# Resolving the "Invalid Host Header. Host must be the Console Address" Error This FAQ explains why the **"Invalid Host Header"** error occurs, how to resolve it, and how to add multiple console addresses for **AIR**. *** ### **1. What Does the "Invalid Host Header" Error Mean?** From **AIR Console version 4.33** onward, AIR strictly enforces the **configured Console Address** as a security measure to **prevent unauthorized access**. {% hint style="danger" %} If you see the error: > **"Invalid Host Header. Host must be the Console Address",** This means that AIR is receiving **requests from an unapproved address**. This behavior was introduced to **mitigate Host Header injection vulnerabilities**. {% endhint %} *** ### **2. Why Did This Error Appear After Upgrading?** If you upgraded from **pre-4.33 versions** (e.g., **4.31.x or 4.23.x**) to **4.33 or later**, the new security measures require you to **explicitly whitelist console addresses** (IP addresses or domain names) in the **AIR environment file**. *** ### **3. How Do I Fix This Error?** To resolve this issue, you need to define the **AIR\_CONSOLE\_ADDRESSES** environment variable in the `.env` file. Follow these steps: #### **Step 1: Access the AIR Console Server** Log into the server (via **SSH**) where the AIR Console is hosted. #### **Step 2: Back Up the Environment File** Run the following command to create a backup of the `.env` file: ```bash cp -v /opt/binalyze-air/volumes/app/binalyze-air/config/.env \ /opt/binalyze-air/volumes/app/binalyze-air/config/.env-BACKUP ``` #### **Step 3: Add Additional Console Addresses** Use the following command to append the new console address: ```bash echo "AIR_CONSOLE_ADDRESSES=" >> /opt/binalyze-air/volumes/app/binalyze-air/config/.env ``` * Replace **``** with the IP or domain name you want to allow. * Example: ```bash AIR_CONSOLE_ADDRESSES=my-air-console.example.com ``` * If multiple addresses are needed, separate them with commas: ```bash AIR_CONSOLE_ADDRESSES=my-air-console.example.com,10.0.0.50 ``` #### **Step 4: Restart the Containers** After updating the `.env` file, restart the AIR containers: ```bash cd /opt/binalyze-air docker compose down && docker compose up -d ``` #### **Step 5: Verify Access** Once the containers are up, log in using the newly added console addresses. If the error persists: * Check for **typos** in the `.env` file. * Ensure **case sensitivity** matches browser behavior (browsers often lowercase domain names). * Confirm that **DNS/host settings** are correct. *** ### **4. What Should I Use as My Console Address: IP or Domain?** You can add any valid address, such as:\ **IP Addresses** (e.g., `10.0.0.50`)\ **Fully Qualified Domain Names (FQDNs)** (e.g., `my-air-console.example.com`) If you plan to **connect using multiple addresses** (e.g., internal IP + domain), add **all of them** to `AIR_CONSOLE_ADDRESSES`. **Important:** Browsers may **automatically lowercase domain names**, so ensure your entry in `.env` matches how users type it. *** ### **5. Troubleshooting Tips** #### **Case Sensitivity Issues** * Some browsers convert uppercase domain names to **lowercase**. Ensure your `.env` file reflects this behavior. #### **Backup & Revert if Needed** * If an update causes issues, **restore your backup** and restart the containers. ```bash cp -v /opt/binalyze-air/volumes/app/binalyze-air/config/.env-BACKUP \ /opt/binalyze-air/volumes/app/binalyze-air/config/.env docker compose down && docker compose up -d ``` #### **Network & DNS Configuration** * Ensure **DNS records** and **network settings** reflect your environment. *** ### **6. Reference Articles** **AIR Console Access Control** * [**This page in the Binalyze Knowledge Base**](https://kb.binalyze.com/self-hosted/setup/security/console-access-control) explains the security updates enforcing **approved console addresses** to prevent Host Header injection. **AIR Release Notes** * Track news regarding new and enhanced security measures in our [**release notes**](https://www.binalyze.com/air/release-notes/). *** We hope this FAQ helps you resolve the **"Invalid Host Header"** error and keep your **AIR environment secure**. For **further troubleshooting**, please contact ****