Hello @marfea and welcome to the forum!
I don’t know about Apache, but 2.0.4.5 tightened remote security, and you’re getting the standard symptom:
Duplicati upgrade - “The host header sent by the client is not allowed”
A suitable setting for Server option below might do the trick. I think it’s separate from --webservice-interface
–webservice-allowed-hostnames: The hostnames that are accepted, separated with semicolons. If any of the hostnames are “*”, all hostnames are allowed and the hostname checking is disabled.
I’m not clear on how host headers flow through proxies. In non-proxy case, IP address is also a workaround.