KB-1011 401 error thrown when attempting to access Appian after configuring a web server


When attempting to access Appian with a web server configured, users receive a 401 error like the one below:

The following error is seen in the application server log:

ERROR com.appiancorp.security.cors.CorsFilter - CORS request rejected; invalid request from <SOURCE_IP_ADDRESS> to <URL>
javax.servlet.ServletException: CORS origin denied: <URL> is not on the allowed list:[] or the request path does not match the allowed paths.

Additionally, users who can login may be unable to load or open objects in /design.


There is a misconfiguration in custom.properties related to the site URL.


  • Ensure the conf.suite.SCHEME property in custom.properties matches the appropriate scheme users are using to access the site. I.e., HTTPS if SSL is configured on the web server and HTTP if it is not.
  • Ensure the conf.suite.SERVER_AND_PORT property in custom.properties matches the computer’s hostname and includes a port only if the default port is not being used, which is 80 for HTTP and 443 for HTTPS. These default ports are assumed based on the value of conf.suite.SCHEME.

Affected Versions

This article applies to all self-managed versions of Appian using a web server.

Last Reviewed: January 2022