Hi Cliff, just as a side note, the fact that you get those error in your inbox is also a sign of a missconfiguration of your webserver. The Django error is so to say a last resort, on a properly configured system those requests would never reach Django at all.
Regards, Florian On Thursday, February 13, 2014 6:27:37 PM UTC+1, J. Clifford Dyer wrote: > > Django devs, > > I've noticed that the new ALLOWED_HOSTS causes the site > to return HTTP-500 errors whenever a user submits a request with an > HTTP_HOST header that is not allowed. This is flooding my developers' > inboxes with spurious error messages. The site is refusing the > requests as expected, but it is doing so with a *server* error, when in > fact the error is a problem with what the *clients* are doing. I'd > like to start a discussion here before I create a bug report, but I > believe this should instead be returning a 403 Forbidden response > (based on my reading of http://httpstatus.es/403), or at least > something in the 4xx (Client Error) range. This might be appropriate > for other SuspiciousOperation exceptions as well, though it's probably > worth discussing just how they are each handled. > > In short, I think 500 makes it look like there's something wrong > with the server, when in fact the response is being blocked because the > server is doing the right thing. If there's some consensus that this > would be a helpful enhancement, I'll write up a bug report and see if I > can create a patch to accompany it. Otherwise, I'll try to fix it for > my own use in a custom middleware. > > Cheers, > Cliff > -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/8138a01c-fad4-44f1-b98c-0a2ca671c264%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
