Reputation: 239790
Django errors about HTTP_HOST from domain an extra dot after it
I'm all over the ALLOWED_HOSTS setting in Django. It has been set on all my production sites for a while now but one site in particular has been throwing out weird debug emails. The site works fine (for me) but about once a week I'll get an email along the lines of:
SuspiciousOperation: Invalid HTTP_HOST header
(you may need to set ALLOWED_HOSTS): thepcspy.com.
<WSGIRequest
path:/,
GET:<QueryDict: {}>,
POST:<QueryDict: {}>,
COOKIES:{},
META:{...
'HTTP_HOST': 'thepcspy.com.',
'SERVER_NAME': 'thepcspy.com',
...
Notice the full stop after the domain in the error and in HTTP_HOST. As far as I can see in my nginx config, there isn't anything that could add an extra dot after the name on HTTP_HOST (note that SERVER_NAME is correct). What on earth is going on here?
Should I just write this off as somebody intentionally trying to break my server?
Upvotes: 1
Views: 206
Answers (1)
Reputation: 25154
The final dot makes it a fully qualified domain name (FQDN). This issue is noted precisely in the Django docs on the ALLOWED_HOSTS setting: https://docs.djangoproject.com/en/stable/ref/settings/#allowed-hosts
If you want to also allow the fully qualified domain name (FQDN), which some browsers can send in the Host header, you must explicitly add another ALLOWED_HOSTS entry that includes a trailing period.
Upvotes: 3
Related Questions
- How to fix Django error: DisallowedHost at / Invalid HTTP_HOST header: ... You may need to add ... to ALLOWED_HOSTS
- Django ERROR (EXTERNAL IP): Invalid HTTP_HOST header: '*.domain.com'
- Django DisallowedHost with the asterisk in the begining of domain
- Django Invalid http_host
- How to use django-hosts with Nginx
- nginx configuration: IP address showing instead of domain name
- Invalid HTTP_HOST header in Django 1.6.2
- HTTP_HOST error with Django
- Unexplainable invalid HTTP_HOST errors in django/nginx
- Why is Django sending me Invalid HTTP_HOST header with my server IP?