Resolving the “Invalid Host Header. Host must be the Console Address” Error

This FAQ explains why the “Invalid Host Header” error occurs, how to resolve it, and how to add multiple console addresses for Binalyze AIR.

1. What Does the “Invalid Host Header” Error Mean?

From AIR Console version 4.33 onward, Binalyze AIR strictly enforces the configured Console Address as a security measure to prevent unauthorized access.

If you see the error:

"Invalid Host Header. Host must be the Console Address",

This means that AIR is receiving requests from an unapproved address. This behavior was introduced to mitigate Host Header injection vulnerabilities.

2. Why Did This Error Appear After Upgrading?

If you upgraded from pre-4.33 versions (e.g., 4.31.x or 4.23.x) to 4.33 or later, the new security measures require you to explicitly whitelist console addresses (IP addresses or domain names) in the AIR environment file.

3. How Do I Fix This Error?

To resolve this issue, you need to define the AIR_CONSOLE_ADDRESSES environment variable in the .env file. Follow these steps:

Step 1: Access the AIR Console Server

Log into the server (via SSH) where the Binalyze AIR Console is hosted.

Step 2: Back Up the Environment File

Run the following command to create a backup of the .env file:

cp -v /opt/binalyze-air/volumes/app/binalyze-air/config/.env \
     /opt/binalyze-air/volumes/app/binalyze-air/config/.env-BACKUP

Step 3: Add Additional Console Addresses

Use the following command to append the new console address:

echo "AIR_CONSOLE_ADDRESSES=<YOUR_ADDRESS>" >> /opt/binalyze-air/volumes/app/binalyze-air/config/.env

Replace <YOUR_ADDRESS> with the IP or domain name you want to allow.
- Example:
  AIR_CONSOLE_ADDRESSES=my-air-console.example.com
If multiple addresses are needed, separate them with commas:
```
AIR_CONSOLE_ADDRESSES=my-air-console.example.com,10.0.0.50
```

Step 4: Restart the Containers

After updating the .env file, restart the AIR containers:

cd /opt/binalyze-air
docker compose down && docker compose up -d

Step 5: Verify Access

Once the containers are up, log in using the newly added console addresses. If the error persists:

Check for typos in the .env file.
Ensure case-sensitivity matches browser behavior (browsers often lowercase domain names).
Confirm DNS/host settings are correct.

4. What Should I Use as My Console Address: IP or Domain?

You can add any valid address, such as: ✅ IP Addresses (e.g., 10.0.0.50) ✅ Fully Qualified Domain Names (FQDNs) (e.g., my-air-console.example.com)

💡 If you plan to connect using multiple addresses (e.g., internal IP + domain), add all of them to AIR_CONSOLE_ADDRESSES.

📌 Important: Browsers may automatically lowercase domain names, so ensure your entry in .env matches how users type it.

5. Troubleshooting Tips

🔍 Case Sensitivity Issues

Some browsers convert uppercase domain names to lowercase. Ensure your .env file reflects this behavior.

📂 Backup & Revert if Needed

If an update causes issues, restore your backup and restart the containers.

cp -v /opt/binalyze-air/volumes/app/binalyze-air/config/.env-BACKUP \
    /opt/binalyze-air/volumes/app/binalyze-air/config/.env
docker compose down && docker compose up -d

🌐 Network & DNS Configuration

Ensure DNS records and network settings reflect your environment.

6. Reference Articles

📌 AIR Console Access Control

This page in the Binalyze Knowledge Base explains the security updates enforcing approved console addresses to prevent Host Header injection.

📌 Binalyze AIR Release Notes

Track news regarding new and enhanced security measures in our release notes.

We hope this FAQ helps you resolve the “Invalid Host Header” error and keep your Binalyze AIR environment secure.

For further troubleshooting, please contact [email protected]

PreviousBinalyze AIR Console Backup Procedure NextHow to download the collected evidence and artifacts in Binalyze AIR?

Last updated 3 months ago

Was this helpful?