Re: Does ticket 19866 apply to Django 1.4

Sat, 06 Dec 2014 10:06:49 -0800 

Hi Brian,

If you're behind nginx, you can filter the hostname there before it hits 
django. I usually add an empty server {} block at the beginning of my conf 
to act as the default and catch server host names that are not defined so 
they don't hit django.

Collin

On Friday, December 5, 2014 12:15:41 AM UTC-5, yakka...@gmail.com wrote:
>
> Does ticket 19866 <https://code.djangoproject.com/ticket/19866> apply to 
> Django 1.4? Reading through the notes, it seems it does but I'm still 
> getting a 500 error. If not, is there a way to keep Django from returning a 
> 500 error.  I've found other people filtering these out.  I don't want to 
> filter them out. 
>
>
>  I've got some hackers trying to exploit the wordpress /xmlrpc.php on my 
> Django site. Most of the time they are coming back 404 but there are times 
> I'm getting exceptions like:
>
> -------------------------------Traceback (most recent call last):
>
>   File 
> "/usr/local/python2p7/lib/python2.7/site-packages/django/core/handlers/base.py",
>  line 87, in get_response
>     response = middleware_method(request)
>
>   File 
> "/usr/local/python2p7/lib/python2.7/site-packages/django/middleware/common.py",
>  line 55, in process_request
>     host = request.get_host()
>
>   File 
> "*/usr/local/python2p7/lib/python2.7/site-packages/django/http/*__init__.py", 
> line 223, in get_host
>     "Invalid HTTP_HOST header (you may need to set ALLOWED_HOSTS): %s" % host)
>
> SuspiciousOperation: Invalid HTTP_HOST header (you may need to set 
> ALLOWED_HOSTS)<WSGIRequest
> path:/wp/xmlrpc.php,
> ...
>  'HTTP_USER_AGENT': 'LWP::Simple/6.00 libwww-perl/6.04',
>
> ...
>
>
>  'REQUEST_URI': '/wp/xmlrpc.php',
>
>
>  -------------------------------
>
>
>  Brian
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/f66401b5-5f94-4d5d-be77-88ac89eb8890%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to