3

I am getting emails every day from bots hitting my server with the wrong http_header. I followed the steps here: Django ERROR: Invalid HTTP_HOST header: u'/run/myprojectname/gunicorn.sock:'

And I thought that would solve it. The problem is now that if you try to go to https://35.***.***.***/ I can still get it to trigger an Invalid HTTP_HOST email to myself.

I tried solving this by adding listen 443 default_server;:

server {
    listen 443 default_server;
    listen 80 default_server;
    return 444;
}

But now legit traffic to my site is also blocked. Here's my full config. Any help is much appreciated.

server {
    # default server
    listen 80 default_server;
    return 444;
}

server {
    listen 80;
    server_name mysite.com www.mysite.com;

    root /home/ubuntu/web/troopers/;

    location /static/ {
        # if asset versioning is used
        if ($query_string) {
            expires max;
        }
    }

    access_log /home/ubuntu/web/logs/troopersAccess.log;
    error_log  /home/ubuntu/web/logs/troopersError.log;

    location / {
        uwsgi_pass   unix:///home/ubuntu/web/troopersuwsgi.sock;
        include      uwsgi_params;
    }

    # what to serve if upstream is not available or crashes
    error_page 400 /400.html;
    error_page 403 /403.html;
    error_page 404 /404.html;
    error_page 500 502 503 504 /500.html;

    # Compression
    gzip on;
    gzip_http_version 1.0;
    gzip_comp_level 5;
    gzip_proxied any;
    gzip_min_length  1100;
    gzip_buffers 16 8k;
    gzip_types text/plain text/html text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
    # Some version of IE 6 don't handle compression well on some mime-types,
    # so just disable for them
    gzip_disable "MSIE [1-6].(?!.*SV1)";
    # Set a vary header so downstream proxies don't send cached gzipped
    # content to IE6
    gzip_vary on;

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/mysite.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/mysite.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    if ($scheme != "https") {
        return 301 https://$host$request_uri;
    } # managed by Certbot
}
Chase Roberts
  • 9,082
  • 13
  • 73
  • 131
  • maybe you should try to alter the Django log settings to avoid sending emails for that particular error? – regilero Feb 05 '18 at 08:43
  • 1
    That's my backup plan. But from what I have read the correct way to handle this situation is to shut down the request before it get's to django. – Chase Roberts Feb 05 '18 at 17:44
  • maybe this can help you https://snakeycode.wordpress.com/2015/05/31/django-error-invalid-http_host-header/ – Tobit Aug 08 '19 at 08:01
  • Possible duplicate of [Django ERROR: Invalid HTTP\_HOST header: u'/run/myprojectname/gunicorn.sock:'](https://stackoverflow.com/questions/25370868/django-error-invalid-http-host-header-u-run-myprojectname-gunicorn-sock) – Tobit Aug 08 '19 at 08:02

0 Answers0