Just don’t understand, in Django documents and other articles, allowed_hosts is not recommended to be [‘*’] for security reasons. But a website should be open to the whole internet, what value should it be?
But a website should be open to the whole internet
ALLOWED_HOSTS
in Django settings does not mean which user will be allowed to access your site. It simple means on which address your site will be accessible. for example www.google.com
is the address of google site. That does not mean who will be allowed to access the site (Its already public).
To allow/disallow a particular user to access your site is usually done with firewall or with a proxy server like nginx
.
what value should it be?
It simply mentions the list of address from where your site can be accessed. like ALLOWED_HOSTS = ['your_site.com', 'IP_ADDRESS_OF_YOUR_SITE']
for more information visit docs
And for why ['*']
being dangerous and why ALLOWED_HOST
was added to django please refer to this post.
It should be set to your application domain. For example, if your domain is http://example.com then you need to set ALLOWED_HOSTS to:
ALLOWED_HOSTS = ['example.com']
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With