diff --git a/bubble-server/src/main/java/bubble/rule/AppRuleDriver.java b/bubble-server/src/main/java/bubble/rule/AppRuleDriver.java
index 3d3e2fb4..beea7bef 100644
--- a/bubble-server/src/main/java/bubble/rule/AppRuleDriver.java
+++ b/bubble-server/src/main/java/bubble/rule/AppRuleDriver.java
@@ -99,15 +99,17 @@ public interface AppRuleDriver {
     }
 
     static boolean isFlexRouteFqdn(RedisService redis, String ip, String fqdn) {
-        final String key = REDIS_FLEX_LISTS + "~" + ip + REDIS_LIST_SUFFIX;
+
         final String excludeKey = REDIS_FLEX_EXCLUDE_LISTS + "~" + ip + REDIS_LIST_SUFFIX;
+        if (redis.sismember_plaintext(excludeKey, fqdn)) {
+            return false;
+        }
+
+        final String key = REDIS_FLEX_LISTS + "~" + ip + REDIS_LIST_SUFFIX;
         String check = fqdn;
         while (true) {
             final boolean found = redis.sismember_plaintext(key, check);
-            if (found) {
-                final boolean excluded = redis.sismember_plaintext(excludeKey, check);
-                if (!excluded) return true;
-            }
+            if (found) return true;
             final int dotPos = check.indexOf('.');
             if (dotPos == check.length()) return false;
             check = check.substring(dotPos+1);
diff --git a/bubble-server/src/main/resources/packer/roles/algo/tasks/main.yml b/bubble-server/src/main/resources/packer/roles/algo/tasks/main.yml
index d2a0f8a5..b9d44a0a 100644
--- a/bubble-server/src/main/resources/packer/roles/algo/tasks/main.yml
+++ b/bubble-server/src/main/resources/packer/roles/algo/tasks/main.yml
@@ -13,7 +13,7 @@
   get_url:
     url: https://github.com/getbubblenow/bubble-dist/raw/master/algo/master.zip
     dest: /tmp/algo.zip
-    checksum: sha256:1be58465d27dd8b40bc8ef9fe33c4c1dbad8dec6abb0b0c68d19754786562add
+    checksum: sha256:af3e8856626248646ea496919b7bae5974e552e24a7603460e7eebc7f5c7f93f
 
 - name: Unzip algo master.zip
   unarchive:
diff --git a/bubble-server/src/main/resources/packer/roles/mitmproxy/files/bubble_api.py b/bubble-server/src/main/resources/packer/roles/mitmproxy/files/bubble_api.py
index e38e615e..19a5b1ad 100644
--- a/bubble-server/src/main/resources/packer/roles/mitmproxy/files/bubble_api.py
+++ b/bubble-server/src/main/resources/packer/roles/mitmproxy/files/bubble_api.py
@@ -371,8 +371,17 @@ def is_flex_domain(client_addr, fqdn):
             bubble_log.debug('is_flex_domain: (early) returning False for: '+fqdn)
         return False
     check_fqdn = fqdn
+
+    exclusion_set = 'flexExcludeLists~' + client_addr + '~UNION'
+    excluded = REDIS.sismember(exclusion_set, fqdn)
+    if excluded:
+        if bubble_log.isEnabledFor(DEBUG):
+            bubble_log.debug('is_flex_domain: returning False for excluded flex domain: ' + fqdn + ' (check=' + check_fqdn + ')')
+        return False
+
+    flex_set = 'flexLists~' + client_addr + '~UNION'
     while '.' in check_fqdn:
-        found = REDIS.sismember('flexLists~'+client_addr+'~UNION', check_fqdn)
+        found = REDIS.sismember(flex_set, check_fqdn)
         if found:
             if bubble_log.isEnabledFor(DEBUG):
                 bubble_log.debug('is_flex_domain: returning True for: '+fqdn+' (check='+check_fqdn+')')