I don't think that's wise to set allowed hosts to a host you don't want your application to be accessed by. Django documentation shows you how you can mute the errors - https://docs.djangoproject.com/en/2.0/topics/logging/#django-security. It's not technically an error of your application.
'handlers': { 'null': { 'class': 'logging.NullHandler', }, }, 'loggers': { 'django.security.DisallowedHost': { 'handlers': ['null'], 'propagate': False, }, },Maybe you could restrict host headers at the nginx layer, but I don't think it's worth your effort... Maybe you should use some smarter solution for receiving errors like Sentry where you only get notified once about an error and you can mute them instead of relying on each error occurrence triggering an email :P
Also you could integrate more into AWS and use their load balancing service where you should be able to set routing based on host header.
On 01/07/18 13:48, Kasper Laudrup wrote:
Hi fellow Django users,
I have succesfully deployed a small Django site with uwsgi and Nginx to a virtual server running in Amazons cloud (AWS).
I have also succesusfully set up email so I will get an email everytime an error occurs. Quite useful.
Now, my problem is, that lately I have been receiving quite a lot of emails since there seems to be some bots (or whatever) that tries to access my website through its public IP, causing "Invalid HTTP_HOST header" errors.
I could quite easily (and I have actually already written the code for that) dynamically figure out my servers public IP and add that to the ALLOWED_HOSTS setting in settings.py, but I'm not certain that is the correct solution?
I would think it's an error to access my website through its IP (in the HTTP Host header), but it's quite anoying to get emails everytime some bot, crawler or whatever attempts to do that.
Anyone having faced this issue before? Would it be correct simply to add the public IP to the list of allowed hosts, or is there a better solution? I definitely still want to get emails when any other error occurs.
Thanks a lot!
Kind regards,
Kasper Laudrup
No comments:
Post a Comment