Django and Invalid HTTP_HOST headers with nginx

Django has had a setting for allowed hostnames for a while [1], but
starting with the 1.5 release it was required [2] to set it.

I'm not sure why I only started getting Invalid HTTP_HOST header emails after
my upgrade to 1.6, but anyway, they started pouring in. It's a litte confusing
why anybody would try to access one of my sites with a fake hostname, but
fixing this is easy enough.

The example below uses nginx' catch-all server name feature [3].

[1]: https://docs.djangoproject.com/en/stable/ref/settings/#allowed-hosts
[2]: https://docs.djangoproject.com/en/dev/releases/1.5/#allowed-hosts-required-in-production
[3]: http://nginx.org/en/docs/http/server_names.html#miscellaneous_names

server {
    listen 80 default_server;
    server_name _;
    rewrite ^/(.*) http://example.com/$1 permanent;
}
Published on Feb. 10, 2014 at 9:13 a.m. by Nicolas . You can follow the discussion with the comment feed for this post. Feeling generous? Donate!

0 comments

Start a new thread

Cancel reply
Markdown. Syntax highlighting with <code lang="php"><?php echo "Hello, world!"; ?></code> etc.