Django 1.6.2中的HTTP_HOST标头无效 [英] Invalid HTTP_HOST header in Django 1.6.2

问题描述

[Django]错误：HTTP_HOST标题无效： 'www.bing.com'你可能需要
来添加你的'www.bing.com'到ALLOWED_HOSTS

它来自已知网站（例如 bing.com，google.com ）以及非常随机的网站（ www2t.biglobe.ne.jp，代理.me5b.ru ）。

电子邮件中的消息是：

没有堆栈跟踪可用

请求repr（）不可用。

我已经在其他SO问题上阅读了有关其他问题，例如这个和此
和一个很好的博客帖子，如这个。

但是他们似乎都表示这个问题应该在Django 1.6中解决了。但是，我正在运行Django 1.6.2，但仍然看到这个错误。
我正在使用Apache WSGI，应用程序托管在AWS Elasticbeanstalk上。

我可以抑制这些警报消息，但是我应该期待他们在第一个

解决方案

问题不在django或django应用程序中，它在用户端。

您的django应用程序配置为仅在example.com上执行请求（ ALLOWED_HOSTS ），然后，如果任何其他域指向相同的ip，任何用户请求，然后django将引发该异常。

显然，bing.con没有指向你的IP地址（除非你是微软的员工，你正在迁移到django：-O）。

我有一些假设：

• 用户或机器人在您的网站上进行一些未经授权的测试。


• 私有DNS服务器拥有由ISP，公司或家庭的DNS被黑客入侵或被miscunfigured错误输入


• 恶意软件在用户操作系统的hosts文件中添加了一些条目，指向您的ip。或者bing.com指向您的网站的任何其他原因

不要注意这个错误（我忽略了我的网站），因为django正确思考：

我没有配置为服务这个域名，对不起，我不会向你提供任何内容。

I am receiving a lot of Invalid HTTP_HOST header messages from my Django web application-

[Django] ERROR: Invalid HTTP_HOST header: 'www.bing.com'.You may need to add u'www.bing.com' to ALLOWED_HOSTS

It comes from known websites (like bing.com, google.com) as well as very random websites (www2t.biglobe.ne.jp, proxy.me5b.ru).

The message in the emails is:

No stack trace available

Request repr() unavailable.

I have read other questions about this on other SO questions, like this and this and a nice blog post like this.

But they all seem to indicate that this problem should have been solved in Django 1.6. However, I am running Django 1.6.2 and am still seeing this error. I am using Apache WSGI and the application is hosted on AWS Elasticbeanstalk.

I can probably suppress these alert messages, but should I be expecting them in the first place?

解决方案

The problem isn't in django or the django application, Its in the user's side.

Your django application are configured to take requests on example.com only (ALLOWED_HOSTS), and then, if any other domain are pointing the same ip and any user requests that webithe then django will raise that exception.

Obviously bing.con isn't pointing to your IP address (unless you are a microsoft's employee and you are migrating bing to django :-O).

I have some hypotesis:

• An user or bot is doing some unauthorized tests on your website.
• A private DNS server owned by an ISP, company or home's DNS were hacked or miscunfigured and have wrong entries
• A malware has added some entries in the "hosts" file of the user's operating system pointing to your ip.
• Or any other reason why bing.com is pointing to your website

Don't pay attention at this error (I'm ignoring this on my websites) because django is thinking correctly:

I'm not configured to serve this domain, sorry, I'll not serve any content to you.

这篇关于Django 1.6.2中的HTTP_HOST标头无效的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！