Invalid HTTP_HOST header in Django 1.6.2

不羁的心 提交于 2020-01-11 08:52:49

问题


I am receiving a lot of Invalid HTTP_HOST header messages from my Django web application-

[Django] ERROR: Invalid HTTP_HOST header: 'www.bing.com'.You may need to add u'www.bing.com' to ALLOWED_HOSTS

It comes from known websites (like bing.com, google.com) as well as very random websites (www2t.biglobe.ne.jp, proxy.me5b.ru).

The message in the emails is:

No stack trace available

Request repr() unavailable.

I have read other questions about this on other SO questions, like this and this and a nice blog post like this.

But they all seem to indicate that this problem should have been solved in Django 1.6. However, I am running Django 1.6.2 and am still seeing this error. I am using Apache WSGI and the application is hosted on AWS Elasticbeanstalk.

I can probably suppress these alert messages, but should I be expecting them in the first place?


回答1:


The problem isn't in django or the django application, Its in the user's side.

Your django application are configured to take requests on example.com only (ALLOWED_HOSTS), and then, if any other domain are pointing the same ip and any user requests that webithe then django will raise that exception.

Obviously bing.con isn't pointing to your IP address (unless you are a microsoft's employee and you are migrating bing to django :-O).

I have some hypotesis:

  • An user or bot is doing some unauthorized tests on your website.
  • A private DNS server owned by an ISP, company or home's DNS were hacked or miscunfigured and have wrong entries
  • A malware has added some entries in the "hosts" file of the user's operating system pointing to your ip.
  • Or any other reason why bing.com is pointing to your website

Don't pay attention at this error (I'm ignoring this on my websites) because django is thinking correctly:

I'm not configured to serve this domain, sorry, I'll not serve any content to you.




回答2:


Here is a complete logging config that can be cut and pasted into a Django 1.6 settings file if LOGGING isn't already defined. This is a follow up to the snippet that @Devang posted as a comment above.

LOGGING = {
    'version': 1,
    'disable_existing_loggers': False,
    'handlers': {
        'null': {
            'class': 'django.utils.log.NullHandler',
        },
    },
    'loggers': {
        'django.security.DisallowedHost': {
            'handlers': ['null'],
            'propagate': False,
        },
    }
}



回答3:


Updated for Django 1.9, per the docs.

LOGGING = {
    'version': 1,
    'disable_existing_loggers': False,
    'handlers': {
        'null': {
            'class': 'logging.NullHandler',
        },
    },
    'loggers': {
        'django.security.DisallowedHost': {
            'handlers': ['null'],
            'propagate': False,
        },
    },
}


来源:https://stackoverflow.com/questions/22416027/invalid-http-host-header-in-django-1-6-2

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!