Apache上的Django无效的HTTP_HOST标头-使用Require修复? [英] Django Invalid HTTP_HOST header on Apache - fix using Require?
问题描述
几周前,我度过了一段美好的时光,设置了Apache和Django配置以在强制SSL并在AWS负载均衡器之后运行的同时工作.
A couple weeks ago, I had a wonderful time setting up an Apache and Django configuration to work while forcing SSL and operating behind an AWS load balancer.
现在一切正常,我仍然不断收到常见的无效的HTTP_HOST标头"错误,并试图找出正确的方法来进行修复.
Now that it is all working nicely, I'm still constantly receiving the common "Invalid HTTP_HOST header" error, and trying to figure out the right way to go about fixing it.
通过搜索,我得到了有关Apache配置的以下答案:
Searching has brought me to the following answer regarding the Apache configuration:
建议在VirtualHost文件的< Directory></Directory> 块中放置以下设置:
Which recommends placing the following settings inside the <Directory></Directory> block in the VirtualHost file:
SetEnvIfNoCase Host .+ VALID_HOST
Order Deny,Allow
Deny from All
Allow from env=VALID_HOST}
这有效,但是根据Apache( https://httpd.apache.org/docs/2.4/howto/access.html )不推荐使用此方法.
This works, but according to Apache (https://httpd.apache.org/docs/2.4/howto/access.html) this method is deprecated.
我已经阅读了Apache文档,但是当我尝试使用以下代码时,它只是关闭了对该网站的访问,并给了我一个未授权"错误.
I've read through the Apache docs but when I tried using the following code it just shut down access to the site and gave me a "Not Authorized" error.
<RequireAll>
Require host example.org
</RequireAll>
不完全确定我缺少什么.我知道我可以使用第一个答案来解决问题,只需尝试使用不推荐使用的代码来找出正确"的方法即可.网站正在使用WSGIDaemonProcess运行Django App,并进行了以下设置以强制通过AWS进行SSL
Not entirely sure what I'm missing. I know I can solve the problem using the first answer, just trying to figure out the "right" way using code that isn't deprecated. Site is using WSGIDaemonProcess to run the Django App and has the following set to force the SSL through AWS
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTP:X-Forwarded-For} !=""
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI}
推荐答案
因此,在解决了很长时间之后,我发现正在处理的问题可能与主机名反向DNS查找失败有关,因为IP地址指向的是AWS EC2实例而不是我的域.
So, after messing with this for a long time I figured out that the problem I was dealing with may have something to do with the hostname reverse DNS lookup failing, since the IP address was pointing to an AWS EC2 instance instead of my domain.
在最终放弃正确的方法之后,我回到了如何禁用日志错误的帖子,并尝试使用似乎有效的env变量.
After finally giving up on getting it right I returned to the post on how to disable the log error, and tried using the env variable, which seems to be working.
显然,Require的正确格式是:
Apparently the correct format for Require is:
<Directory /var/www/html/>
SetEnvIfNoCase Host example\.com VALID_HOST
Require env VALID_HOST
Options
</Directory>
这些家伙做对了,只需要为当前的"Require"指令更新它即可.
These guys had it right, just need to update it for the current "Require" directive.
这篇关于Apache上的Django无效的HTTP_HOST标头-使用Require修复?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
