How to filter 'Invalid HTTP_HOST header ...' errors

[Mike Dewhirst]

I'm getting hundreds of Invalid HTTP_HOST header errors and need to avoid having them emailed to ADMINS. My ISP has a limit on the number of messages which can be sent per hour and occasionally that gets exceeded and he complains the site is jamming his queues. While that is a more or less jocular response I still need to invest my time looking at these stupid emails.

My ALLOWED_HOSTS setting is locked down to only the correct hostname and no IP addresses. All the errors are attempts to access well known scripts which don't exist on the server or '/'

I am reasonably certain the answer to the problem sits somewhere in the logging configuration but that's not trivial - for me anyway.

I'm having trouble deciphering https://docs.djangoproject.com/en/1.11/topics/logging/#examples

Can anyone please point me to a worked example which addresses this?

Thanks

Mike

[Jani Tiainen]

Hi.

Usually HTTP_HOST should be generated from your frontend http server (nginx, apache or similar) and it shouldn't change randomly. If it does it's indication that someone actually had bypassed your http server and managed to call django directly.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/3a45a72c-714d-c003-e237-417c899c430e%40dewhirst.com.au.
For more options, visit https://groups.google.com/d/optout.

--

Jani Tiainen

Software wizard

https://blog.jani.tiainen.cc/

Always open for short term jobs or contracts to work with Django.

[Mike Dewhirst]

On 24/03/2019 9:28 pm, Jani Tiainen wrote:
> Hi.
>
> Usually HTTP_HOST should be generated from your frontend http server
> (nginx, apache or similar) and it shouldn't change randomly. If it
> does it's indication that someone actually had bypassed your http
> server and managed to call django directly.

Jani

Could you please explain what is happening in more detail?

Django is definitely generating these errors because it is saying 'You
may need to add u'123.456.789.012' to ALLOWED_HOSTS.' Where the IP
address is the IP address of the Apache server.

Thanks

Mike

>
>
> On Sun, Mar 24, 2019 at 2:48 AM Mike Dewhirst <mi...@dewhirst.com.au
> <mailto:mi...@dewhirst.com.au>> wrote:
>
> I'm getting hundreds of Invalid HTTP_HOST header errors and need
> to avoid having them emailed to ADMINS. My ISP has a limit on the
> number of messages which can be sent per hour and occasionally
> that gets exceeded and he complains the site is jamming his
> queues. While that is a more or less jocular response I still need
> to invest my time looking at these stupid emails.
>
> My ALLOWED_HOSTS setting is locked down to only the correct
> hostname and no IP addresses. All the errors are attempts to
> access well known scripts which don't exist on the server or '/'
>
> I am reasonably certain the answer to the problem sits somewhere
> in the logging configuration but that's not trivial - for me anyway.
>
> I'm having trouble deciphering
> https://docs.djangoproject.com/en/1.11/topics/logging/#examples
>
> Can anyone please point me to a worked example which addresses this?
>
> Thanks
>
> Mike
>
>
> --
> You received this message because you are subscribed to the Google
> Groups "Django users" group.
> To unsubscribe from this group and stop receiving emails from it,
> send an email to django-users...@googlegroups.com

> <mailto:django-users...@googlegroups.com>.

> To post to this group, send email to django...@googlegroups.com

> <mailto:django...@googlegroups.com>.

> Visit this group at https://groups.google.com/group/django-users.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/3a45a72c-714d-c003-e237-417c899c430e%40dewhirst.com.au

> <https://groups.google.com/d/msgid/django-users/3a45a72c-714d-c003-e237-417c899c430e%40dewhirst.com.au?utm_medium=email&utm_source=footer>.

> For more options, visit https://groups.google.com/d/optout.
>
>
>
> --
> Jani Tiainen
> Software wizard
>
> https://blog.jani.tiainen.cc/
>
> Always open for short term jobs or contracts to work with Django.

> --
> You received this message because you are subscribed to the Google
> Groups "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to django-users...@googlegroups.com

> <mailto:django-users...@googlegroups.com>.

> To post to this group, send email to django...@googlegroups.com

> <mailto:django...@googlegroups.com>.

> Visit this group at https://groups.google.com/group/django-users.
> To view this discussion on the web visit

> https://groups.google.com/d/msgid/django-users/CAHn91ofA0wT8SAePhPRhEm5VK6ooVD619X9xpX4tpycqO4K-Fw%40mail.gmail.com
> <https://groups.google.com/d/msgid/django-users/CAHn91ofA0wT8SAePhPRhEm5VK6ooVD619X9xpX4tpycqO4K-Fw%40mail.gmail.com?utm_medium=email&utm_source=footer>.