diff --git a/include/oatpp-authkit/auth/AuthInterceptor.hpp b/include/oatpp-authkit/auth/AuthInterceptor.hpp
index 101273c..cc2a4e5 100644
--- a/include/oatpp-authkit/auth/AuthInterceptor.hpp
+++ b/include/oatpp-authkit/auth/AuthInterceptor.hpp
@@ -104,8 +104,12 @@ public:
             }
         }
 
-        const std::string path   = request->getStartingLine().path.std_str();
+        std::string path         = request->getStartingLine().path.std_str();
         const std::string method = request->getStartingLine().method.std_str();
+        // Strip query string — request-target includes it, but policy checks
+        // (and access logs) want just the path.
+        auto qpos = path.find('?');
+        if (qpos != std::string::npos) path.resize(qpos);
 
         if (m_policy->isPublicPath(path)) return nullptr;