Reputation: 79
Invalid HTTP_HOST header: 'awssgp0-files.fds.api.xiaomi.com' request header attack
I am getting this request (more than 2000 per day) from different countries.
Invalid HTTP_HOST header: ‘awssgp0-files.fds.api.xiaomi.com’. You may need to add u'awssgp0-files.fds.api.xiaomi.com' to ALLOWED_HOSTS.
Report at /yimotiondetection/2018/10/23/168333/DJVLPPMM81DCHLPN111A_1540282131_0.jpg Invalid HTTP_HOST header: ‘awssgp0-files.fds.api.xiaomi.com’. You may need to add u'awssgp0-files.fds.api.xiaomi.com' to ALLOWED_HOSTS.
Request Method: PUT Request URL: http://awssgp0-files.fds.api.xiaomi.com/yimotiondetection/2018/10/23/168333/DJVLPPMM81DCHLPN111A_1540282131_0.jpg?GalaxyAccessKeyId=5661733440758&Expires=1540283933264&Signature=z9QvtfFxrlvtKiMiNiRGmMj2u/0= "
I am using elasticbeanstalk .
How to block these requests?
Upvotes: 0
Views: 276
Answers (1)
Reputation: 253
For HTTP_HOST header attacks By adding allowed host in settings.py file will solve this issue.
ALLOWED_HOSTS = ['your ip address here']
example
ALLOWED_HOSTS = ['198.211.99.20', 'localhost']
Note: Don't make '*' to ALLOWED_HOSTS IF IT'S IN PRODUCTION.
For more reference Read Django website about ALLOWED_HOSTS https://docs.djangoproject.com/en/1.10/ref/settings/#allowed-hosts
Upvotes: 0
Related Questions
- Django; 44 connect() failed (111: Connection refused) while connecting to upstream on AWS Elastic Bean
- Django's SuspiciousOperation Invalid HTTP_HOST header
- Block invalid HTTP_HOST headers in Apache in AWS ElasticBeanstalk
- Django Invalid HTTP_HOST header on Apache - fix using Require?
- AWS, Django, Apache, ALLOWED_HOSTS not working 400 Bad Request
- Django 403 Forbidden on AWS Elastic Beanstalk
- Django in Elastic BeanStalk getting too many Invalid HTTP_HOST header errors
- The request signature we calculated does not match the signature you provided - AWS
- Custom headers missing in requests to Django
- Django - Hacking attempt, [Django] ERROR: Invalid HTTP_HOST header