diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/type/ray.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/type/ray.lua
index b39ada38a..acc9745a3 100644
--- a/luci-app-passwall/luasrc/model/cbi/passwall/client/type/ray.lua
+++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/type/ray.lua
@@ -7,6 +7,7 @@ if not api.finded_com("xray") then
 end
 
 local appname = "passwall"
+local jsonc = api.jsonc
 local uci = api.uci
 
 local type_name = "Xray"
@@ -393,7 +394,7 @@ o:depends({ [option_name("tls")] = true, [option_name("utls")] = true })
 o:depends({ [option_name("tls")] = true, [option_name("reality")] = true })
 
 o = s:option(ListValue, option_name("transport"), translate("Transport"))
-o:value("raw", "RAW")
+o:value("raw", "RAW (TCP)")
 o:value("mkcp", "mKCP")
 o:value("ws", "WebSocket")
 o:value("h2", "HTTP/2")
@@ -401,7 +402,7 @@ o:value("ds", "DomainSocket")
 o:value("quic", "QUIC")
 o:value("grpc", "gRPC")
 o:value("httpupgrade", "HttpUpgrade")
-o:value("xhttp", "XHTTP")
+o:value("xhttp", "XHTTP (SplitHTTP)")
 o:depends({ [option_name("protocol")] = "vmess" })
 o:depends({ [option_name("protocol")] = "vless" })
 o:depends({ [option_name("protocol")] = "socks" })
@@ -568,6 +569,13 @@ o.placeholder = "/"
 o:depends({ [option_name("transport")] = "httpupgrade" })
 
 -- [[ XHTTP部分 ]]--
+o = s:option(ListValue, option_name("xhttp_mode"), "XHTTP " .. translate("Mode"))
+o:depends({ [option_name("transport")] = "xhttp" })
+o.default = "auto"
+o:value("auto")
+o:value("packet-up")
+o:value("stream-up")
+
 o = s:option(Value, option_name("xhttp_host"), translate("XHTTP Host"))
 o:depends({ [option_name("transport")] = "xhttp" })
 
@@ -575,104 +583,28 @@ o = s:option(Value, option_name("xhttp_path"), translate("XHTTP Path"))
 o.placeholder = "/"
 o:depends({ [option_name("transport")] = "xhttp" })
 
