@push.rocks/smartproxy 19.6.16 → 20.0.0

package/ts/proxies/http-proxy/request-handler.ts

@@ -10,7 +10,7 @@ import { ConnectionPool } from './connection-pool.js';
 import { ContextCreator } from './context-creator.js';
 import { HttpRequestHandler } from './http-request-handler.js';
 import { Http2RequestHandler } from './http2-request-handler.js';
-import type { IRouteConfig } from '../smart-proxy/models/route-types.js';
+import type { IRouteConfig, IRouteTarget } from '../smart-proxy/models/route-types.js';
 import type { IRouteContext, IHttpRouteContext } from '../../core/models/route-context.js';
 import { toBaseContext } from '../../core/models/route-context.js';
 import { TemplateUtils } from '../../core/utils/template-utils.js';
@@ -99,6 +99,80 @@ export class RequestHandler {
     return { ...this.defaultHeaders };
   }
   
+  /**
+   * Select the appropriate target from the targets array based on sub-matching criteria
+   */
+  private selectTarget(
+    targets: IRouteTarget[],
+    context: {
+      port: number;
+      path?: string;
+      headers?: Record<string, string>;
+      method?: string;
+    }
+  ): IRouteTarget | null {
+    // Sort targets by priority (higher first)
+    const sortedTargets = [...targets].sort((a, b) => (b.priority || 0) - (a.priority || 0));
+    
+    // Find the first matching target
+    for (const target of sortedTargets) {
+      if (!target.match) {
+        // No match criteria means this is a default/fallback target
+        return target;
+      }
+      
+      // Check port match
+      if (target.match.ports && !target.match.ports.includes(context.port)) {
+        continue;
+      }
+      
+      // Check path match (supports wildcards)
+      if (target.match.path && context.path) {
+        const pathPattern = target.match.path.replace(/\*/g, '.*');
+        const pathRegex = new RegExp(`^${pathPattern}$`);
+        if (!pathRegex.test(context.path)) {
+          continue;
+        }
+      }
+      
+      // Check method match
+      if (target.match.method && context.method && !target.match.method.includes(context.method)) {
+        continue;
+      }
+      
+      // Check headers match
+      if (target.match.headers && context.headers) {
+        let headersMatch = true;
+        for (const [key, pattern] of Object.entries(target.match.headers)) {
+          const headerValue = context.headers[key.toLowerCase()];
+          if (!headerValue) {
+            headersMatch = false;
+            break;
+          }
+          
+          if (pattern instanceof RegExp) {
+            if (!pattern.test(headerValue)) {
+              headersMatch = false;
+              break;
+            }
+          } else if (headerValue !== pattern) {
+            headersMatch = false;
+            break;
+          }
+        }
+        if (!headersMatch) {
+          continue;
+        }
+      }
+      
+      // All criteria matched
+      return target;
+    }
+    
+    // No matching target found, return the first target without match criteria (default)
+    return sortedTargets.find(t => !t.match) || null;
+  }
+  
   /**
    * Apply CORS headers to response if configured
    * Implements Phase 5.5: Context-aware CORS handling
@@ -480,17 +554,31 @@ export class RequestHandler {
       }
     }
 
-    // If we found a matching route with function-based targets, use it
-    if (matchingRoute && matchingRoute.action.type === 'forward' && matchingRoute.action.target) {
+    // If we found a matching route with forward action, select appropriate target
+    if (matchingRoute && matchingRoute.action.type === 'forward' && matchingRoute.action.targets && matchingRoute.action.targets.length > 0) {
       this.logger.debug(`Found matching route: ${matchingRoute.name || 'unnamed'}`);
 
+      // Select the appropriate target from the targets array
+      const selectedTarget = this.selectTarget(matchingRoute.action.targets, {
+        port: routeContext.port,
+        path: routeContext.path,
+        headers: routeContext.headers,
+        method: routeContext.method
+      });
+
+      if (!selectedTarget) {
+        this.logger.error(`No matching target found for route ${matchingRoute.name}`);
+        req.socket.end();
+        return;
+      }
+
       // Extract target information, resolving functions if needed
       let targetHost: string | string[];
       let targetPort: number;
 
       try {
         // Check function cache for host and resolve or use cached value
-        if (typeof matchingRoute.action.target.host === 'function') {
+        if (typeof selectedTarget.host === 'function') {
           // Generate a function ID for caching (use route name or ID if available)
           const functionId = `host-${matchingRoute.id || matchingRoute.name || 'unnamed'}`;
 
