I have Duplicati installed on an Ubuntu server, with Apache acting as a reverse proxy to make it accessible via a friendly URL (backups.home.mydomain.com). Having just upgraded to 2.0.45, accessing via backups.home.mydomain.com now yields “The host header sent by the client is not allowed”. I can still access the GUI via localhost:8200.
With this setup, I have never had to set the option “allow remote access” and do not want to open up port 8200 to my entire network.
Having read other similar posts, I have tried clearing my Chrome cache, but it hasn’t helped.
How can I re-enable the GUI via Apache?
Hello @marfea and welcome to the forum!
I don’t know about Apache, but 220.127.116.11 tightened remote security, and you’re getting the standard symptom:
Duplicati upgrade - “The host header sent by the client is not allowed”
A suitable setting for Server option below might do the trick. I think it’s separate from --webservice-interface
–webservice-allowed-hostnames: The hostnames that are accepted, separated with semicolons. If any of the hostnames are “*”, all hostnames are allowed and the hostname checking is disabled.
I’m not clear on how host headers flow through proxies. In non-proxy case, IP address is also a workaround.