如何禁用Django的无效HTTP_HOST错误? [英] How to disable Django's invalid HTTP_HOST error?

查看:182
本文介绍了如何禁用Django的无效HTTP_HOST错误?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

自从我部署了运行Django 1.7 alpha(从Git签出)的网站以来,我偶尔会收到以下标题的错误消息:


HTTP_HOST标头无效:'xxx.xxx.com'


我意识到这是由于主机: HTTP标头设置为未列在 ALLOWED_HOSTS 。但是,我无法控制某人向具有伪造主机名的服务器发送请求的时间和频率。因此,我不需要一堆错误的电子邮件让我知道别人正在尝试做一些有趣的事情。



有没有办法禁用此错误消息?项目的日志记录设置如下所示:

  LOGGING = {
'version':1,
'disable_existing_loggers':False,
'filters':{
'require_debug_false':{
'()':'django.utils.log.RequireDebugFalse'
} 
 $,
'handlers':{
'mail_admins':{
'level':'ERROR',
'filters':['require_debug_false'],
'class':'django.utils.log.AdminEmailHandler'
} 
},
'loggers':{
'django.request':{
 'handlers':['mail_admins'],
'level':'ERROR',
'propagate':True,
},
} 
}


解决方案

您不应该忽略此错误。相反,您应该在达到Django后端之前拒绝该请求。要拒绝没有 HOST 设置的请求,您可以使用

  SetEnvIfNoCase主机。 + VALID_HOST 
订单拒绝,允许
从全部
拒绝env = VALID_HOST

或强制匹配到特定域(example.com)

  SetEnvIfNoCase Host example\.com VALID_HOST 
订单拒绝,允许
从全部
拒绝env = VALID_HOST


Ever since I deployed a site running Django 1.7 alpha (checked out from Git), I've been occasionally receiving error messages with titles like:

"Invalid HTTP_HOST header: 'xxx.xxx.com'"

I realize that this is due to the Host: HTTP header being set to a hostname not listed in ALLOWED_HOSTS. However, I have no control over when and how often someone sends a request to the server with a forged hostname. Therefore I do not need a bunch of error emails letting me know that someone else is attempting to do something fishy.

Is there any way to disable this error message? The logging settings for the project look like this:

LOGGING = {
    'version': 1,
    'disable_existing_loggers': False,
    'filters': {
        'require_debug_false': {
            '()': 'django.utils.log.RequireDebugFalse'
        }
    },
    'handlers': {
        'mail_admins': {
            'level': 'ERROR',
            'filters': ['require_debug_false'],
            'class': 'django.utils.log.AdminEmailHandler'
        }
    },
    'loggers': {
        'django.request': {
            'handlers': ['mail_admins'],
            'level': 'ERROR',
            'propagate': True,
        },
    }
}

解决方案

You shouldn't be ignoring this error. Instead you should be denying the request before it reaches your Django backend. To deny requests with no HOST set you can use

SetEnvIfNoCase Host .+ VALID_HOST
Order Deny,Allow
Deny from All
Allow from env=VALID_HOST

or force the match to a particular domain (example.com)

SetEnvIfNoCase Host example\.com VALID_HOST
Order Deny,Allow
Deny from All
Allow from env=VALID_HOST

这篇关于如何禁用Django的无效HTTP_HOST错误?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