django.security.DisallowedHost odd values throwing exception

Question

I have a droplet running on Digital Ocean. I am using gunicorn and nginx with Django 1.10.

The web application has been running fine, but I have captured some DisallowedHost exceptions in my logs.

My ALLOWED_HOSTS is:

'11.11.11.11,.mydomainname.com'

The values are the droplet IP address and my public domain name respectively.

In the last few days I have seen the following in my log:

Invalid HTTP_HOST header: '1389508397'. You may need to add '1389508397' to ALLOWED_HOSTS.

Invalid HTTP_HOST header: 'www.google.com'. You may need to add 'www.google.com' to ALLOWED_HOSTS.

Invalid HTTP_HOST header: 'xxnet-403.appspot.com'. You may need to add 'xxnet-403.appspot.com' to ALLOWED_HOSTS.

Invalid HTTP_HOST header: '323.good-04y.appspot.com'. You may need to add '323.good-04y.appspot.com' to ALLOWED_HOSTS.

score 0 · Answer 1 · answered May 12 '17 at 13:59

0

Django checks Host header whenever you (or any app you are using) calls requests.get_host() (and you have DEBUG=False set).

When someone query your application with invalid Host header he will get bad requests (400) status code.

answered May 12 '17 at 13:59

Mateusz Moneta

1,500
1
10
7

So it is something that I can ignore? – Dan S. May 12 '17 at 14:47
1

Yes, you can ignore it, or see the answers to [this question](http://stackoverflow.com/questions/18220519/how-to-disable-djangos-invalid-http-host-error) how to disable the exception in either your Nginx or Django logging config. – Alasdair May 12 '17 at 15:03

django.security.DisallowedHost odd values throwing exception

1 Answers1