diff --git a/cmd/XDC/main.go b/cmd/XDC/main.go
index 174346826a..f710549a49 100644
--- a/cmd/XDC/main.go
+++ b/cmd/XDC/main.go
@@ -123,6 +123,7 @@ var (
 		utils.EnableXDCPrefixFlag,
 		utils.NetworkIdFlag,
 		utils.HTTPCORSDomainFlag,
+		utils.AuthHostFlag,
 		utils.AuthPortFlag,
 		utils.JWTSecretFlag,
 		utils.HTTPVirtualHostsFlag,
diff --git a/cmd/utils/flags.go b/cmd/utils/flags.go
index 1339fd52fd..e294a77618 100644
--- a/cmd/utils/flags.go
+++ b/cmd/utils/flags.go
@@ -392,7 +392,13 @@ var (
 		Value:    ethconfig.Defaults.RPCTxFeeCap,
 		Category: flags.APICategory,
 	}
-	// Authenticated port settings
+	// Authenticated RPC HTTP settings
+	AuthHostFlag = &cli.StringFlag{
+		Name:     "authrpc.host",
+		Usage:    "Listening address for authenticated APIs",
+		Value:    node.DefaultConfig.AuthHost,
+		Category: flags.APICategory,
+	}
 	AuthPortFlag = &cli.IntFlag{
 		Name:     "authrpc.port",
 		Usage:    "Listening port for authenticated APIs",
@@ -1016,6 +1022,9 @@ func setHTTP(ctx *cli.Context, cfg *node.Config) {
 	if ctx.IsSet(HTTPPortFlag.Name) {
 		cfg.HTTPPort = ctx.Int(HTTPPortFlag.Name)
 	}
+	if ctx.IsSet(AuthHostFlag.Name) {
+		cfg.AuthHost = ctx.String(AuthHostFlag.Name)
+	}
 	if ctx.IsSet(AuthPortFlag.Name) {
 		cfg.AuthPort = ctx.Int(AuthPortFlag.Name)
 	}
diff --git a/node/config.go b/node/config.go
index 6860be9521..86660c2c93 100644
--- a/node/config.go
+++ b/node/config.go
@@ -109,9 +109,6 @@ type Config struct {
 	// for ephemeral nodes).
 	HTTPPort int `toml:",omitempty"`
 
-	// Authport is the port number on which the authenticated API is provided.
-	AuthPort int `toml:",omitempty"`
-
 	// HTTPCors is the Cross-Origin Resource Sharing header to send to requesting
 	// clients. Please be aware that CORS is a browser enforced security, it's fully
 	// useless for custom HTTP clients.
@@ -138,6 +135,12 @@ type Config struct {
 	// HTTPPathPrefix specifies a path prefix on which http-rpc is to be served.
 	HTTPPathPrefix string `toml:",omitempty"`
 
+	// AuthHost is the listening address on which authenticated APIs are provided.
+	AuthHost string `toml:",omitempty"`
+
+	// AuthPort is the port number on which authenticated APIs are provided.
+	AuthPort int `toml:",omitempty"`
+
 	// WSHost is the host interface on which to start the websocket RPC server. If
 	// this field is empty, no websocket API endpoint will be started.
 	WSHost string
diff --git a/node/defaults.go b/node/defaults.go
index c95c6fdfb0..5143bb02f1 100644
--- a/node/defaults.go
+++ b/node/defaults.go
@@ -48,6 +48,7 @@ var (
 var DefaultConfig = Config{
 	DataDir:          DefaultDataDir(),
 	HTTPPort:         DefaultHTTPPort,
+	AuthHost:         DefaultAuthHost,
 	AuthPort:         DefaultAuthPort,
 	HTTPModules:      []string{"net", "web3"},
 	HTTPVirtualHosts: []string{"localhost"},
diff --git a/node/node.go b/node/node.go
index a7a4993cfc..c62a357f4e 100644
--- a/node/node.go
+++ b/node/node.go
@@ -446,7 +446,7 @@ func (n *Node) startRPC() error {
 	initAuth := func(apis []rpc.API, port int, secret []byte) error {
 		// Enable auth via HTTP
 		server := n.httpAuth
-		if err := server.setListenAddr(DefaultAuthHost, port); err != nil {
+		if err := server.setListenAddr(n.config.AuthHost, port); err != nil {
 			return err
 		}
 		if err := server.enableRPC(apis, httpConfig{
@@ -461,7 +461,7 @@ func (n *Node) startRPC() error {
 		servers = append(servers, server)
 		// Enable auth via WS
 		server = n.wsServerForPort(port, true)
-		if err := server.setListenAddr(DefaultAuthHost, port); err != nil {
+		if err := server.setListenAddr(n.config.AuthHost, port); err != nil {
 			return err
 		}
 		if err := server.enableWS(apis, wsConfig{