--- XHTTP XMUX
-o = s:option(Flag, option_name("xhttp_xmux"), "XMUX", translate("Enable XHTTP XMUX. It's not recommended to enable Mux.Cool at the same time."))
+o = s:option(TextValue, option_name("xhttp_extra"), translate("XHTTP Extra"), translate("An <a target='_blank' href='https://xtls.github.io/config/transports/splithttp.html#extra'>XHTTP extra object</a> in raw json"))
 o:depends({ [option_name("transport")] = "xhttp" })
-
-o = s:option(Value, option_name("maxConcurrency"), translate("XMUX Max Concurrency"))
-o:depends({ [option_name("xhttp_xmux")] = true })
-
-o = s:option(Value, option_name("maxConnections"), translate("XMUX Max Connections"))
-o:depends({ [option_name("xhttp_xmux")] = true })
-
-o = s:option(Value, option_name("cMaxReuseTimes"), translate("XMUX Connection Max Reuse Times"))
-o:depends({ [option_name("xhttp_xmux")] = true })
-
-o = s:option(Value, option_name("cMaxLifetimeMs"), translate("XMUX Connection Max Lifetime (ms)"))
-o:depends({ [option_name("xhttp_xmux")] = true })
-
--- XHTTP 下行
-o = s:option(Flag, option_name("xhttp_download"), string.format('<a style="color:red">%s</a>', translate("XHTTP download splitting")))
-o:depends({ [option_name("transport")] = "xhttp" })
-
-o = s:option(Value, option_name("xhttp_download_address"), string.format('<a style="color:red">%s</a>', translate("Address")))
-o:depends({ [option_name("xhttp_download")] = true })
-
-o = s:option(Value, option_name("xhttp_download_port"), string.format('<a style="color:red">%s</a>', translate("Port")))
-o:depends({ [option_name("xhttp_download")] = true })
-
-o = s:option(Value, option_name("xhttp_download_host"), string.format('<a style="color:red">%s</a>', "XHTTP Host"))
-o:depends({ [option_name("xhttp_download")] = true })
-
-o = s:option(Value, option_name("xhttp_download_path"), string.format('<a style="color:red">%s</a>', "XHTTP Path"), translate("Must be the same as upload path."))
-o.placeholder = "/"
-o:depends({ [option_name("xhttp_download")] = true })
-
-o = s:option(Flag, option_name("xhttp_download_tls"), string.format('<a style="color:red">%s</a>', "TLS"))
-o:depends({ [option_name("xhttp_download")] = true })
-o.default = 0
-
-o = s:option(Flag, option_name("xhttp_download_reality"), string.format('<a style="color:red">%s</a>', "REALITY"))
-o.default = 0
-o:depends({ [option_name("xhttp_download_tls")] = true })
-
-o = s:option(ListValue, option_name("xhttp_download_alpn"), string.format('<a style="color:red">%s</a>', "alpn"))
-o.default = "default"
-o:value("default", translate("Default"))
-o:value("h3")
-o:value("h2")
-o:value("h3,h2")
-o:value("http/1.1")
-o:value("h2,http/1.1")
-o:value("h3,h2,http/1.1")
-o:depends({ [option_name("xhttp_download_tls")] = true, [option_name("xhttp_download_reality")] = false })
-
-o = s:option(Value, option_name("xhttp_download_tls_serverName"), string.format('<a style="color:red">%s</a>', translate("Domain")))
-o:depends({ [option_name("xhttp_download_tls")] = true })
-
-o = s:option(Value, option_name("xhttp_download_reality_publicKey"), string.format('<a style="color:red">%s</a>', translate("Public Key")))
-o:depends({ [option_name("xhttp_download_tls")] = true, [option_name("xhttp_download_reality")] = true })
-
-o = s:option(Value, option_name("xhttp_download_reality_shortId"), string.format('<a style="color:red">%s</a>', translate("Short Id")))
-o:depends({ [option_name("xhttp_download_tls")] = true, [option_name("xhttp_download_reality")] = true })
-
-o = s:option(Value, option_name("xhttp_download_reality_spiderX"), string.format('<a style="color:red">%s</a>', "Spider X"))
-o.placeholder = "/"
-o:depends({ [option_name("xhttp_download_tls")] = true, [option_name("xhttp_download_reality")] = true })
-
-o = s:option(Flag, option_name("xhttp_download_utls"), string.format('<a style="color:red">%s</a>', "uTLS"))
-o.default = "0"
-o:depends({ [option_name("xhttp_download_tls")] = true, [option_name("xhttp_download_reality")] = false })
-
-o = s:option(ListValue, option_name("xhttp_download_fingerprint"), string.format('<a style="color:red">%s</a>', translate("Finger Print")))
-o:value("chrome")
-o:value("firefox")
-o:value("edge")
-o:value("safari")
-o:value("360")
-o:value("qq")
-o:value("ios")
-o:value("android")
-o:value("random")
-o:value("randomized")
-o.default = "chrome"
-o:depends({ [option_name("xhttp_download_tls")] = true, [option_name("xhttp_download_utls")] = true })
-o:depends({ [option_name("xhttp_download_tls")] = true, [option_name("xhttp_download_reality")] = true })
-
-o = s:option(Flag, option_name("xhttp_download_xmux"), string.format('<a style="color:red">%s</a>', "XMUX"), translate("Enable XHTTP XMUX. It's not recommended to enable Mux.Cool at the same time."))
-o:depends({ [option_name("xhttp_download")] = true })
-
-o = s:option(Value, option_name("download_maxConcurrency"), string.format('<a style="color:red">%s</a>', translate("XMUX Max Concurrency")))
-o:depends({ [option_name("xhttp_download_xmux")] = true })
-
-o = s:option(Value, option_name("download_maxConnections"), string.format('<a style="color:red">%s</a>', translate("XMUX Max Connections")))
-o:depends({ [option_name("xhttp_download_xmux")] = true })
-
-o = s:option(Value, option_name("download_cMaxReuseTimes"), string.format('<a style="color:red">%s</a>', translate("XMUX Connection Max Reuse Times")))
-o:depends({ [option_name("xhttp_download_xmux")] = true })
-
-o = s:option(Value, option_name("download_cMaxLifetimeMs"), string.format('<a style="color:red">%s</a>', translate("XMUX Connection Max Lifetime (ms)")))
-o:depends({ [option_name("xhttp_download_xmux")] = true })
+o.rows = 15
+o.wrap = "off"
+o.custom_write = function(self, section, value)
+	m:set(section, self.option:sub(1 + #option_prefix), value)
+	local data = value and value ~= "" and jsonc.parse(value)
+	local address = (data and data.extra and data.extra.downloadSettings and data.extra.downloadSettings.address)
+			or (data and data.downloadSettings and data.downloadSettings.address)
+	if address and address ~= "" then
+		m:set(section, "download_address", address)
+	else
+		m:del(section, "download_address")
+	end
+end
+o.validate = function(self, value)
+	value = value:gsub("\r\n", "\n"):gsub("^[ \t]*\n", ""):gsub("\n[ \t]*$", ""):gsub("\n[ \t]*\n", "\n")
+	if value:sub(-1) == "\n" then
+		value = value:sub(1, -2)
+	end
+	return value
+end
 
