HTTP 403: Host not permitted

Hello,
I run Node server and configure “http-proxy-middleware” as a reverse-proxy. It always worked fine, but since recently (3-5 days ago) it stopped working…
When I try “GET https://my-domain-name.glitch.me/…” I am getting HTTP 403 with the message “Host not permitted”.
Why this happens?
Has anything been changed since recently in glitch.me?

API which is requested via proxy works fine.

your project runs on .me, not .com

are you using sinatra? Sinatra: README you need to set some host_authorization configuration to allow requests with the Host header that Glitch gives you

ah, right. Just corrected it.

No, don’t use Sinatra.
I use Express.js server (with http-proxy-middleware to configure reverse-profy).
How can I set up host_authorization for Nose/Express?

Requests coming via DN (tmdb-dashboard.glitch.me) are blocked. Via localhost everything works fine:

curl http://localhost:3000/3/trending/movie/week - works fine
curl https://tmdb-dashboard.glitch.me/3/trending/movie/week - returns 403

can you find out where this string “host not permitted” comes from? that’ll help us figure out what package is enforcing it and we can look up its documentation

oh you’re reverse proxying an external Sinatra app. I think this means you’re sending the Host header wrong in the request. check the proxy middleware docs for how to correct the host header

1 Like

don’t see any “host not permitted” in my environment. Checked all *.json and *.js files…

Finally managed to figure it out.
API provider recently improved their security:

As a result, many consumers faced the same issue )
Providing X-Forwarded-Host helped to fit it, now everything works fine.

2 Likes