@@ -502,7 +590,7 @@ export class RequestHandler {
               this.logger.debug(`Using cached host value for ${functionId}`);
             } else {
               // Resolve the function and cache the result
-              const resolvedHost = matchingRoute.action.target.host(toBaseContext(routeContext));
+              const resolvedHost = selectedTarget.host(toBaseContext(routeContext));
               targetHost = resolvedHost;
 
               // Cache the result
@@ -511,16 +599,16 @@ export class RequestHandler {
             }
           } else {
             // No cache available, just resolve
-            const resolvedHost = matchingRoute.action.target.host(routeContext);
+            const resolvedHost = selectedTarget.host(routeContext);
             targetHost = resolvedHost;
             this.logger.debug(`Resolved function-based host to: ${Array.isArray(resolvedHost) ? resolvedHost.join(', ') : resolvedHost}`);
           }
         } else {
-          targetHost = matchingRoute.action.target.host;
+          targetHost = selectedTarget.host;
         }
 
         // Check function cache for port and resolve or use cached value
-        if (typeof matchingRoute.action.target.port === 'function') {
+        if (typeof selectedTarget.port === 'function') {
           // Generate a function ID for caching
           const functionId = `port-${matchingRoute.id || matchingRoute.name || 'unnamed'}`;
 
@@ -532,7 +620,7 @@ export class RequestHandler {
               this.logger.debug(`Using cached port value for ${functionId}`);
             } else {
               // Resolve the function and cache the result
-              const resolvedPort = matchingRoute.action.target.port(toBaseContext(routeContext));
+              const resolvedPort = selectedTarget.port(toBaseContext(routeContext));
               targetPort = resolvedPort;
 
               // Cache the result
@@ -541,12 +629,12 @@ export class RequestHandler {
             }
           } else {
             // No cache available, just resolve
-            const resolvedPort = matchingRoute.action.target.port(routeContext);
+            const resolvedPort = selectedTarget.port(routeContext);
             targetPort = resolvedPort;
             this.logger.debug(`Resolved function-based port to: ${resolvedPort}`);
           }
         } else {
-          targetPort = matchingRoute.action.target.port === 'preserve' ? routeContext.port : matchingRoute.action.target.port as number;
+          targetPort = selectedTarget.port === 'preserve' ? routeContext.port : selectedTarget.port as number;
         }
 
         // Select a single host if an array was provided
@@ -626,17 +714,32 @@ export class RequestHandler {
       }
     }
 
-    // If we found a matching route with function-based targets, use it
-    if (matchingRoute && matchingRoute.action.type === 'forward' && matchingRoute.action.target) {
+    // If we found a matching route with forward action, select appropriate target
+    if (matchingRoute && matchingRoute.action.type === 'forward' && matchingRoute.action.targets && matchingRoute.action.targets.length > 0) {
       this.logger.debug(`Found matching route for HTTP/2 request: ${matchingRoute.name || 'unnamed'}`);
 
+      // Select the appropriate target from the targets array
+      const selectedTarget = this.selectTarget(matchingRoute.action.targets, {
+        port: routeContext.port,
+        path: routeContext.path,
+        headers: routeContext.headers,
+        method: routeContext.method
+      });
+
+      if (!selectedTarget) {
+        this.logger.error(`No matching target found for route ${matchingRoute.name}`);
+        stream.respond({ ':status': 502 });
+        stream.end();
+        return;
+      }
+
       // Extract target information, resolving functions if needed
       let targetHost: string | string[];
       let targetPort: number;
 
       try {
         // Check function cache for host and resolve or use cached value
-        if (typeof matchingRoute.action.target.host === 'function') {
+        if (typeof selectedTarget.host === 'function') {
           // Generate a function ID for caching (use route name or ID if available)
           const functionId = `host-http2-${matchingRoute.id || matchingRoute.name || 'unnamed'}`;
 
@@ -648,7 +751,7 @@ export class RequestHandler {
               this.logger.debug(`Using cached host value for HTTP/2: ${functionId}`);
             } else {
               // Resolve the function and cache the result
-              const resolvedHost = matchingRoute.action.target.host(toBaseContext(routeContext));
+              const resolvedHost = selectedTarget.host(toBaseContext(routeContext));
               targetHost = resolvedHost;
 
