I don't think that's wise to set allowed hosts to a host you don't want
your application to be accessed by. Django documentation shows you how
you can mute the errors -
https://docs.djangoproject.com/en/2.0/topics/logging/#django-security.
It's not technically an error of your application.
'handlers': {
'null': {
'class': 'logging.NullHandler',
},
},
'loggers': {
'django.security.DisallowedHost': {
'handlers': ['null'],
'propagate': False,
},
},
Maybe you could restrict host headers at the nginx layer, but I don't
think it's worth your effort... Maybe you should use some smarter
solution for receiving errors like Sentry where you only get notified
once about an error and you can mute them instead of relying on each
error occurrence triggering an email :P
Also you could integrate more into AWS and use their load balancing
service where you should be able to set routing based on host header.
On 01/07/18 13:48, Kasper Laudrup wrote:
Hi fellow Django users,
I have succesfully deployed a small Django site with uwsgi and Nginx
to a virtual server running in Amazons cloud (AWS).
I have also succesusfully set up email so I will get an email
everytime an error occurs. Quite useful.
Now, my problem is, that lately I have been receiving quite a lot of
emails since there seems to be some bots (or whatever) that tries to
access my website through its public IP, causing "Invalid HTTP_HOST
header" errors.
I could quite easily (and I have actually already written the code for
that) dynamically figure out my servers public IP and add that to the
ALLOWED_HOSTS setting in settings.py, but I'm not certain that is the
correct solution?
I would think it's an error to access my website through its IP (in
the HTTP Host header), but it's quite anoying to get emails everytime
some bot, crawler or whatever attempts to do that.
Anyone having faced this issue before? Would it be correct simply to
add the public IP to the list of allowed hosts, or is there a better
solution? I definitely still want to get emails when any other error
occurs.
Thanks a lot!
Kind regards,
Kasper Laudrup
--
You received this message because you are subscribed to the Google Groups "Django
users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/6be67efb-1ca8-cf7c-1389-be1ec5ea6aa6%40tmkn.org.
For more options, visit https://groups.google.com/d/optout.
