8

I use django as a backend and it's running on 8000 port at the loopback interface. So, when I'am to try start it with DEBUG = False, I got 500 error on any request from a frontend. I set my ALLOWED_HOSTS as:

 ALLOWED_HOSTS = ['127.0.0.1', 'localhost', '127.0.0.1:8000', 'localhost:8000', '*',]

But this doesn't work for me. Is it possible disable this option or how I can do that?

UPDATE So I just declared variable ALLOWED_HOSTS above of default ALLOWED_HOSTS = []. Sorry for the inattention.

Denis
  • 7,127
  • 8
  • 37
  • 58
  • 2
    Normally, improper django ALLOWED_HOSTS should lead to ”Bad Request (400)”. could you provide more details? – alko Nov 07 '13 at 09:58
  • 1
    @alko, Are you sure it should lead to HTTP 400? I'm pretty sure I'm getting HTTP 500s from all those pesky bots scanning IPs - more specifically `SuspiciousOperation` exception. – Maciej Gol Nov 07 '13 at 10:07
  • 1
    Look [docs](https://docs.djangoproject.com/en/dev/ref/exceptions/#suspiciousoperation) and [code](https://github.com/django/django/blob/3bc0d46a840f17dce561daca8a6b8690b2cf5d0a/django/core/handlers/base.py#L172) – alko Nov 07 '13 at 10:28
  • '*' rule should disable host validation at all. Are you sure that 500 error is related to ALLOWED_HOSTS? – exslim Nov 07 '13 at 10:16
  • Yes, I got messages like SuspiciousOperation: Invalid HTTP_HOST header (you may need to set ALLOWED_HOSTS): 127.0.0.1:8000. But wildchar is in ALLOWED_HOSTS – Denis Nov 07 '13 at 10:20

1 Answers1

8

Normally, improper django ALLOWED_HOSTS should lead to ”Bad Request (400)”.

In more details, DisallowedHost (child class to SuspitiousOperation) is raised by request in HttpRequest.get_host(), and is processed later by request hadler, returning 400 HTTP response. You might get 500 error if an exception is occured in resolver.resolve400().

@Denis may be you mangled ALLOWED_HOSTS. I'd suggest you debug its value (logging it for example). See how validation works, your '*' should skip any host validation

alko
  • 46,136
  • 12
  • 94
  • 102
  • 1
    your answer is not straight to the point. How is the OP is supposed to make it **proper** or better yet, **work**? – ericn Apr 02 '16 at 06:44
  • @eric I suggest you to read the answer and look at the question. It's obvious that the problem is not in the snippet provided, so the only solution is to debug, as I suggested. You could even check in the *UPDATE* that the suggestion helped ;) – alko Apr 02 '16 at 21:00