Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Django Invalid HTTP_HOST header on Apache - fix using Require?

Tags:

https

apache

django

amazon-web-services

A couple weeks ago, I had a wonderful time setting up an Apache and Django configuration to work while forcing SSL and operating behind an AWS load balancer.

Now that it is all working nicely, I'm still constantly receiving the common "Invalid HTTP_HOST header" error, and trying to figure out the right way to go about fixing it.

Searching has brought me to the following answer regarding the Apache configuration:

How to disable Django's invalid HTTP_HOST error?

Which recommends placing the following settings inside the <Directory></Directory> block in the VirtualHost file:

SetEnvIfNoCase Host .+ VALID_HOST
Order Deny,Allow
Deny from All
Allow from env=VALID_HOST}

This works, but according to Apache (https://httpd.apache.org/docs/2.4/howto/access.html) this method is deprecated.

I've read through the Apache docs but when I tried using the following code it just shut down access to the site and gave me a "Not Authorized" error. 

<RequireAll>
    Require host example.org
</RequireAll>

Not entirely sure what I'm missing. I know I can solve the problem using the first answer, just trying to figure out the "right" way using code that isn't deprecated. Site is using WSGIDaemonProcess to run the Django App and has the following set to force the SSL through AWS

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTP:X-Forwarded-For} !=""
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI}
like image 527
f71316 Avatar asked Sep 15 '16 14:09

f71316

2 Answers

So, after messing with this for a long time I figured out that the problem I was dealing with may have something to do with the hostname reverse DNS lookup failing, since the IP address was pointing to an AWS EC2 instance instead of my domain.

After finally giving up on getting it right I returned to the post on how to disable the log error, and tried using the env variable, which seems to be working.

Apparently the correct format for Require is:

<Directory /var/www/html/>
    SetEnvIfNoCase Host example\.com VALID_HOST
    Require env VALID_HOST
    Options
</Directory>

These guys had it right, just need to update it for the current "Require" directive.

How to disable Django's invalid HTTP_HOST error?

like image 144
f71316 Avatar answered Sep 17 '22 16:09

f71316

No need to use mod_setenvif as HTTP_HOST is already a variable and you can evaluate it directly.

<Directory /var/www/html/>
    Require expr %{HTTP_HOST} == "example.com"
    Options
</Directory>
like image 40
liquidki Avatar answered Sep 20 '22 16:09

liquidki
Sign in to Comment

Related questions

OSCAR_SEARCH_FACETS for filtering product lists
404 page not found using Django + react-router
null value in column "last_login" violates not-null constraint
'RelatedManager' object has no attribute 'pk' in DRF Serializer
Get image url from django form
Pystache without escaping (unescaped)
Django empty char ('') to null (NULL) inside a Coalesce statement
Django Rest Framework – Custom Hyperlink field in serializer
OAuth2: authenticate with email instead of username
The use of model field "verbose name"
Django percentage field
The context_instance argument of render_to_string is deprecated
How to add an url field to a serializer with Django Rest Framework
__init__ not being called for double inherited class
Renaming Django model field
Django model for a Postgres view
Django UnitTest - Setting session variable
updating user profile using django rest framework api
Django sorting by date(day)
Serializing a generic relation in django-rest-framework

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!