routerName + "-redirect"] = {
-                    entryPoints: [
-                        config.getRawConfig().traefik.http_entrypoint
-                    ],
-                    middlewares: [redirectHttpsMiddlewareName],
-                    service: serviceName,
-                    rule: rule,
-                    priority: priority
-                };
-            }
-
             let tls = {};
             if (!privateConfig.getRawPrivateConfig().flags.use_pangolin_dns) {
                 const domainParts = fullDomain.split(".");
@@ -435,6 +423,18 @@ export async function getTraefikConfig(
                 }
             }
 
+            if (resource.ssl) {
+                config_output.http.routers![routerName + "-redirect"] = {
+                    entryPoints: [
+                        config.getRawConfig().traefik.http_entrypoint
+                    ],
+                    middlewares: [redirectHttpsMiddlewareName],
+                    service: serviceName,
+                    rule: rule,
+                    priority: priority
+                };
+            }
+
             const availableServers = targets.filter((target) => {
                 if (!target.enabled) return false;
 
@@ -464,7 +464,7 @@ export async function getTraefikConfig(
                 }
             }
 
-            if (showMaintenancePage) {
+            if (showMaintenancePage && allowMaintenancePage) {
                 const maintenanceServiceName = `${key}-maintenance-service`;
                 const maintenanceRouterName = `${key}-maintenance-router`;
                 const rewriteMiddlewareName = `${key}-maintenance-rewrite`;
diff --git a/server/private/routers/hybrid.ts b/server/private/routers/hybrid.ts
index 009b2fe1..bbc0e0c8 100644
--- a/server/private/routers/hybrid.ts
+++ b/server/private/routers/hybrid.ts
@@ -247,7 +247,8 @@ hybridRouter.get(
                 ["newt", "local", "wireguard"], // Allow them to use all the site types
                 true, // But don't allow domain namespace resources
                 false, // Dont include login pages,
-                true // allow raw resources
+                true, // allow raw resources
+                false // dont generate maintenance page
             );
 
             return response(res, {
diff --git a/server/setup/scriptsPg/1.14.0.ts b/server/setup/scriptsPg/1.14.0.ts
index 7ccded5a..c396df0c 100644
--- a/server/setup/scriptsPg/1.14.0.ts
+++ b/server/setup/scriptsPg/1.14.0.ts
@@ -60,11 +60,11 @@ export default async function migration() {
         );
 
         await db.execute(
-            sql`ALTER TABLE "siteResources" ADD COLUMN "tcpPortRangeString" varchar;`
+            sql`ALTER TABLE "siteResources" ADD COLUMN "tcpPortRangeString" varchar NOT NULL DEFAULT '*';`
         );
 
         await db.execute(
-            sql`ALTER TABLE "siteResources" ADD COLUMN "udpPortRangeString" varchar;`
+            sql`ALTER TABLE "siteResources" ADD COLUMN "udpPortRangeString" varchar NOT NULL DEFAULT '*';`
         );
 
         await db.execute(
diff --git a/server/setup/scriptsSqlite/1.14.0.ts b/server/setup/scriptsSqlite/1.14.0.ts
index a4883b8f..9559519a 100644
--- a/server/setup/scriptsSqlite/1.14.0.ts
+++ b/server/setup/scriptsSqlite/1.14.0.ts
@@ -73,16 +73,18 @@ export default async function migration() {
             ).run();
 
             db.prepare(
-                `ALTER TABLE 'siteResources' ADD 'tcpPortRangeString' text;`
+                `ALTER TABLE 'siteResources' ADD 'tcpPortRangeString' text DEFAULT '*' NOT NULL;`
             ).run();
 
             db.prepare(
-                `ALTER TABLE 'siteResources' ADD 'udpPortRangeString' text;`
+                `ALTER TABLE 'siteResources' ADD 'udpPortRangeString' text DEFAULT '*' NOT NULL;`
             ).run();
 
             db.prepare(
-                `ALTER TABLE 'siteResources' ADD 'disableIcmp' integer;`
+                `ALTER TABLE 'siteResources' ADD 'disableIcmp' integer NOT NULL DEFAULT false;`
             ).run();
+
+
         })();
 
         db.pragma("foreign_keys = ON");
diff --git a/src/app/[orgId]/settings/resources/proxy/[niceId]/general/page.tsx b/src/app/[orgId]/settings/resources/proxy/[niceId]/general/page.tsx
index 897c5d00..7cf9339b 100644
--- a/src/app/[orgId]/settings/resources/proxy/[niceId]/general/page.tsx
+++ b/src/app/[orgId]/settings/resources/proxy/[niceId]/general/page.tsx
@@ -189,7 +189,7 @@ function MaintenanceSectionForm({
                                 name="maintenanceModeEnabled"
                                 render={({ field }) => {
                                     const isDisabled =
-                                        isSecurityFeatureDisabled();
+                                        isSecurityFeatureDisabled() || resource.http === false;
 
                                     return (
                                         <FormItem>