               // Cache the result
@@ -657,16 +760,16 @@ export class RequestHandler {
             }
           } else {
             // No cache available, just resolve
-            const resolvedHost = matchingRoute.action.target.host(routeContext);
+            const resolvedHost = selectedTarget.host(routeContext);
             targetHost = resolvedHost;
             this.logger.debug(`Resolved HTTP/2 function-based host to: ${Array.isArray(resolvedHost) ? resolvedHost.join(', ') : resolvedHost}`);
           }
         } else {
-          targetHost = matchingRoute.action.target.host;
+          targetHost = selectedTarget.host;
         }
 
         // Check function cache for port and resolve or use cached value
-        if (typeof matchingRoute.action.target.port === 'function') {
+        if (typeof selectedTarget.port === 'function') {
           // Generate a function ID for caching
           const functionId = `port-http2-${matchingRoute.id || matchingRoute.name || 'unnamed'}`;
 
@@ -678,7 +781,7 @@ export class RequestHandler {
               this.logger.debug(`Using cached port value for HTTP/2: ${functionId}`);
             } else {
               // Resolve the function and cache the result
-              const resolvedPort = matchingRoute.action.target.port(toBaseContext(routeContext));
+              const resolvedPort = selectedTarget.port(toBaseContext(routeContext));
               targetPort = resolvedPort;
 
               // Cache the result
@@ -687,12 +790,12 @@ export class RequestHandler {
             }
           } else {
             // No cache available, just resolve
-            const resolvedPort = matchingRoute.action.target.port(routeContext);
+            const resolvedPort = selectedTarget.port(routeContext);
             targetPort = resolvedPort;
             this.logger.debug(`Resolved HTTP/2 function-based port to: ${resolvedPort}`);
           }
         } else {
-          targetPort = matchingRoute.action.target.port === 'preserve' ? routeContext.port : matchingRoute.action.target.port as number;
+          targetPort = selectedTarget.port === 'preserve' ? routeContext.port : selectedTarget.port as number;
         }
 
         // Select a single host if an array was provided

package/ts/proxies/http-proxy/websocket-handler.ts

@@ -3,7 +3,7 @@ import '../../core/models/socket-augmentation.js';
 import { type IHttpProxyOptions, type IWebSocketWithHeartbeat, type ILogger, createLogger } from './models/types.js';
 import { ConnectionPool } from './connection-pool.js';
 import { HttpRouter } from '../../routing/router/index.js';
-import type { IRouteConfig } from '../smart-proxy/models/route-types.js';
+import type { IRouteConfig, IRouteTarget } from '../smart-proxy/models/route-types.js';
 import type { IRouteContext } from '../../core/models/route-context.js';
 import { toBaseContext } from '../../core/models/route-context.js';
 import { ContextCreator } from './context-creator.js';
@@ -53,6 +53,80 @@ export class WebSocketHandler {
     this.securityManager.setRoutes(routes);
   }
   
+  /**
+   * Select the appropriate target from the targets array based on sub-matching criteria
+   */
+  private selectTarget(
+    targets: IRouteTarget[],
+    context: {
+      port: number;
+      path?: string;
+      headers?: Record<string, string>;
+      method?: string;
+    }
+  ): IRouteTarget | null {
+    // Sort targets by priority (higher first)
+    const sortedTargets = [...targets].sort((a, b) => (b.priority || 0) - (a.priority || 0));
+    
+    // Find the first matching target
+    for (const target of sortedTargets) {
+      if (!target.match) {
+        // No match criteria means this is a default/fallback target
+        return target;
+      }
+      
+      // Check port match
+      if (target.match.ports && !target.match.ports.includes(context.port)) {
+        continue;
+      }
+      
+      // Check path match (supports wildcards)
+      if (target.match.path && context.path) {
+        const pathPattern = target.match.path.replace(/\*/g, '.*');
+        const pathRegex = new RegExp(`^${pathPattern}$`);
+        if (!pathRegex.test(context.path)) {
+          continue;
+        }
+      }
+      
+      // Check method match
+      if (target.match.method && context.method && !target.match.method.includes(context.method)) {
+        continue;
+      }
+      
+      // Check headers match
+      if (target.match.headers && context.headers) {
+        let headersMatch = true;
+        for (const [key, pattern] of Object.entries(target.match.headers)) {
+          const headerValue = context.headers[key.toLowerCase()];
+          if (!headerValue) {
+            headersMatch = false;
+            break;
+          }
+          
+          if (pattern instanceof RegExp) {
+            if (!pattern.test(headerValue)) {
+              headersMatch = false;
+              break;
+            }
+          } else if (headerValue !== pattern) {
+            headersMatch = false;
+            break;
+          }
+        }
+        if (!headersMatch) {
+          continue;
+        }
+      }
+      
+      // All criteria matched
+      return target;
+    }
+    
+    // No matching target found, return the first target without match criteria (default)
+    return sortedTargets.find(t => !t.match) || null;
+  }
+  
   /**
    * Initialize WebSocket server on an existing HTTPS server
    */
@@ -146,9 +220,23 @@ export class WebSocketHandler {
       let destination: { host: string; port: number };
 
