Invalid HTTP_HOST header in Django 1.6.2
I am receiving a lot of Invalid HTTP_HOST header messages from my Django web application-
[Django] ERROR: Invalid HTTP_HOST header: \'www.bing.com\'.Y
-
Here is a complete logging config that can be cut and pasted into a Django 1.6 settings file if LOGGING isn't already defined. This is a follow up to the snippet that @Devang posted as a comment above.
LOGGING = { 'version': 1, 'disable_existing_loggers': False, 'handlers': { 'null': { 'class': 'django.utils.log.NullHandler', }, }, 'loggers': { 'django.security.DisallowedHost': { 'handlers': ['null'], 'propagate': False, }, } }讨论(0) -
The problem isn't in django or the django application, Its in the user's side.
Your django application are configured to take requests on example.com only (ALLOWED_HOSTS), and then, if any other domain are pointing the same ip and any user requests that webithe then django will raise that exception.
Obviously bing.con isn't pointing to your IP address (unless you are a microsoft's employee and you are migrating bing to django :-O).
I have some hypotesis:
- An user or bot is doing some unauthorized tests on your website.
- A private DNS server owned by an ISP, company or home's DNS were hacked or miscunfigured and have wrong entries
- A malware has added some entries in the "hosts" file of the user's operating system pointing to your ip.
- Or any other reason why bing.com is pointing to your website
Don't pay attention at this error (I'm ignoring this on my websites) because django is thinking correctly:
I'm not configured to serve this domain, sorry, I'll not serve any content to you.
讨论(0) -
Updated for Django 1.9, per the docs.
LOGGING = { 'version': 1, 'disable_existing_loggers': False, 'handlers': { 'null': { 'class': 'logging.NullHandler', }, }, 'loggers': { 'django.security.DisallowedHost': { 'handlers': ['null'], 'propagate': False, }, }, }讨论(0)
加载中...
- 热议问题