 -- [[ Mux.Cool ]]--
 o = s:option(Flag, option_name("mux"), "Mux", translate("Enable Mux.Cool"))
diff --git a/luci-app-passwall/luasrc/passwall/api.lua b/luci-app-passwall/luasrc/passwall/api.lua
index 289e06d9d..61565e9e9 100644
--- a/luci-app-passwall/luasrc/passwall/api.lua
+++ b/luci-app-passwall/luasrc/passwall/api.lua
@@ -1051,11 +1051,16 @@ function luci_types(id, m, s, type_name, option_prefix)
 				end
 				s.fields[key].write = function(self, section, value)
 					if s.fields["type"]:formvalue(id) == type_name then
-						if self.rewrite_option then
-							m:set(section, self.rewrite_option, value)
+						-- 添加自定义 custom_write 属性，如果有自定义的 custom_write 函数，则使用自定义的 write 逻辑
+						if self.custom_write then
+							self:custom_write(section, value)
 						else
-							if self.option:find(option_prefix) == 1 then
-								m:set(section, self.option:sub(1 + #option_prefix), value)
+							if self.rewrite_option then
+								m:set(section, self.rewrite_option, value)
+							else
+								if self.option:find(option_prefix) == 1 then
+									m:set(section, self.option:sub(1 + #option_prefix), value)
+								end
 							end
 						end
 					end
diff --git a/luci-app-passwall/luasrc/passwall/util_xray.lua b/luci-app-passwall/luasrc/passwall/util_xray.lua
index 91e609fdd..199ed78ab 100644
--- a/luci-app-passwall/luasrc/passwall/util_xray.lua
+++ b/luci-app-passwall/luasrc/passwall/util_xray.lua
@@ -113,15 +113,6 @@ function gen_outbound(flag, node, tag, proxy_table)
 			end
 		end
 
