[Django] ERROR: Invalid HTTP_HOST header: 'domain.com'.You may need to add u'domain.com' to..
949 views
Skip to first unread message
Federico Bruni
May 26, 2014, 7:34:23 AM5/26/14
to mezzani...@googlegroups.com
I've been getting this error message since I've deployed my mezzanine website:
[Django] ERROR: Invalid HTTP_HOST header: 'domain.com'.You may need to add u'domain.com' to ALLOWED_HOSTS
where domain.com is most of the times the IP of the server, few times a secondary domain which redirects to the main one and one time www.fbi.gov :-)
I've read the pages below, so I think that I can just ignore the error (I'm sure that my ALLOWED_HOSTS is restrictive).
I guess that I can wait for Django >= 1.7b4 in Mezzanine and then I won't get any error message. Right?
http://stackoverflow.com/questions/15238506/djangos-suspiciousoperation-invalid-http-host-header
https://code.djangoproject.com/ticket/19866
https://github.com/django/django/commit/d228c1192ed59ab0114d9eba82ac99df611652d2 (added in django 1.7b4)
[Django] ERROR: Invalid HTTP_HOST header: 'domain.com'.You may need to add u'domain.com' to ALLOWED_HOSTS
where domain.com is most of the times the IP of the server, few times a secondary domain which redirects to the main one and one time www.fbi.gov :-)
I've read the pages below, so I think that I can just ignore the error (I'm sure that my ALLOWED_HOSTS is restrictive).
I guess that I can wait for Django >= 1.7b4 in Mezzanine and then I won't get any error message. Right?
http://stackoverflow.com/questions/15238506/djangos-suspiciousoperation-invalid-http-host-header
https://code.djangoproject.com/ticket/19866
https://github.com/django/django/commit/d228c1192ed59ab0114d9eba82ac99df611652d2 (added in django 1.7b4)
Jared Nielsen
May 26, 2014, 6:23:09 PM5/26/14
to mezzani...@googlegroups.com
Hi Federico,
If you're using NGINX you can add a rewrite to your sites .conf file.
http://jarednielsen.com/blog/how-to-configure-server-name-redirect-in-nginx/
I was receiving the same error (and an inbox full of Django notices) but fixed it with the solution linked above.
Cheers.
If you're using NGINX you can add a rewrite to your sites .conf file.
http://jarednielsen.com/blog/how-to-configure-server-name-redirect-in-nginx/
I was receiving the same error (and an inbox full of Django notices) but fixed it with the solution linked above.
Cheers.
Federico Bruni
May 26, 2014, 6:35:04 PM5/26/14
to mezzani...@googlegroups.com
Hi Jared
thank you for the link, but I think that my situation is different.
Django (not the server) is issuing an error. It seems, from the stackoverflow link below, that it may be someone probing the site for the vulnerability by spoofing the header. Up to django < 1.7b4 this is considered a 500 error (internal server error), and that's why it's notified. From django 1.7b4 it's a 400 error, so it won't trigger any notification.
This is at least my understanding as a newbie.
Read the links below to have all the information
--
You received this message because you are subscribed to a topic in the Google Groups "Mezzanine Users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/mezzanine-users/NvuIO0occpw/unsubscribe.
To unsubscribe from this group and all its topics, send an email to mezzanine-use...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Danny
May 26, 2014, 6:35:44 PM5/26/14
to mezzani...@googlegroups.com
Hi Jared,
I don't think that's Federico's issue.
I have my ALLOWED_HOSTS set to the domain name(s) I allow, but quite often will get the error email with my site's IP address, which is not in ALLOWED_HOSTS (as I don't want people accessing the site using the IP). I suspect it's some malicious bot out there trying to run some sort of exploit on the site, and the error from Django is just an indication that this is happening.
Prior to Django 1.6, I would get these errors as proper error reports with a full traceback, sent to me via Error stack (I have some handlers set up in my code for this). Usually the access was to admin.php or some other non-existent PHP file. However, since moving to Django 1.6/Mezzanine 3.x only the email errors come directly from Django - with a "repr() unavailable" message instead of a traceback, and the handlers set up in my settings.py are completely skipped.
I'm not sure what changed so that this sort of error is not passed to my custom error handler, but it's not something that's easy to replicate for testing purposes, so I'm basically just ignoring the messages...I don't think that's Federico's issue.
I have my ALLOWED_HOSTS set to the domain name(s) I allow, but quite often will get the error email with my site's IP address, which is not in ALLOWED_HOSTS (as I don't want people accessing the site using the IP). I suspect it's some malicious bot out there trying to run some sort of exploit on the site, and the error from Django is just an indication that this is happening.
Prior to Django 1.6, I would get these errors as proper error reports with a full traceback, sent to me via Error stack (I have some handlers set up in my code for this). Usually the access was to admin.php or some other non-existent PHP file. However, since moving to Django 1.6/Mezzanine 3.x only the email errors come directly from Django - with a "repr() unavailable" message instead of a traceback, and the handlers set up in my settings.py are completely skipped.
All the best,
Seeya. Danny.
--
You received this message because you are subscribed to the Google Groups "Mezzanine Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mezzanine-use...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
vikraw
May 31, 2015, 12:02:12 AM5/31/15
to mezzani...@googlegroups.com
My settings look like this
ALLOWED_HOSTS = [
'.mydomain.com', # Allow domain and subdomains
'.mydomain.com.', # Also allow FQDN and subdomains
u'mp-ip-add-ress',
]
I am getting the errors for my server's IP address
Invalid HTTP_HOST header: 'x.x.x.x'. You may need to add u'x.x.x.x' to ALLOWED_HOSTS.
BUT also for so many suspicious names like this
- Invalid HTTP_HOST header: '4331780'.You may need to add u'4331780' to ALLOWED_HOSTS.
- Invalid HTTP_HOST header: 'testp1.piwo.pila.pl'.You may need to add u'testp1.piwo.pila.pl' to ALLOWED_HOSTS.
- Invalid HTTP_HOST header: 'www.cloud.ph'.You may need to add u'www.cloud.ph' to ALLOWED_HOSTS
All of them say the following
ALLOWED_HOSTS = [
'.mydomain.com', # Allow domain and subdomains
'.mydomain.com.', # Also allow FQDN and subdomains
u'mp-ip-add-ress',
]
I am getting the errors for my server's IP address
Invalid HTTP_HOST header: 'x.x.x.x'. You may need to add u'x.x.x.x' to ALLOWED_HOSTS.
BUT also for so many suspicious names like this
- Invalid HTTP_HOST header: '4331780'.You may need to add u'4331780' to ALLOWED_HOSTS.
- Invalid HTTP_HOST header: 'testp1.piwo.pila.pl'.You may need to add u'testp1.piwo.pila.pl' to ALLOWED_HOSTS.
- Invalid HTTP_HOST header: 'www.cloud.ph'.You may need to add u'www.cloud.ph' to ALLOWED_HOSTS
All of them say the following
No stack trace available
Request repr() unavailable.
In the morning I have around 20-30 such emails..
Reply all
Reply to author
Forward
0 new messages