Django and Invalid HTTP_HOST headers with nginx

Django has had a setting for allowed hostnames for a while [1], but starting with the 1.5 release it was required [2] to set it.

I'm not sure why I only started getting Invalid HTTP_HOST header emails after my upgrade to 1.6, but anyway, they started pouring in. It's a litte confusing why anybody would try to access one of my sites with a fake hostname, but fixing this is easy enough.

The example below uses nginx' catch-all server name feature [3].

Raw 
server {
    listen 80 default_server;
    server_name _;
    rewrite ^/(.*) http://example.com/$1 permanent;
}

0 comments

Reply

Cancel reply
Markdown. Syntax highlighting with <code lang="php"><?php echo "Hello, world!"; ?></code> etc.
Latest updates
  1. Using dnsmasq to isolate DNS queries
  2. Cannot resolve login.wifionice.de under Linux
  3. Script to get filename stats
  4. mosh can't connect despite open firewall
  5. The anti business license
  6. Bram Moolenaar has passed away
  7. pkg_resources InvalidVersion: Invalid version
  8. Command line split that understands quotes
  9. Clean out /lib/modules on Debian systems
  10. Get random file recursively with home assistant
DjangoPythonBitcoinTuxDebianHTML5 badgeSaltStackUpset confused bugMoneyHackerUpset confused bugX.OrggitFirefoxWindowMakerBashIs it worth the time?i3 window managerWagtailContainerIrssiNginxSilenceUse a maskWorldInternet securityPianoFontGnuPGThunderbirdJenkinshome-assistant-logo
Latest comments
  1. I met Bram only a few times but used his software for over 30 years. …
  2. Like the title of the post says, this is about private keys, not public ones.
  3. Well, for one you are not importing your public key. You are exporting your secret …
  4. Works for me
  5. I like this idea but could it cause any problems?