diff --git a/backend/internal/access-list.js b/backend/internal/access-list.js
index 36a9d2bb..c70a53a1 100644
--- a/backend/internal/access-list.js
+++ b/backend/internal/access-list.js
@@ -71,7 +71,7 @@ const internalAccessList = {
 				// re-fetch with expansions
 				return internalAccessList.get(access, {
 					id:     data.id,
-					expand: ['owner', 'items', 'clients', 'proxy_hosts.access_list.clients', 'proxy_hosts.access_list.items']
+					expand: ['owner', 'items', 'clients', 'proxy_hosts.access_list.[clients,items]']
 				}, true /* <- skip masking */);
 			})
 			.then((row) => {
@@ -216,7 +216,7 @@ const internalAccessList = {
 				// re-fetch with expansions
 				return internalAccessList.get(access, {
 					id:     data.id,
-					expand: ['owner', 'items', 'clients', 'proxy_hosts.access_list.clients', 'proxy_hosts.access_list.items']
+					expand: ['owner', 'items', 'clients', 'proxy_hosts.access_list.[clients,items]']
 				}, true /* <- skip masking */);
 			})
 			.then((row) => {
@@ -254,7 +254,7 @@ const internalAccessList = {
 					.joinRaw('LEFT JOIN `proxy_host` ON `proxy_host`.`access_list_id` = `access_list`.`id` AND `proxy_host`.`is_deleted` = 0')
 					.where('access_list.is_deleted', 0)
 					.andWhere('access_list.id', data.id)
-					.allowEager('[owner,items,clients,proxy_hosts,proxy_hosts.access_list.clients,proxy_hosts.access_list.items]')
+					.allowEager('[owner,items,clients,proxy_hosts.[*, access_list.[clients,items]]]')
 					.omit(['access_list.is_deleted'])
 					.first();
 
diff --git a/backend/internal/proxy-host.js b/backend/internal/proxy-host.js
index 115af92e..b26e0566 100644
--- a/backend/internal/proxy-host.js
+++ b/backend/internal/proxy-host.js
@@ -73,7 +73,7 @@ const internalProxyHost = {
 				// re-fetch with cert
 				return internalProxyHost.get(access, {
 					id:     row.id,
-					expand: ['certificate', 'owner', 'access_list.clients', 'access_list.items']
+					expand: ['certificate', 'owner', 'access_list.[clients,items]']
 				});
 			})
 			.then((row) => {
@@ -186,7 +186,7 @@ const internalProxyHost = {
 			.then(() => {
 				return internalProxyHost.get(access, {
 					id:     data.id,
-					expand: ['owner', 'certificate', 'access_list.clients', 'access_list.items']
+					expand: ['owner', 'certificate', 'access_list.[clients,items]']
 				})
 					.then((row) => {
 						// Configure nginx
@@ -219,7 +219,7 @@ const internalProxyHost = {
 					.query()
 					.where('is_deleted', 0)
 					.andWhere('id', data.id)
-					.allowEager('[owner,access_list,access_list.clients,access_list.items,certificate]')
+					.allowEager('[owner,access_list,access_list.[clients,items],certificate]')
 					.first();
 
 				if (access_data.permission_visibility !== 'all') {