diff --git a/internal/rules/provider/cloudblob/provider_test.go b/internal/rules/provider/cloudblob/provider_test.go
index 17e41999a..095b78019 100644
--- a/internal/rules/provider/cloudblob/provider_test.go
+++ b/internal/rules/provider/cloudblob/provider_test.go
@@ -199,7 +199,7 @@ buckets:
 				messages := logs.String()
 				assert.Contains(t, messages, "communication error")
 				assert.Contains(t, messages, "Failed to fetch rule set")
-				assert.Contains(t, messages, "name resolution")
+				assert.Contains(t, messages, "dial tcp")
 				assert.Contains(t, messages, "No updates received")
 			},
 		},
diff --git a/internal/rules/provider/httpendpoint/provider_test.go b/internal/rules/provider/httpendpoint/provider_test.go
index af5a47030..b593903f6 100644
--- a/internal/rules/provider/httpendpoint/provider_test.go
+++ b/internal/rules/provider/httpendpoint/provider_test.go
@@ -204,7 +204,7 @@ endpoints:
 				time.Sleep(250 * time.Millisecond)
 
 				messages := logs.String()
-				assert.Contains(t, messages, "name resolution")
+				assert.Contains(t, messages, "dial tcp")
 				assert.Contains(t, messages, "No updates received")
 			},
 		},
diff --git a/internal/rules/provider/kubernetes/provider.go b/internal/rules/provider/kubernetes/provider.go
index dba0889bc..65f783892 100644
--- a/internal/rules/provider/kubernetes/provider.go
+++ b/internal/rules/provider/kubernetes/provider.go
@@ -107,7 +107,7 @@ func newProvider(
 
 func (p *provider) newController(ctx context.Context, namespace string) cache.Controller {
 	repository := p.cl.RuleSetRepository(namespace)
-	_, controller := cache.NewTransformingInformer(
+	_, controller := cache.NewInformer(
 		&cache.ListWatch{
 			ListFunc:  func(opts metav1.ListOptions) (runtime.Object, error) { return repository.List(ctx, opts) },
 			WatchFunc: func(opts metav1.ListOptions) (watch.Interface, error) { return repository.Watch(ctx, opts) },
@@ -115,27 +115,11 @@ func (p *provider) newController(ctx context.Context, namespace string) cache.Co
 		&v1alpha2.RuleSet{},
 		0,
 		cache.ResourceEventHandlerFuncs{AddFunc: p.addRuleSet, DeleteFunc: p.deleteRuleSet, UpdateFunc: p.updateRuleSet},
-		p.filterAuthClass,
 	)
 
 	return controller
 }
 
-func (p *provider) filterAuthClass(input any) (any, error) {
-	// should never be of a different type. ok if panics
-	rs := input.(*v1alpha2.RuleSet) // nolint: forcetypeassert
-
-	if rs.Spec.AuthClassName != p.ac {
-		p.l.Info().
-			Msgf("Ignoring ruleset due to authClassName mismatch (namespace=%s, name=%s, uid=%s)",
-				rs.Namespace, rs.Name, rs.UID)
-
-		return nil, ErrBadAuthClass
-	}
-
-	return input, nil
-}
-
 func (p *provider) Start(_ context.Context) error {
 	if !p.configured {
 		return nil
@@ -195,6 +179,14 @@ func (p *provider) updateRuleSet(_, newObj any) {
 	// should never be of a different type. ok if panics
 	rs := newObj.(*v1alpha2.RuleSet) // nolint: forcetypeassert
 
+	if rs.Spec.AuthClassName != p.ac {
+		p.l.Info().
+			Msgf("Ignoring ruleset creation due to authClassName mismatch (namespace=%s, name=%s, uid=%s)",
+				rs.Namespace, rs.Name, rs.UID)
+
+		return
+	}
+
 	conf := &config2.RuleSet{
 		MetaData: config2.MetaData{
 			Source:  fmt.Sprintf("%s:%s:%s", ProviderType, rs.Namespace, rs.UID),
@@ -221,6 +213,14 @@ func (p *provider) addRuleSet(obj any) {
 	// should never be of a different type. ok if panics
 	rs := obj.(*v1alpha2.RuleSet) // nolint: forcetypeassert
 
+	if rs.Spec.AuthClassName != p.ac {
+		p.l.Info().
+			Msgf("Ignoring ruleset creation due to authClassName mismatch (namespace=%s, name=%s, uid=%s)",
+				rs.Namespace, rs.Name, rs.UID)
+
+		return
+	}
+
 	conf := &config2.RuleSet{
 		MetaData: config2.MetaData{
 			Source:  fmt.Sprintf("%s:%s:%s", ProviderType, rs.Namespace, rs.UID),
@@ -247,6 +247,14 @@ func (p *provider) deleteRuleSet(obj any) {
 	// should never be of a different type. ok if panics
 	rs := obj.(*v1alpha2.RuleSet) // nolint: forcetypeassert
 
+	if rs.Spec.AuthClassName != p.ac {
+		p.l.Info().
+			Msgf("Ignoring ruleset creation due to authClassName mismatch (namespace=%s, name=%s, uid=%s)",
+				rs.Namespace, rs.Name, rs.UID)
+
+		return
+	}
+
 	conf := &config2.RuleSet{
 		MetaData: config2.MetaData{
 			Source:  fmt.Sprintf("%s:%s:%s", ProviderType, rs.Namespace, rs.UID),
diff --git a/internal/rules/rule_factory_impl.go b/internal/rules/rule_factory_impl.go
index 2ce877bf6..cc541f993 100644
--- a/internal/rules/rule_factory_impl.go
+++ b/internal/rules/rule_factory_impl.go
@@ -235,9 +235,9 @@ func checkProxyModeApplicability(srcID string, ruleConfig config2.Rule) error {
 		return nil
 	}
 
-	if len(urlRewriter.Scheme) == 0 ||
-		len(urlRewriter.PathPrefixToAdd) == 0 ||
-		len(urlRewriter.PathPrefixToCut) == 0 ||
+	if len(urlRewriter.Scheme) == 0 &&
+		len(urlRewriter.PathPrefixToAdd) == 0 &&
+		len(urlRewriter.PathPrefixToCut) == 0 &&
 		len(urlRewriter.QueryParamsToRemove) == 0 {
 		return errorchain.NewWithMessagef(heimdall.ErrConfiguration,
 			"rewrite is defined in forward_to in rule ID=%s from %s, but is empty", ruleConfig.ID, srcID)