Invalid HTTP_HOST header using Nginx and Django

Question

Invalid HTTP_HOST header using Nginx and Django

Navigation

#1 by (2 votes)

3

I have an application developed in Django 1.7, to serve the application I am using Nginx, Gunicorn and Ubuntu server 12.10. Django notifies me several times a day with the following log:

Invalid HTTP_HOST header: 'testp5.mielno.lubin.pl'. You may need to add u'testp5.mielno.lubin.pl' to ALLOWED_HOSTS.

Request repr(): 
<WSGIRequest
path:/testproxy.php,
GET:<QueryDict: {}>,
POST:<QueryDict: {}>,
COOKIES:{},
META:{'HTTP_ACCEPT': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'HTTP_ACCEPT_ENCODING': 'gzip, deflate',
'HTTP_ACCEPT_LANGUAGE': 'pl,en-US;q=0.7,en;q=0.3',
'HTTP_CONNECTION': 'close',
'HTTP_HOST': 'testp5.mielno.lubin.pl',
'HTTP_PROXY_CONNECTION': 'Keep-Alive',
'HTTP_USER_AGENT': 'Mozilla/5.0 (Windows NT 5.1; rv:32.0) Gecko/20100101 Firefox/31.0',
'HTTP_X_FORWARDED_FOR': '94.185.83.100',
'PATH_INFO': u'/testproxy.php',
'QUERY_STRING': '',
'RAW_URI': '/testproxy.php',
'REMOTE_ADDR': '',
'REQUEST_METHOD': 'GET',
'SCRIPT_NAME': u'',
'SERVER_NAME': 'testp5.mielno.lubin.pl',
'SERVER_PORT': '80',
'SERVER_PROTOCOL': 'HTTP/1.0',
'SERVER_SOFTWARE': 'gunicorn/19.3.0',
'gunicorn.socket': <socket._socketobject object at 0x7f5a995783d0>,
'wsgi.errors': <gunicorn.http.wsgi.WSGIErrorsWrapper object at 0x7f5a98a6ee50>,
'wsgi.file_wrapper': <class 'gunicorn.http.wsgi.FileWrapper'>,
'wsgi.input': <gunicorn.http.body.Body object at 0x7f5a98a6e7d0>,
'wsgi.multiprocess': False,
'wsgi.multithread': False,
'wsgi.run_once': False,
'wsgi.url_scheme': 'http',
'wsgi.version': (1, 0)}>

In the ALLOWED_HOSTS of my application, I only have the IP of the site (it does not have a domain yet).

This is the Nginx configuration file:

upstream app_server {
  server unix:/path/to/gunicorn.sock fail_timeout=0;
}

server {

    listen   80;
    server_name xxx.xxx.xxx.xxx; # IP

    client_max_body_size 4G;

    access_log /path/to/nginx-access.log;
    error_log /path/to/nginx-error.log;

    location /static/ {
        alias   /path/to/collect_static/;
    }

    location /media/ {
        alias   /path/to/media/;
    }

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_set_header Host $http_host;

        proxy_redirect off;

        if (!-f $request_filename) {
            proxy_pass http://app_server;
            break;
        }
    }

    # Error pages
    error_page 500 502 503 504 /500.html;
    location = /500.html {
        root /path/to/templates/;
    }
}

The requests that produce this error are from different IP. Any advice to avoid this error?

python django nginx

asked by Marcelo 23.01.2016 в 20:06

source

1 answer

Force language to test Android applications When sorting an array removes data

score 2 · Accepted Answer

It is not an error, it is a security warning or a SuspiciousOperation (suspicious operation) as Django calls it.

It is possible to silence these warnings using the method suggested by Django in the documentation related to django- security Modify your logger in the settings.py using the following:

'handlers': {
    # Tus otros handlers
    'null': {
        'class': 'logging.NullHandler',
    },
},
'loggers': {
    # Tus otros loggers
    'django.security.DisallowedHost': {
        'handlers': ['null'],
        'propagate': False,
    },
},

In this post recommend a configuration in Nginx to deny illegal hosts (I have not tried it):

upstream app_server {
    server unix:/tmp/gunicorn_mydomain.com.sock fail_timeout=0;
}

server {

    ...

    ## Deny illegal Host headers
    if ($host !~* ^(mydomain.com|www.mydomain.com)$ ) {
        return 444;
    }
}