Hi Melvyn,
On 2018-07-02 11:32, Melvyn Sopacua wrote:
> On zondag 1 juli 2018 19:10:15 CEST Tomasz Knapik wrote:
>
> > Maybe you could restrict host headers at the nginx layer, but I don't
>
> > think it's worth your effort...
>
> If you think of it like that it seems like a lot of work. But if you
> simply setup a default server that redirects to the actual Django server
> with correct hostname, then all you need is 2 server blocks: 1 default,
> 1 with correct `server_name`.
>
You are correct. That was actually fairly easy to fix by changing the
nginx configuration.
I didn't do exactly as you mentioned since I use HTTPS (with a redirect
for HTTP) managed by letsencrypt.
Instead I added the following to my HTTPS server section:
if ($host != my-website.org {
return 404;
}
Seems to solve my problem just fine. Letsencrypts certbot had already
done something similar for the HTTP section redirect.
Thanks a lot for the input.
Kind regards,
Kasper Laudrup
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/eba5f004-7fde-b9d7-232d-67b4162623b1%40stacktrace.dk.
For more options, visit https://groups.google.com/d/optout.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment