Block Invalid Http Hosts With Haproxy And Django
06 Jul 2016
In Django >= 1.5, an error is logged every time a request comes in where
the HTTP host header isn’t present in your
ALLOWED_HOSTS setting. You’ll
see error messages (and probably emails) with stuff like:
Invalid HTTP_HOST header: ‘www.baidu.com’. You may need to add u'www.baidu.com' to ALLOWED_HOSTS.
Search engine crawlers and vulnerability scanners often set this header, so
these error messages get annoying fast. As described
one good way of dealing with this problem is to kill these requests before
they even hit your Django app. There’s an example of how to do this with
If you’re using
haproxy you can achieve a similar result with an acl and
frontend whatever mode http ... acl is_example_com hdr_end(host) -i example.com use_backend bogus if !is_example_com backend bogus errorfile 400 /etc/haproxy/errors/400.http
blog comments powered by Disqus
- GitHub Profile
- Stack Overflow Careers Profile
- Stack Overflow Profile
- G+ Profile
- PGP Public Key
- Rafty -- Ripper and Friggin Transcoder, Y'all
- Make Readme Markdown
- Diffview Mode
- Indent Hints Mode
- Track That Thing
- Co-Founder & CEO of Directangular, LLC.
- Previously: Linux Kernel development for QuIC. Some of my work (a little stale) is available on the Code Aurora Forum, here, here, here, and here.
- My nerd hobby: Creating and contributing to a variety of Open Source projects. See my GitHub profile.