Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to set Django allowed_hosts?

Tags:

django

Just don’t understand, in Django documents and other articles, allowed_hosts is not recommended to be [‘*’] for security reasons. But a website should be open to the whole internet, what value should it be?

like image 623
Fenglin Wang Avatar asked Feb 03 '19 15:02

Fenglin Wang


2 Answers

But a website should be open to the whole internet

ALLOWED_HOSTS in Django settings does not mean which user will be allowed to access your site. It simple means on which address your site will be accessible. for example www.google.com is the address of google site. That does not mean who will be allowed to access the site (Its already public).

To allow/disallow a particular user to access your site is usually done with firewall or with a proxy server like nginx.

what value should it be?

It simply mentions the list of address from where your site can be accessed. like ALLOWED_HOSTS = ['your_site.com', 'IP_ADDRESS_OF_YOUR_SITE'] for more information visit docs

And for why ['*'] being dangerous and why ALLOWED_HOST was added to django please refer to this post.

like image 130
Ahtisham Avatar answered Sep 18 '22 16:09

Ahtisham


It should be set to your application domain. For example, if your domain is http://example.com then you need to set ALLOWED_HOSTS to:

ALLOWED_HOSTS = ['example.com']
like image 26
Thomas Myers Avatar answered Sep 20 '22 16:09

Thomas Myers