Use case for ALLOWED_HOSTS

[Antonis Christofides]

If Django is listening at http://mydjangoproject.com/, then the web server is
normally configured to proxy pass mydjangoproject.com requests to django. If I
visit http://server_ip_address/ or
http://another_domain_that_points_to_the_same_server/, nginx/Apache should
normally not proxy pass the request to Django.

So I was wondering: why was the seemingly superfluous ALLOWED_HOSTS added to
Django? What is its use case?

Thanks!

Antonis

--
Antonis Christofides
http://djangodeployment.com

[Vijay Khemlani]

To prevent Host header poisoning

https://www.djangoproject.com/weblog/2013/feb/19/security/#s-issue-host-header-poisoning

> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-users...@googlegroups.com.
> To post to this group, send email to django...@googlegroups.com.
> Visit this group at https://groups.google.com/group/django-users.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/ad921e19-4c46-cb56-b3d6-ee8ff90fe429%40djangodeployment.com.
> For more options, visit https://groups.google.com/d/optout.
>