Django Invalid HTTP_HOST header
May 27, 2015
After upgrading to Django 1.7, I was getting error emails similar to the following:
Invalid HTTP_HOST header: 'XXX.XXX.XXX.XXX'. You may need to add u'XXX.XXX.XXX.XXX' to ALLOWED_HOSTS.
Request repr():
<WSGIRequest
path:/login.action,
GET:<QueryDict: {}>,
POST:<QueryDict: {u'redirect:${#res=#context.get(\'com.opensymphony.xwork2.dispatcher.HttpServletResponse\'),#res.setCharacterEncoding("UTF-8"),#req=#context.get(\'com.opensymphony.xwork2.dispatcher.HttpServletRequest\'),#res.getWriter().print("dir:"),#res.getWriter().println(#req.getSession().getServletContext().getRealPath("/")),#res.getWriter().flush(),#res.getWriter().close()}': [u'']}>,
COOKIES:{},
META:{'CONTENT_LENGTH': '395',
'CONTENT_TYPE': 'application/x-www-form-urlencoded',
'HTTP_ACCEPT': '*/*',
'HTTP_CONNECTION': 'close',
'HTTP_HOST': 'XXX.XXX.XXX.XXX',
'HTTP_USER_AGENT': 'Mozilla/5.0',
'HTTP_X_FORWARDED_FOR': '61.160.247.65',
'HTTP_X_REAL_IP': '61.160.247.65',
'PATH_INFO': u'/login.action',
'QUERY_STRING': '',
'RAW_URI': '/login.action',
'REMOTE_ADDR': '127.0.0.1',
'REMOTE_PORT': '42629',
'REQUEST_METHOD': 'POST',
'SCRIPT_NAME': u'',
'SERVER_NAME': '127.0.0.1',
'SERVER_PORT': '8888',
'SERVER_PROTOCOL': 'HTTP/1.0',
'SERVER_SOFTWARE': 'gunicorn/X.X.X',
'gunicorn.socket': <socket._socketobject object at 0x3097050>,
'wsgi.errors': <gunicorn.http.wsgi.WSGIErrorsWrapper object at 0x3d14910>,
'wsgi.file_wrapper': <class 'gunicorn.http.wsgi.FileWrapper'>,
'wsgi.input': <gunicorn.http.body.Body object at 0x3d146d0>,
'wsgi.multiprocess': True,
'wsgi.multithread': False,
'wsgi.run_once': False,
'wsgi.url_scheme': 'http',
'wsgi.version': (1, 0)}>
These look like spiders looking for security problems.
I fixed this by adding configuration to nginx to return a HTTP 444 if the request didn't come from the correct domain:
if ($host !~* ^(host.co.uk|host.com)$ ) {
return 444;
}
