Sunday, July 1, 2018

Invalid HTTP_HOST header when website being accessed by public IP

Hi fellow Django users,

I have succesfully deployed a small Django site with uwsgi and Nginx to
a virtual server running in Amazons cloud (AWS).

I have also succesusfully set up email so I will get an email everytime
an error occurs. Quite useful.

Now, my problem is, that lately I have been receiving quite a lot of
emails since there seems to be some bots (or whatever) that tries to
access my website through its public IP, causing "Invalid HTTP_HOST
header" errors.

I could quite easily (and I have actually already written the code for
that) dynamically figure out my servers public IP and add that to the
ALLOWED_HOSTS setting in settings.py, but I'm not certain that is the
correct solution?

I would think it's an error to access my website through its IP (in the
HTTP Host header), but it's quite anoying to get emails everytime some
bot, crawler or whatever attempts to do that.

Anyone having faced this issue before? Would it be correct simply to add
the public IP to the list of allowed hosts, or is there a better
solution? I definitely still want to get emails when any other error occurs.

Thanks a lot!

Kind regards,
Kasper Laudrup

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/8340a112-f429-487f-f8fc-f4aa9e4a7a20%40stacktrace.dk.
For more options, visit https://groups.google.com/d/optout.

No comments:

Post a Comment