{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 迷人小祖宗 的问题《How to disable Django's invalid HTTP_HOST erro》','https://www.manongdao.com/q-1186929.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Ever since I deployed a site running Django 1.7 alpha (checked out from Git), I've been occasionally receiving error messages with titles like:
"Invalid HTTP_HOST header: 'xxx.xxx.com'"
I realize that this is due to the Host: HTTP header being set to a hostname not listed in ALLOWED_HOSTS. However, I have no control over when and how often someone sends a request to the server with a forged hostname. Therefore I do not need a bunch of error emails letting me know that someone else is attempting to do something fishy.
Is there any way to disable this error message? The logging settings for the project look like this:
LOGGING = {
'version': 1,
'disable_existing_loggers': False,
'filters': {
'require_debug_false': {
'()': 'django.utils.log.RequireDebugFalse'
}
},
'handlers': {
'mail_admins': {
'level': 'ERROR',
'filters': ['require_debug_false'],
'class': 'django.utils.log.AdminEmailHandler'
}
},
'loggers': {
'django.request': {
'handlers': ['mail_admins'],
'level': 'ERROR',
'propagate': True,
},
}
}
Another way to block requests with an invalid Host header before it reaches Django is to use a default Apache config with a
<VirtualHost>that does nothing but return a 404.If you define this as your first virtual host (e.g. in 000-default.conf) and then follow it with your 'real'
<VirtualHost>, complete with a<ServerName>and any <ServerAlias>entries that you want to match, Apache will return a 404 for any requests with aHostheader that does not match<ServerName>or one of your<ServerAlias>entries. The key it to make sure that the default, 404<VirtualHost>is defined first, either by filename ('000') or the first entry in your config file.I like this better than the popular solution above because it is very explicit and easy to extend.
I can't comment yet, but since Order Deny, Allow is deprecated, the way to do this in a virtual host with the current Require directive is:
You shouldn't be ignoring this error. Instead you should be denying the request before it reaches your Django backend. To deny requests with no
HOSTset you can useor force the match to a particular domain (example.com)
Using Apache 2.4, there's no need to use mod_setenvif. The HTTP_HOST is already a variable and can be evaluated directly: