Django’s SuspiciousOperation Invalid HTTP_HOST header

by

If you’re using Nginx to forward requests to Django running on Gunicorn/Apache/uWSGI, you can use the following to block bad requests. Thanks to @PaulM for the suggestion.

upstream app_server {
    server unix:/tmp/gunicorn_mydomain.example.sock fail_timeout=0;
}

server {

    ...

    ## Deny illegal Host headers
    if ($host !~* ^(mydomain.example|www.mydomain.example)$ ) {
        return 444;
    }

    location  / {
        proxy_pass               http://app_server;
        ...
    }

}

More Related Contents:

  1. (13: Permission denied) while connecting to upstream:[nginx]
  2. Django Cookies, how can I set them?
  3. Creating email templates with Django
  4. Django – after login, redirect user to his custom page –> mysite.com/username
  5. Django rest framework nested self-referential objects
  6. Django form field choices, adding an attribute
  7. Django REST Framework: adding additional field to ModelSerializer
  8. Use variable as dictionary key in Django template
  9. Create Custom Error Messages with Model Forms
  10. Django delete FileField
  11. Raise a validation error in a model’s save method in Django
  12. SocketException: OS Error: Connection refused, errno = 111 in flutter using django backend
  13. Why does django’s prefetch_related() only work with all() and not filter()?
  14. How to paginate Django with other get variables?
  15. Django Static files 404
  16. How can I get a favicon to show up in my django app?
  17. Getting ‘DatabaseOperations’ object has no attribute ‘geo_db_type’ error when doing a syncdb
  18. ImportError: Couldn’t import Django
  19. Access kwargs from a URL in a Django template
  20. Get err_connection_refused accessing django running on wsl2 from Windows but can curl from Windows terminal
  21. How to do a multi-step form in Django?
  22. Django admin DoesNotExist at /admin/
  23. How can I upload and download files with graphene-django?
  24. Django give Error 500 for all static files like CSS and Images, when DEBUG is False
  25. Setting default value for Foreign Key attribute
  26. Django REST Framework image upload
  27. Django on Google App Engine
  28. Django: dynamic database file
  29. User groups and permissions
  30. Get type of Django form widget from within template

Leave a Comment