-		if node.type == "Xray" and node.transport == "xhttp" then
-			if node.xhttp_download_tls and node.xhttp_download_tls == "1" then
-				node.xhttp_download_stream_security = "tls"
-				if node.xhttp_download_reality and node.xhttp_download_reality == "1" then
-					node.xhttp_download_stream_security = "reality"
-				end
-			end
-		end
-
 		if node.protocol == "wireguard" and node.wireguard_reserved then
 			local bytes = {}
 			if not node.wireguard_reserved:match("[^%d,]+") then
@@ -226,34 +217,11 @@ function gen_outbound(flag, node, tag, proxy_table)
 					host = node.httpupgrade_host
 				} or nil,
 				xhttpSettings = (node.transport == "xhttp" or node.transport == "splithttp") and {
+					mode = node.xhttp_mode or "auto",
 					path = node.xhttp_path or node.splithttp_path or "/",
 					host = node.xhttp_host or node.splithttp_host,
-					downloadSettings = (node.xhttp_download == "1") and {
-						address = node.xhttp_download_address,
-						port = tonumber(node.xhttp_download_port),
-						network = "xhttp",
-						xhttpSettings = {
-							path = node.xhttp_download_path,
-							host = node.xhttp_download_host,
-						},
-						security = node.xhttp_download_stream_security,
-						tlsSettings = (node.xhttp_download_stream_security == "tls") and {
-							serverName = node.xhttp_download_tls_serverName,
-							allowInsecure = false,
-							fingerprint = (node.xhttp_download_utls == "1" and
-								node.xhttp_download_fingerprint and
-								node.xhttp_download_fingerprint ~= "") and node.xhttp_download_fingerprint or nil
-						} or nil,
-						realitySettings = (node.xhttp_download_stream_security == "reality") and {
-							serverName = node.xhttp_download_tls_serverName,
-							publicKey = node.xhttp_download_reality_publicKey,
-							shortId = node.xhttp_download_reality_shortId or "",
-							spiderX = node.xhttp_download_reality_spiderX or "/",
-							fingerprint = (
-								node.xhttp_download_fingerprint and
-								node.xhttp_download_fingerprint ~= "") and node.xhttp_download_fingerprint or nil
-						} or nil,
-					} or nil
+					-- 如果包含 "extra" 节，取 "extra" 内的内容，否则直接赋值给 extra
+					extra = node.xhttp_extra and (jsonc.parse(node.xhttp_extra).extra or jsonc.parse(node.xhttp_extra)) or nil
 				} or nil,
 			} or nil,
 			settings = {
@@ -319,41 +287,6 @@ function gen_outbound(flag, node, tag, proxy_table)
 				result.streamSettings.tlsSettings.alpn = alpn
 			end
 		end
-
-		local alpn_download = {}
-		if node.xhttp_download_alpn and node.xhttp_download_alpn ~= "default" then
-			string.gsub(node.xhttp_download_alpn, '[^' .. "," .. ']+', function(w)
-				table.insert(alpn_download, w)
-			end)
-		end
-		if alpn_download and #alpn_download > 0 then
-			if result.streamSettings.xhttpSettings.downloadSettings.tlsSettings then
-				result.streamSettings.xhttpSettings.downloadSettings.tlsSettings.alpn = alpn_download
-			end
-		end
-
-		local xmux = {}
-		if (node.xhttp_xmux == "1") then
-			xmux.maxConcurrency = node.maxConcurrency and (string.find(node.maxConcurrency, "-") and node.maxConcurrency or tonumber(node.maxConcurrency)) or 0
-			xmux.maxConnections = node.maxConnections and (string.find(node.maxConnections, "-") and node.maxConnections or tonumber(node.maxConnections)) or 0
