django - ERROR (EXTERNAL IP): Internal Server Error - scanproxy?

Question

I received the following email today regarding a Django 1.5 error. I believe I have ALLOWED_HOSTS setup correctly. Is someone trying to probe my site for vulnerabilities...? Or am I missing something? The reason I asking about probing is because of the scanproxy.net host that was used.

Traceback (most recent call last):

File "/usr/local/lib/python2.7/dist-packages/django/core/handlers/base.py", line 92, in get_response
response = middleware_method(request)

File "/usr/local/lib/python2.7/dist-packages/django/middleware/common.py", line 57, in process_request
host = request.get_host()

File "/usr/local/lib/python2.7/dist-packages/django/http/request.py", line 72, in get_host
"Invalid HTTP_HOST header (you may need to set ALLOWED_HOSTS): %s" % host)

SuspiciousOperation: Invalid HTTP_HOST header (you may need to set ALLOWED_HOSTS): www.scanproxy.net


<WSGIRequest
path:/p-80.html,
GET:<QueryDict: {}>,
POST:<QueryDict: {}>,
COOKIES:{},
META:{'CONTENT_TYPE': 'text/html',
'DOCUMENT_ROOT': '/var/django/projects/Portfolio',
'GATEWAY_INTERFACE': 'CGI/1.1',
'HTTP_ACCEPT': 'image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, application/x-shockwave-flash, */*',
'HTTP_ACCEPT_LANGUAGE': 'en-us',
'HTTP_HOST': 'www.scanproxy.net',
'HTTP_PROXY_CONNECTION': 'keep-alive',
'HTTP_USER_AGENT': 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; KuKu 0.65)',
'PATH_INFO': u'/p-80.html',
'PATH_TRANSLATED': '/var/django/projects/Portfolio/apache/django.wsgi/p-80.html',
'QUERY_STRING': '',
'REMOTE_ADDR': '66.197.134.126',
'REMOTE_PORT': '1865',
'REQUEST_METHOD': 'GET',
'REQUEST_URI': 'http://www.scanproxy.net:80/p-80.html',
'SCRIPT_FILENAME': '/var/django/projects/Portfolio/apache/django.wsgi',
'SCRIPT_NAME': u'',
'SCRIPT_URI': 'http://www.scanproxy.net/p-80.html',
'SCRIPT_URL': '/p-80.html',
'SERVER_ADDR': '10.202.250.95',
'SERVER_ADMIN': 'iamadamcooke@gmail.com',
'SERVER_NAME': 'www.scanproxy.net',
'SERVER_PORT': '80',
'SERVER_PROTOCOL': 'HTTP/1.0',
'SERVER_SIGNATURE': '<address>Apache/2.2.22 (Ubuntu) Server at www.scanproxy.net Port 80</address>\n',
'SERVER_SOFTWARE': 'Apache/2.2.22 (Ubuntu)',
'mod_wsgi.application_group': 'iamadamcooke.com|',
'mod_wsgi.callable_object': 'application',
'mod_wsgi.handler_script': '',
'mod_wsgi.input_chunked': '0',
'mod_wsgi.listener_host': '',
'mod_wsgi.listener_port': '80',
'mod_wsgi.process_group': '',
'mod_wsgi.request_handler': 'wsgi-script',
'mod_wsgi.script_reloading': '1',
'mod_wsgi.version': (3, 3),
'wsgi.errors': <mod_wsgi.Log object at 0x7f365219e9f0>,
'wsgi.file_wrapper': <built-in method file_wrapper of mod_wsgi.Adapter object at 0x7f365209d4e0>,
'wsgi.input': <mod_wsgi.Input object at 0x7f36520271f0>,
'wsgi.multiprocess': True,
'wsgi.multithread': False,
'wsgi.run_once': False,
'wsgi.url_scheme': 'http',
'wsgi.version': (1, 1)}>

Answer 1

The alert is most likely raised because the HTTP_HOST header in that request does not match a hostname defined in your Django configuration in ALLOWED_HOSTS.

Let's say your site is www.mysite.com. Generally, DNS is configured to point all requests to the IP address your site listens on.

However, there's nothing to stop me from making a request to that IP address and declaring in the HTTP header that the request is destined to www.anothersite.com.

In most cases, there's nothing particularly harmful about that behavior but the Django developers have decided that it's suspicious enough to warrant a 500 response and a warning.

In your specific case, you're receiving a request from 66.197.134.126 to your webserver, asking for www.scanproxy.net. Your webserver accepted this request and forwarded it to Django which promptly said, Hey, I'm not www.scanproxy.net!

That said, is this something to be concerned about? That's really up to you. If you understand what's happening, you can make that decision for yourself.