Resolving the "Invalid Host Header. Host must be the Console Address" Error

This FAQ explains why the “Invalid Host Header” error occurs, how to resolve it, and how to add multiple console addresses for AIR.

1. What Does the “Invalid Host Header” Error Mean?

From AIR Console version 4.33 onward, AIR strictly enforces the configured Console Address as a security measure to prevent unauthorized access.

2. Why Did This Error Appear After Upgrading?

If you upgraded from pre-4.33 versions (e.g., 4.31.x or 4.23.x) to 4.33 or later, the new security measures require you to explicitly whitelist console addresses (IP addresses or domain names) in the AIR environment file.

3. How Do I Fix This Error?

To resolve this issue, you need to define the AIR_CONSOLE_ADDRESSES environment variable in the .env file. Follow these steps:

Step 1: Access the AIR Console Server

Log into the server (via SSH) where the AIR Console is hosted.

Step 2: Back Up the Environment File

Run the following command to create a backup of the .env file:

cp -v /opt/binalyze-air/volumes/app/binalyze-air/config/.env \
     /opt/binalyze-air/volumes/app/binalyze-air/config/.env-BACKUP

Step 3: Add Additional Console Addresses

Use the following command to append the new console address:

echo "AIR_CONSOLE_ADDRESSES=<YOUR_ADDRESS>" >> /opt/binalyze-air/volumes/app/binalyze-air/config/.env

Replace <YOUR_ADDRESS> with the IP or domain name you want to allow.
- Example:
  Terminal window
```
AIR_CONSOLE_ADDRESSES=my-air-console.example.com
```
If multiple addresses are needed, separate them with commas:
Terminal window
```
AIR_CONSOLE_ADDRESSES=my-air-console.example.com,10.0.0.50
```

Step 4: Restart the Containers

After updating the .env file, restart the AIR containers:

cd /opt/binalyze-air
docker compose down && docker compose up -d

Step 5: Verify Access

Once the containers are up, log in using the newly added console addresses. If the error persists:

Check for typos in the .env file.
Ensure case sensitivity matches browser behavior (browsers often lowercase domain names).
Confirm that DNS/host settings are correct.

4. What Should I Use as My Console Address: IP or Domain?

You can add any valid address, such as:
IP Addresses (e.g., 10.0.0.50)
Fully Qualified Domain Names (FQDNs) (e.g., my-air-console.example.com)

If you plan to connect using multiple addresses (e.g., internal IP + domain), add all of them to AIR_CONSOLE_ADDRESSES.

Important: Browsers may automatically lowercase domain names, so ensure your entry in .env matches how users type it.

5. Troubleshooting Tips

Case Sensitivity Issues

Some browsers convert uppercase domain names to lowercase. Ensure your .env file reflects this behavior.

Backup & Revert if Needed

If an update causes issues, restore your backup and restart the containers.

cp -v /opt/binalyze-air/volumes/app/binalyze-air/config/.env-BACKUP \
    /opt/binalyze-air/volumes/app/binalyze-air/config/.env
docker compose down && docker compose up -d

Network & DNS Configuration

Ensure DNS records and network settings reflect your environment.

6. Reference Articles

AIR Console Access Control

This page in the Binalyze Knowledge Base explains the security updates enforcing approved console addresses to prevent Host Header injection.

AIR Release Notes

Track news regarding new and enhanced security measures in our release notes.

We hope this FAQ helps you resolve the “Invalid Host Header” error and keep your AIR environment secure.

For further troubleshooting, please contact [email protected]