Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to disable Django's invalid HTTP_HOST error?

Ever since I deployed a site running Django 1.7 alpha (checked out from Git), I've been occasionally receiving error messages with titles like:

"Invalid HTTP_HOST header: 'xxx.xxx.com'"

I realize that this is due to the Host: HTTP header being set to a hostname not listed in ALLOWED_HOSTS. However, I have no control over when and how often someone sends a request to the server with a forged hostname. Therefore I do not need a bunch of error emails letting me know that someone else is attempting to do something fishy.

Is there any way to disable this error message? The logging settings for the project look like this:

LOGGING = {     'version': 1,     'disable_existing_loggers': False,     'filters': {         'require_debug_false': {             '()': 'django.utils.log.RequireDebugFalse'         }     },     'handlers': {         'mail_admins': {             'level': 'ERROR',             'filters': ['require_debug_false'],             'class': 'django.utils.log.AdminEmailHandler'         }     },     'loggers': {         'django.request': {             'handlers': ['mail_admins'],             'level': 'ERROR',             'propagate': True,         },     } } 
like image 894
Nathan Osman Avatar asked Aug 13 '13 22:08

Nathan Osman


1 Answers

You shouldn't be ignoring this error. Instead you should be denying the request before it reaches your Django backend. To deny requests with no HOST set you can use

SetEnvIfNoCase Host .+ VALID_HOST Order Deny,Allow Deny from All Allow from env=VALID_HOST 

or force the match to a particular domain (example.com)

SetEnvIfNoCase Host example\.com VALID_HOST Order Deny,Allow Deny from All Allow from env=VALID_HOST 
like image 73
Mark Lavin Avatar answered Sep 22 '22 06:09

Mark Lavin