-			xmux.cMaxReuseTimes = node.cMaxReuseTimes and (string.find(node.cMaxReuseTimes, "-") and node.cMaxReuseTimes or tonumber(node.cMaxReuseTimes)) or 0
-			xmux.cMaxLifetimeMs = node.cMaxLifetimeMs and (string.find(node.cMaxLifetimeMs, "-") and node.cMaxLifetimeMs or tonumber(node.cMaxLifetimeMs)) or 0
-			if result.streamSettings.xhttpSettings then
-				result.streamSettings.xhttpSettings.xmux = xmux
-			end
-		end
-
-		local xmux_download = {}
-		if (node.xhttp_download_xmux == "1") then
-			xmux_download.maxConcurrency = node.download_maxConcurrency and (string.find(node.download_maxConcurrency, "-") and node.download_maxConcurrency or tonumber(node.download_maxConcurrency)) or 0
-			xmux_download.maxConnections = node.download_maxConnections and (string.find(node.download_maxConnections, "-") and node.download_maxConnections or tonumber(node.download_maxConnections)) or 0
-			xmux_download.cMaxReuseTimes = node.download_cMaxReuseTimes and (string.find(node.download_cMaxReuseTimes, "-") and node.download_cMaxReuseTimes or tonumber(node.download_cMaxReuseTimes)) or 0
-			xmux_download.cMaxLifetimeMs = node.download_cMaxLifetimeMs and (string.find(node.download_cMaxLifetimeMs, "-") and node.download_cMaxLifetimeMs or tonumber(node.download_cMaxLifetimeMs)) or 0
-			if result.streamSettings.xhttpSettings.downloadSettings.xhttpSettings then
-				result.streamSettings.xhttpSettings.downloadSettings.xhttpSettings.xmux = xmux_download
-			end
-		end
-
 	end
 	return result
 end
diff --git a/luci-app-passwall/luasrc/view/passwall/node_list/link_share_man.htm b/luci-app-passwall/luasrc/view/passwall/node_list/link_share_man.htm
index 6a15a52f7..29653c5b3 100644
--- a/luci-app-passwall/luasrc/view/passwall/node_list/link_share_man.htm
+++ b/luci-app-passwall/luasrc/view/passwall/node_list/link_share_man.htm
@@ -370,6 +370,8 @@ local api = require "luci.passwall.api"
 			} else if (v_transport === "xhttp") {
 				params += opt.query("host", dom_prefix + "xhttp_host");
 				params += opt.query("path", dom_prefix + "xhttp_path");
+				params += opt.query("mode", dom_prefix + "xhttp_mode");
+				params += opt.query("extra", dom_prefix + "xhttp_extra");
 			} else if (v_transport === "httpupgrade") {
 				v_transport = "httpupgrade";
 				params += opt.query("host", dom_prefix + "httpupgrade_host");
@@ -1172,6 +1174,8 @@ local api = require "luci.passwall.api"
 			} else if (queryParam.type === "xhttp" || queryParam.type === "splithttp") {
 				opt.set(dom_prefix + 'xhttp_host', queryParam.host || "");
 				opt.set(dom_prefix + 'xhttp_path', queryParam.path || "");
+				opt.set(dom_prefix + 'xhttp_mode', queryParam.mode || "auto");
+				opt.set(dom_prefix + 'xhttp_extra', queryParam.extra || "");
 			} else if (queryParam.type === "httpupgrade") {
 				opt.set(dom_prefix + 'httpupgrade_host', queryParam.host || "");
 				opt.set(dom_prefix + 'httpupgrade_path', queryParam.path || "");
diff --git a/luci-app-passwall/po/zh-cn/passwall.po b/luci-app-passwall/po/zh-cn/passwall.po
index 949daf1df..32bc947ab 100644
--- a/luci-app-passwall/po/zh-cn/passwall.po
+++ b/luci-app-passwall/po/zh-cn/passwall.po
@@ -1531,26 +1531,8 @@ msgstr "客户端文件不适合当前设备。"
 msgid "Can't move new file to path: %s"
 msgstr "无法移动新文件到：%s"
 
