6

I have deployed my Django application at AWS Elastic Bean Stalk server. Now I am getting too many invalid http host error from different IP addresses including localhost and http as following

SuspiciousOperation: Invalid HTTP_HOST header (you may need to set ALLOWED_HOSTS): 172.31.0.67

SuspiciousOperation: Invalid HTTP_HOST header (you may need to set ALLOWED_HOSTS): 172.31.22.203

SuspiciousOperation: Invalid HTTP_HOST header (you may need to set ALLOWED_HOSTS): check.proxyradar.com

SuspiciousOperation: Invalid HTTP_HOST header (you may need to set ALLOWED_HOSTS): testp2.czar.bielawa.pl
'PATH_TRANSLATED': '/opt/python/current/app/coinn/coinn/wsgi.py/testproxy.php',

In Elastic BeanStalk security Group I have given following access

Type | Protocol | Port | Source
HTTP | TCP      | 80   | Anywhere | 0.0.0.0/0

Are these error coming from automatic health check performed by Load balancer or some one trying to hack my aws instance system ?

I am saying the former because if I am removing the localhost and 127.0.0.1 from ALLOWED_HOST list in the django setting I started getting the same error from locahost as well as following :

SuspiciousOperation: Invalid HTTP_HOST header (you may need to set ALLOWED_HOSTS): localhost

Please suggest the possible cause and resolution of this issue.

r.bhardwaj
  • 1,603
  • 6
  • 28
  • 54

1 Answers1

1

Are these error coming from automatic health check performed by Load balancer or some one trying to hack my aws instance system?

The load balancer is certainly not going to be setting the HTTP_HOST header to values like "check.proxyradar.com" and "testp2.czar.bielawa.pl" so I think we can definitely rule out the ELB health checks.

As to if they are someone trying to hack your system, or something more benign, that is more difficult to answer. You might want to look at this related question, and the answer which states that this is probably someone probing your site for vulnerabilities.

Community
  • 1
  • 1
Mark B
  • 183,023
  • 24
  • 297
  • 295
  • 1
    Thanks for the ans., I have gone throw the suggested link. To handle this situation before it reaches to django , I have added following rewrite condition in /etc/httpd/conf.d/wsgi.conf: RewriteCond %{HTTP_HOST} !^(www\.)?mywebsite\.com$ RewriteRule /.* [R=404] And it is successfully restricting the access for any request having mis-configured HTTP HOST. But I am not sure weather this will work for all ec2 instances used by eb load balancer as currently my application is using a single instance. Can you tell put a light in this ? – r.bhardwaj Feb 12 '16 at 15:58
  • If you made that change manually by logging into the EC2 instance, then it won't be copied to any other beanstalk instances. You would need to add that Apache configuration to your beanstalk configuration. If you need help with that, ask it as another question. – Mark B Feb 12 '16 at 16:24
  • Thanks Mark, I think this link will ans the remaining part of my question http://stackoverflow.com/questions/21878024/configure-apache-on-elastic-beanstalk – r.bhardwaj Feb 12 '16 at 16:51