diff --git a/internal/home/clientshttp.go b/internal/home/clientshttp.go
index 010df861..f8260dbd 100644
--- a/internal/home/clientshttp.go
+++ b/internal/home/clientshttp.go
@@ -475,7 +475,13 @@ func (clients *clientsContainer) findClient(
 		params.RemoteIP,
 		string(params.ClientID),
 	)
-	cj.Disallowed, cj.DisallowedRule = &disallowed, &rule
+	cj.Disallowed = &disallowed
+
+	if disallowed && rule != "" {
+		// Since "disallowed_rule" is omitted from JSON unless present, it
+		// should only be set when the client is actually blocked.
+		cj.DisallowedRule = &rule
+	}
 
 	return cj
 }
@@ -554,12 +560,19 @@ func (clients *clientsContainer) findRuntime(
 	// See https://github.com/AdguardTeam/AdGuardHome/issues/2428.
 	disallowed, rule := clients.clientChecker.IsBlockedClient(ip, string(params.ClientID))
 
+	var disallowedRule *string
+	if disallowed && rule != "" {
+		// Since "disallowed_rule" is omitted from JSON unless present, it
+		// should only be set when the client is actually blocked.
+		disallowedRule = &rule
+	}
+
 	return &clientJSON{
 		Name:           host,
 		IDs:            []string{idStr},
 		WHOIS:          whois,
 		Disallowed:     &disallowed,
-		DisallowedRule: &rule,
+		DisallowedRule: disallowedRule,
 	}
 }
 
diff --git a/internal/home/clientshttp_internal_test.go b/internal/home/clientshttp_internal_test.go
index 01197983..054d897e 100644
--- a/internal/home/clientshttp_internal_test.go
+++ b/internal/home/clientshttp_internal_test.go
@@ -421,7 +421,6 @@ func TestClientsContainer_HandleSearchClient(t *testing.T) {
 		allowed     = false
 		dissallowed = true
 
-		emptyRule      = ""
 		disallowedRule = "disallowed_rule"
 	)
 
@@ -432,7 +431,7 @@ func TestClientsContainer_HandleSearchClient(t *testing.T) {
 				return true, disallowedRule
 			}
 
-			return false, emptyRule
+			return false, ""
 		},
 	}
 
@@ -481,11 +480,10 @@ func TestClientsContainer_HandleSearchClient(t *testing.T) {
 			}},
 		},
 		wantRuntime: &clientJSON{
-			Name:           runtimeCli,
-			IDs:            []string{runtimeCliIP},
-			Disallowed:     &allowed,
-			DisallowedRule: &emptyRule,
-			WHOIS:          &whois.Info{},
+			Name:       runtimeCli,
+			IDs:        []string{runtimeCliIP},
+			Disallowed: &allowed,
+			WHOIS:      &whois.Info{},
 		},
 	}, {
 		name: "blocked_access",
@@ -508,10 +506,9 @@ func TestClientsContainer_HandleSearchClient(t *testing.T) {
 			}},
 		},
 		wantRuntime: &clientJSON{
-			IDs:            []string{nonExistentCliIP},
-			Disallowed:     &allowed,
-			DisallowedRule: &emptyRule,
-			WHOIS:          &whois.Info{},
+			IDs:        []string{nonExistentCliIP},
+			Disallowed: &allowed,
+			WHOIS:      &whois.Info{},
 		},
 	}}