       // If we found a route with the modern router, use it
-      if (route && route.action.type === 'forward' && route.action.target) {
+      if (route && route.action.type === 'forward' && route.action.targets && route.action.targets.length > 0) {
         this.logger.debug(`Found matching WebSocket route: ${route.name || 'unnamed'}`);
 
+        // Select the appropriate target from the targets array
+        const selectedTarget = this.selectTarget(route.action.targets, {
+          port: routeContext.port,
+          path: routeContext.path,
+          headers: routeContext.headers,
+          method: routeContext.method
+        });
+
+        if (!selectedTarget) {
+          this.logger.error(`No matching target found for route ${route.name}`);
+          wsIncoming.close(1003, 'No matching target');
+          return;
+        }
+
         // Check if WebSockets are enabled for this route
         if (route.action.websocket?.enabled === false) {
           this.logger.debug(`WebSockets are disabled for route: ${route.name || 'unnamed'}`);
@@ -192,20 +280,20 @@ export class WebSocketHandler {
 
         try {
           // Resolve host if it's a function
-          if (typeof route.action.target.host === 'function') {
-            const resolvedHost = route.action.target.host(toBaseContext(routeContext));
+          if (typeof selectedTarget.host === 'function') {
+            const resolvedHost = selectedTarget.host(toBaseContext(routeContext));
             targetHost = resolvedHost;
             this.logger.debug(`Resolved function-based host for WebSocket: ${Array.isArray(resolvedHost) ? resolvedHost.join(', ') : resolvedHost}`);
           } else {
-            targetHost = route.action.target.host;
+            targetHost = selectedTarget.host;
           }
 
           // Resolve port if it's a function
-          if (typeof route.action.target.port === 'function') {
-            targetPort = route.action.target.port(toBaseContext(routeContext));
+          if (typeof selectedTarget.port === 'function') {
+            targetPort = selectedTarget.port(toBaseContext(routeContext));
             this.logger.debug(`Resolved function-based port for WebSocket: ${targetPort}`);
           } else {
-            targetPort = route.action.target.port === 'preserve' ? routeContext.port : route.action.target.port as number;
+            targetPort = selectedTarget.port === 'preserve' ? routeContext.port : selectedTarget.port as number;
           }
 
           // Select a single host if an array was provided

package/ts/proxies/smart-proxy/certificate-manager.ts

@@ -12,7 +12,7 @@ export interface ICertStatus {
   status: 'valid' | 'pending' | 'expired' | 'error';
   expiryDate?: Date;
   issueDate?: Date;
-  source: 'static' | 'acme';
+  source: 'static' | 'acme' | 'custom';
   error?: string;
 }
 
@@ -22,6 +22,7 @@ export interface ICertificateData {
   ca?: string;
   expiryDate: Date;
   issueDate: Date;
+  source?: 'static' | 'acme' | 'custom';
 }
 
 export class SmartCertManager {
@@ -50,6 +51,12 @@ export class SmartCertManager {
   // ACME state manager reference
   private acmeStateManager: AcmeStateManager | null = null;
   
+  // Custom certificate provision function
+  private certProvisionFunction?: (domain: string) => Promise<plugins.tsclass.network.ICert | 'http01'>;
+  
+  // Whether to fallback to ACME if custom provision fails
+  private certProvisionFallbackToAcme: boolean = true;
+  
   constructor(
     private routes: IRouteConfig[],
     private certDir: string = './certs',
@@ -89,6 +96,20 @@ export class SmartCertManager {
     this.globalAcmeDefaults = defaults;
   }
   