-msgid "XHTTP download splitting"
-msgstr "XHTTP 下行分离"
-
-msgid "Must be the same as upload path."
-msgstr "必须与上行 path 相同。"
-
-msgid "Enable XHTTP XMUX. It's not recommended to enable Mux.Cool at the same time."
-msgstr "启用 XHTTP XMUX。不建议与 Mux.Cool 同时启用。"
-
-msgid "XMUX Max Concurrency"
-msgstr "XMUX 连接最大复用流数"
-
-msgid "XMUX Max Connections"
-msgstr "XMUX 最大连接数"
-
-msgid "XMUX Connection Max Reuse Times"
-msgstr "XMUX 连接最多复用次数"
-
-msgid "XMUX Connection Max Lifetime (ms)"
-msgstr "XMUX 连接最大存活时间（ms）"
+msgid "An <a target='_blank' href='https://xtls.github.io/config/transports/splithttp.html#extra'>XHTTP extra object</a> in raw json"
+msgstr "一个 json 格式的 <a target='_blank' href='https://xtls.github.io/config/transports/splithttp.html#extra'>XHTTP extra object</a>"
 
 msgid "Enable Mux.Cool"
 msgstr "启用 Mux.Cool"
diff --git a/luci-app-passwall/root/usr/share/passwall/helper_chinadns_add.lua b/luci-app-passwall/root/usr/share/passwall/helper_chinadns_add.lua
index 951efe1df..3e164b22e 100644
--- a/luci-app-passwall/root/usr/share/passwall/helper_chinadns_add.lua
+++ b/luci-app-passwall/root/usr/share/passwall/helper_chinadns_add.lua
@@ -135,11 +135,14 @@ local file_vpslist = TMP_ACL_PATH .. "/vpslist"
 if not is_file_nonzero(file_vpslist) then
 	local f_out = io.open(file_vpslist, "w")
 	uci:foreach(appname, "nodes", function(t)
-		local address = t.address
-		if address == "engage.cloudflareclient.com" then return end
-		if datatypes.hostname(address) then
-			f_out:write(address .. "\n")
+		local function process_address(address)
+			if address == "engage.cloudflareclient.com" then return end
+			if datatypes.hostname(address) then
+				f_out:write(address .. "\n")
+			end
 		end
+		process_address(t.address)
+		process_address(t.download_address)
 	end)
 	f_out:close()
 end
diff --git a/luci-app-passwall/root/usr/share/passwall/helper_dnsmasq_add.lua b/luci-app-passwall/root/usr/share/passwall/helper_dnsmasq_add.lua
index 1a4bc1f36..23601657a 100644
--- a/luci-app-passwall/root/usr/share/passwall/helper_dnsmasq_add.lua
+++ b/luci-app-passwall/root/usr/share/passwall/helper_dnsmasq_add.lua
@@ -218,12 +218,15 @@ if not fs.access(CACHE_DNS_PATH) then
 			fwd_dns = nil
 		else
 			uci:foreach(appname, "nodes", function(t)
-				local address = t.address
-				if address == "engage.cloudflareclient.com" then return end
-				if datatypes.hostname(address) then
-					set_domain_dns(address, fwd_dns)
-					set_domain_ipset(address, setflag_4 .. "passwall_vpslist," .. setflag_6 .. "passwall_vpslist6")
+				local function process_address(address)
+					if address == "engage.cloudflareclient.com" then return end
+					if datatypes.hostname(address) then
+						set_domain_dns(address, fwd_dns)
+						set_domain_ipset(address, setflag_4 .. "passwall_vpslist," .. setflag_6 .. "passwall_vpslist6")
+					end
 				end
+				process_address(t.address)
+				process_address(t.download_address)
 			end)
 			log(string.format("  - 节点列表中的域名(vpslist)：%s", fwd_dns or "默认"))
 		end
diff --git a/luci-app-passwall/root/usr/share/passwall/helper_smartdns_add.lua b/luci-app-passwall/root/usr/share/passwall/helper_smartdns_add.lua
index 7c5aa5925..7d17f396d 100644
--- a/luci-app-passwall/root/usr/share/passwall/helper_smartdns_add.lua
+++ b/luci-app-passwall/root/usr/share/passwall/helper_smartdns_add.lua
@@ -254,11 +254,14 @@ local file_vpslist = TMP_ACL_PATH .. "/vpslist"
 if not is_file_nonzero(file_vpslist) then
 	local f_out = io.open(file_vpslist, "w")
 	uci:foreach(appname, "nodes", function(t)
-		local address = t.address
-		if address == "engage.cloudflareclient.com" then return end
-		if datatypes.hostname(address) then
-			f_out:write(address .. "\n")
+		local function process_address(address)
+			if address == "engage.cloudflareclient.com" then return end
+			if datatypes.hostname(address) then
+				f_out:write(address .. "\n")
+			end
 		end
+		process_address(t.address)
+		process_address(t.download_address)
 	end)
 	f_out:close()
 end
diff --git a/luci-app-passwall/root/usr/share/passwall/iptables.sh b/luci-app-passwall/root/usr/share/passwall/iptables.sh
index 5506f14e4..b5dd3b333 100755
--- a/luci-app-passwall/root/usr/share/passwall/iptables.sh
+++ b/luci-app-passwall/root/usr/share/passwall/iptables.sh
@@ -613,8 +613,10 @@ filter_haproxy() {
 }
 
