Describe the bug
It's not possible to check the Host header, an error appears if trying to get it.
{
"time": "2026-04-14T02:56:48.768274634Z",
"level": "ERROR",
"source": {
"function": "github.com/TecharoHQ/anubis/lib.(*Server).maybeReverseProxy",
"file": "github.com/TecharoHQ/anubis/lib/anubis.go",
"line": 205
},
"msg": "check failed",
"subsystem": "anubis",
"host": "subdomain.domain.com",
"method": "GET",
"path": "/test/test.html",
"user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36",
"accept_language": "ru-RU,ru;q=0.9",
"priority": "u=0, i",
"x-forwarded-for": "re.da.ct.ed",
"x-real-ip": "re.da.ct.ed",
"err": "can't run check allow-subdomain: no such key: Host"
}Steps to reproduce
- Clear cookies
- Go to "allowed" URL
- Get error
botPolicy.yaml
bots:
- name: allow-subdomain
action: ALLOW
expression:
all:
- headers["Host"].startsWith("subdomain.")
- path.startsWith("/test/")
- name: challenge-all
path_regex: .*
action: CHALLENGEnginx config:
map $http_upgrade $connection_upgrade {
default upgrade;
"" close;
}
upstream service {
server service:3000;
}
server {
listen 443 ssl;
http2 on;
server_name subdomain.domain.com;
include /etc/nginx/snippets/ssl.conf;
location / {
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_pass http://anubis;
}
}
server {
listen nginx:8023;
server_name subdomain.domain.com;
location / {
proxy_http_version 1.1;
proxy_pass http://service;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# Hard-code https since the original request came through SSL
proxy_set_header X-Forwarded-Proto https;
}
}I also tried with headers_regex before, that just shows the challenge always, so I think the header is possibly lost at some point.
Expected behavior
The request goes through without the challenge appearing, since it's allowed as per the defined rules in botPolicy.yaml
Your operating system and its version.
NixOS 26.05
Your browser and its version.
Chrome 146
Additional context
No response
Describe the bug
It's not possible to check the
Hostheader, an error appears if trying to get it.{ "time": "2026-04-14T02:56:48.768274634Z", "level": "ERROR", "source": { "function": "github.com/TecharoHQ/anubis/lib.(*Server).maybeReverseProxy", "file": "github.com/TecharoHQ/anubis/lib/anubis.go", "line": 205 }, "msg": "check failed", "subsystem": "anubis", "host": "subdomain.domain.com", "method": "GET", "path": "/test/test.html", "user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36", "accept_language": "ru-RU,ru;q=0.9", "priority": "u=0, i", "x-forwarded-for": "re.da.ct.ed", "x-real-ip": "re.da.ct.ed", "err": "can't run check allow-subdomain: no such key: Host" }Steps to reproduce
botPolicy.yaml
nginx config:
I also tried with
headers_regexbefore, that just shows the challenge always, so I think the header is possibly lost at some point.Expected behavior
The request goes through without the challenge appearing, since it's allowed as per the defined rules in botPolicy.yaml
Your operating system and its version.
NixOS 26.05
Your browser and its version.
Chrome 146
Additional context
No response