+  /**
+   * Set custom certificate provision function
+   */
+  public setCertProvisionFunction(fn: (domain: string) => Promise<plugins.tsclass.network.ICert | 'http01'>): void {
+    this.certProvisionFunction = fn;
+  }
+  
+  /**
+   * Set whether to fallback to ACME if custom provision fails
+   */
+  public setCertProvisionFallbackToAcme(fallback: boolean): void {
+    this.certProvisionFallbackToAcme = fallback;
+  }
+  
   /**
    * Set callback for updating routes (used for challenge routes)
    */
@@ -212,15 +233,6 @@ export class SmartCertManager {
     route: IRouteConfig, 
     domains: string[]
   ): Promise<void> {
-    if (!this.smartAcme) {
-      throw new Error(
-        'SmartAcme not initialized. This usually means no ACME email was provided. ' +
-        'Please ensure you have configured ACME with an email address either:\n' +
-        '1. In the top-level "acme" configuration\n' +
-        '2. In the route\'s "tls.acme" configuration'
-      );
-    }
-    
     const primaryDomain = domains[0];
     const routeName = route.name || primaryDomain;
     
@@ -229,10 +241,68 @@ export class SmartCertManager {
     if (existingCert && this.isCertificateValid(existingCert)) {
       logger.log('info', `Using existing valid certificate for ${primaryDomain}`, { domain: primaryDomain, component: 'certificate-manager' });
       await this.applyCertificate(primaryDomain, existingCert);
-      this.updateCertStatus(routeName, 'valid', 'acme', existingCert);
+      this.updateCertStatus(routeName, 'valid', existingCert.source || 'acme', existingCert);
       return;
     }
     
+    // Check for custom provision function first
+    if (this.certProvisionFunction) {
+      try {
+        logger.log('info', `Attempting custom certificate provision for ${primaryDomain}`, { domain: primaryDomain, component: 'certificate-manager' });
+        const result = await this.certProvisionFunction(primaryDomain);
+        
+        if (result === 'http01') {
+          logger.log('info', `Custom function returned 'http01', falling back to Let's Encrypt for ${primaryDomain}`, { domain: primaryDomain, component: 'certificate-manager' });
+          // Continue with existing ACME logic below
+        } else {
+          // Use custom certificate
+          const customCert = result as plugins.tsclass.network.ICert;
+          
+          // Convert to internal certificate format
+          const certData: ICertificateData = {
+            cert: customCert.publicKey,
+            key: customCert.privateKey,
+            ca: '',
+            issueDate: new Date(),
+            expiryDate: this.extractExpiryDate(customCert.publicKey),
+            source: 'custom'
+          };
+          
+          // Store and apply certificate
+          await this.certStore.saveCertificate(routeName, certData);
+          await this.applyCertificate(primaryDomain, certData);
+          this.updateCertStatus(routeName, 'valid', 'custom', certData);
+          
+          logger.log('info', `Custom certificate applied for ${primaryDomain}`, { 
+            domain: primaryDomain,
+            expiryDate: certData.expiryDate,
+            component: 'certificate-manager'
+          });
+          return;
+        }
+      } catch (error) {
+        logger.log('error', `Custom cert provision failed for ${primaryDomain}: ${error.message}`, {
+          domain: primaryDomain,
+          error: error.message,
+          component: 'certificate-manager'
+        });
+        // Check if we should fallback to ACME
+        if (!this.certProvisionFallbackToAcme) {
+          throw error;
+        }
+        logger.log('info', `Falling back to Let's Encrypt for ${primaryDomain}`, { domain: primaryDomain, component: 'certificate-manager' });
+      }
+    }
+    
+    if (!this.smartAcme) {
+      throw new Error(
+        'SmartAcme not initialized. This usually means no ACME email was provided. ' +
+        'Please ensure you have configured ACME with an email address either:\n' +
+        '1. In the top-level "acme" configuration\n' +
+        '2. In the route\'s "tls.acme" configuration'
+      );
+    }
+    
     // Apply renewal threshold from global defaults or route config
     const renewThreshold = route.action.tls?.acme?.renewBeforeDays || 
                          this.globalAcmeDefaults?.renewThresholdDays || 
@@ -280,7 +350,8 @@ export class SmartCertManager {
         key: cert.privateKey, 
         ca: cert.publicKey, // Use same as cert for now
         expiryDate: new Date(cert.validUntil),
-        issueDate: new Date(cert.created)
+        issueDate: new Date(cert.created),
+        source: 'acme'
       };
       
       await this.certStore.saveCertificate(routeName, certData);
@@ -328,7 +399,8 @@ export class SmartCertManager {
         cert,
         key,
         expiryDate: certInfo.validTo,
-        issueDate: certInfo.validFrom
+        issueDate: certInfo.validFrom,
+        source: 'static'
       };
       