 filter_vpsip() {
+	uci show $CONFIG | grep ".download_address=" | cut -d "'" -f 2 | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | grep -v "^127\.0\.0\.1$" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_VPSLIST &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
 	uci show $CONFIG | grep ".address=" | cut -d "'" -f 2 | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | grep -v "^127\.0\.0\.1$" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_VPSLIST &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
 	echolog "  - [$?]加入所有IPv4节点到ipset[$IPSET_VPSLIST]直连完成"
+	uci show $CONFIG | grep ".download_address=" | cut -d "'" -f 2 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_VPSLIST6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
 	uci show $CONFIG | grep ".address=" | cut -d "'" -f 2 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_VPSLIST6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
 	echolog "  - [$?]加入所有IPv6节点到ipset[$IPSET_VPSLIST6]直连完成"
 }
diff --git a/luci-app-passwall/root/usr/share/passwall/nftables.sh b/luci-app-passwall/root/usr/share/passwall/nftables.sh
index 26ba5c0bf..2a37109a6 100755
--- a/luci-app-passwall/root/usr/share/passwall/nftables.sh
+++ b/luci-app-passwall/root/usr/share/passwall/nftables.sh
@@ -680,8 +680,10 @@ filter_vps_addr() {
 }
 
 filter_vpsip() {
+	insert_nftset $NFTSET_VPSLIST "-1" $(uci show $CONFIG | grep ".download_address=" | cut -d "'" -f 2 | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | grep -v "^127\.0\.0\.1$" | sed -e "/^$/d")
 	insert_nftset $NFTSET_VPSLIST "-1" $(uci show $CONFIG | grep ".address=" | cut -d "'" -f 2 | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | grep -v "^127\.0\.0\.1$" | sed -e "/^$/d")
 	echolog "  - [$?]加入所有IPv4节点到nftset[$NFTSET_VPSLIST]直连完成"
+	insert_nftset $NFTSET_VPSLIST6 "-1" $(uci show $CONFIG | grep ".download_address=" | cut -d "'" -f 2 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d")
 	insert_nftset $NFTSET_VPSLIST6 "-1" $(uci show $CONFIG | grep ".address=" | cut -d "'" -f 2 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d")
 	echolog "  - [$?]加入所有IPv6节点到nftset[$NFTSET_VPSLIST6]直连完成"
 }
@@ -892,6 +894,7 @@ add_firewall_rule() {
 	# filter_haproxy > /dev/null 2>&1 &
 	# Prevent some conditions
 	filter_vps_addr $(config_n_get $TCP_NODE address) $(config_n_get $UDP_NODE address) > /dev/null 2>&1 &
+	filter_vps_addr $(config_n_get $TCP_NODE download_address) $(config_n_get $UDP_NODE download_address) > /dev/null 2>&1 &
 
 	accept_icmp=$(config_t_get global_forwarding accept_icmp 0)
 	accept_icmpv6=$(config_t_get global_forwarding accept_icmpv6 0)
diff --git a/luci-app-passwall/root/usr/share/passwall/subscribe.lua b/luci-app-passwall/root/usr/share/passwall/subscribe.lua
index ada7b9b88..d216733cf 100755
--- a/luci-app-passwall/root/usr/share/passwall/subscribe.lua
+++ b/luci-app-passwall/root/usr/share/passwall/subscribe.lua
@@ -998,6 +998,12 @@ local function processData(szType, content, add_mode, add_from)
 			if params.type == 'xhttp' or params.type == 'splithttp' then
 				result.xhttp_host = params.host
 				result.xhttp_path = params.path
+				result.xhttp_mode = params.mode or "auto"
+				result.xhttp_extra = params.extra
+				local Data = params.extra and params.extra ~= "" and jsonParse(params.extra)
+				local address = (Data and Data.extra and Data.extra.downloadSettings and Data.extra.downloadSettings.address)
+						or (Data and Data.downloadSettings and Data.downloadSettings.address)
+				result.download_address = address and address ~= "" and address or nil
 			end
 			if params.type == 'httpupgrade' then
 				result.httpupgrade_host = params.host