diff --git a/proxy/internal/auth/middleware.go b/proxy/internal/auth/middleware.go
index 82c59eb4d..4a23dcc7e 100644
--- a/proxy/internal/auth/middleware.go
+++ b/proxy/internal/auth/middleware.go
@@ -9,9 +9,11 @@ import (
 	"sync"
 	"time"
 
-	"github.com/netbirdio/netbird/proxy/auth"
+	log "github.com/sirupsen/logrus"
 	"google.golang.org/grpc"
 
+	"github.com/netbirdio/netbird/proxy/auth"
+
 	"github.com/netbirdio/netbird/proxy/web"
 	"github.com/netbirdio/netbird/shared/management/proto"
 )
@@ -67,6 +69,8 @@ func (mw *Middleware) Protect(next http.Handler) http.Handler {
 		config, exists := mw.domains[host]
 		mw.domainsMux.RUnlock()
 
+		log.Tracef("checking authentication for host: %s, exists: %t", host, exists)
+
 		// Domains that are not configured here or have no authentication schemes applied should simply pass through.
 		if !exists || len(config.Schemes) == 0 {
 			next.ServeHTTP(w, r)
diff --git a/proxy/internal/proxy/servicemapping.go b/proxy/internal/proxy/servicemapping.go
index dff03af2e..85c326f5e 100644
--- a/proxy/internal/proxy/servicemapping.go
+++ b/proxy/internal/proxy/servicemapping.go
@@ -7,6 +7,8 @@ import (
 	"sort"
 	"strings"
 
+	log "github.com/sirupsen/logrus"
+
 	"github.com/netbirdio/netbird/proxy/internal/types"
 )
 
@@ -35,6 +37,7 @@ func (p *ReverseProxy) findTargetForRequest(req *http.Request) (*url.URL, string
 		host = h
 	}
 
+	log.Tracef("looking for mapping for host: %s, path: %s", host, req.URL.Path)
 	m, exists := p.mappings[host]
 	if !exists {
 		return nil, "", "", false