       // Save to store for consistency
@@ -399,6 +471,19 @@ export class SmartCertManager {
     return cert.expiryDate > expiryThreshold;
   }
   
+  /**
+   * Extract expiry date from a PEM certificate
+   */
+  private extractExpiryDate(_certPem: string): Date {
+    // For now, we'll default to 90 days for custom certificates
+    // In production, you might want to use a proper X.509 parser
+    // or require the custom cert provider to include expiry info
+    logger.log('info', 'Using default 90-day expiry for custom certificate', {
+      component: 'certificate-manager'
+    });
+    return new Date(Date.now() + 90 * 24 * 60 * 60 * 1000);
+  }
+  
   
   /**
    * Add challenge route to SmartProxy

package/ts/proxies/smart-proxy/models/interfaces.ts

@@ -135,6 +135,12 @@ export interface ISmartProxyOptions {
    * or a static certificate object for immediate provisioning.
    */
   certProvisionFunction?: (domain: string) => Promise<TSmartProxyCertProvisionObject>;
+  
+  /**
+   * Whether to fallback to ACME if custom certificate provision fails.
+   * Default: true
+   */
+  certProvisionFallbackToAcme?: boolean;
 }
 
 /**

package/ts/proxies/smart-proxy/models/route-types.ts

@@ -46,11 +46,36 @@ export interface IRouteMatch {
 
 
 /**
- * Target configuration for forwarding
+ * Target-specific match criteria for sub-routing within a route
+ */
+export interface ITargetMatch {
+  ports?: number[];                             // Match specific ports from the route
+  path?: string;                                // Match specific paths (supports wildcards like /api/*)
+  headers?: Record<string, string | RegExp>;    // Match specific HTTP headers
+  method?: string[];                            // Match specific HTTP methods (GET, POST, etc.)
+}
+
+/**
+ * Target configuration for forwarding with sub-matching and overrides
  */
 export interface IRouteTarget {
+  // Optional sub-matching criteria within the route
+  match?: ITargetMatch;
+  
+  // Target destination
   host: string | string[] | ((context: IRouteContext) => string | string[]);  // Host or hosts with optional function for dynamic resolution
   port: number | 'preserve' | ((context: IRouteContext) => number);  // Port with optional function for dynamic mapping (use 'preserve' to keep the incoming port)
+  
+  // Optional target-specific overrides (these override route-level settings)
+  tls?: IRouteTls;                             // Override route-level TLS settings
+  websocket?: IRouteWebSocket;                 // Override route-level WebSocket settings
+  loadBalancing?: IRouteLoadBalancing;         // Override route-level load balancing
+  sendProxyProtocol?: boolean;                 // Override route-level proxy protocol setting
+  headers?: IRouteHeaders;                     // Override route-level headers
+  advanced?: IRouteAdvanced;                   // Override route-level advanced settings
+  
+  // Priority for matching (higher values are checked first, default: 0)
+  priority?: number;
 }
 
 /**
@@ -221,19 +246,20 @@ export interface IRouteAction {
   // Basic routing
   type: TRouteActionType;
 
-  // Target for forwarding
-  target?: IRouteTarget;
+  // Targets for forwarding (array supports multiple targets with sub-matching)
+  // Required for 'forward' action type
+  targets?: IRouteTarget[];
 
-  // TLS handling
+  // TLS handling (default for all targets, can be overridden per target)
   tls?: IRouteTls;
 
-  // WebSocket support
+  // WebSocket support (default for all targets, can be overridden per target)
   websocket?: IRouteWebSocket;
 
-  // Load balancing options
+  // Load balancing options (default for all targets, can be overridden per target)
   loadBalancing?: IRouteLoadBalancing;
 
-  // Advanced options
+  // Advanced options (default for all targets, can be overridden per target)
   advanced?: IRouteAdvanced;
   
   // Additional options for backend-specific settings
@@ -251,7 +277,7 @@ export interface IRouteAction {
   // Socket handler function (when type is 'socket-handler')
   socketHandler?: TSocketHandler;
   
-  // PROXY protocol support
+  // PROXY protocol support (default for all targets, can be overridden per target)
   sendProxyProtocol?: boolean;
 }