如何禁用 Django 的无效 HTTP_HOST 错误? [英] How to disable Django's invalid HTTP_HOST error?
问题描述
自从我部署了一个运行 Django 1.7 alpha 的站点(从 Git 检出)后,我偶尔会收到标题如下的错误消息:
Ever since I deployed a site running Django 1.7 alpha (checked out from Git), I've been occasionally receiving error messages with titles like:
无效的 HTTP_HOST 标头:'xxx.xxx.com'"
"Invalid HTTP_HOST header: 'xxx.xxx.com'"
我意识到这是由于 Host: HTTP 标头被设置为未在 ALLOWED_HOSTS.但是,我无法控制某人使用伪造的主机名向服务器发送请求的时间和频率.因此,我不需要一堆错误电子邮件让我知道其他人正在尝试做一些可疑的事情.
I realize that this is due to the Host: HTTP header being set to a hostname not listed in ALLOWED_HOSTS. However, I have no control over when and how often someone sends a request to the server with a forged hostname. Therefore I do not need a bunch of error emails letting me know that someone else is attempting to do something fishy.
有什么办法可以禁用此错误消息吗?项目的日志设置如下所示:
Is there any way to disable this error message? The logging settings for the project look like this:
LOGGING = {
'version': 1,
'disable_existing_loggers': False,
'filters': {
'require_debug_false': {
'()': 'django.utils.log.RequireDebugFalse'
}
},
'handlers': {
'mail_admins': {
'level': 'ERROR',
'filters': ['require_debug_false'],
'class': 'django.utils.log.AdminEmailHandler'
}
},
'loggers': {
'django.request': {
'handlers': ['mail_admins'],
'level': 'ERROR',
'propagate': True,
},
}
}
推荐答案
您不应该忽略此错误.相反,您应该在请求到达您的 Django 后端之前拒绝该请求.要拒绝没有 HOST 设置的请求,您可以使用
You shouldn't be ignoring this error. Instead you should be denying the request before it reaches your Django backend. To deny requests with no HOST set you can use
SetEnvIfNoCase Host .+ VALID_HOST
Order Deny,Allow
Deny from All
Allow from env=VALID_HOST
或强制匹配特定域(example.com)
or force the match to a particular domain (example.com)
SetEnvIfNoCase Host example.com VALID_HOST
Order Deny,Allow
Deny from All
Allow from env=VALID_HOST
这篇关于如何禁用 Django 的无效 HTTP_HOST 错误?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
