Invalid HTTP_HOST header

[brainstorm]

As neurostars.org admin, I'm regularly getting the following email notifications:

[Django] ERROR: Invalid HTTP_HOST header: 'www.daydaydata.com'.
You may need to add u'www.daydaydata.com' to ALLOWED_HOSTS.

No stack trace available

Request repr() unavailable.

We should filter those out as explained here, adding it to our deployment process on ansible-biostar:

http://stackoverflow.com/questions/18220519/how-to-disable-djangos-invalid-http-host-error

[ialbert]

this is a spammer trying to build up their hostname's reputation (google rank).

they made their domain name resolve to your IP, it used to work in the past but thankfull the new django versions will intercept and raise this error

the solution is to have the webserver serve a 404 for all domains other than the ones you wish to allow:

https://github.com/ialbert/biostar-central/blob/master/conf/server/biostar.nginx.conf

On Sun, Jun 22, 2014 at 7:25 AM, Roman Valls Guimerà < notifications@github.com> wrote:

As neurostars.org admin, I'm regularly getting the following email notifications:

[Django] ERROR: Invalid HTTP_HOST header: 'www.daydaydata.com'. You may need to add u'www.daydaydata.com' to ALLOWED_HOSTS.

No stack trace available

Request repr() unavailable.

We should filter those out as explained here, adding it to our deployment process on ansible-biostar:

http://stackoverflow.com/questions/18220519/how-to-disable-djangos-invalid-http-host-error

— Reply to this email directly or view it on GitHub https://github.com/INCF/biostar-central/issues/40.

Istvan Albert Associate Professor, Bioinformatics Pennsylvania State University http://www.personal.psu.edu/iua1/

[puntonim]

What Istvan recommends is clearly the best solution for a high-traffic deployment where a proper (reverse proxy) webserver like Nginx is installed. But so far Neurostars is deployed as a low-traffic website and only a pure python web server (waitress) is installed in a Docker container.

So we have 2 solutions:

• install Nginx in the host machine or in the webapp Docker container and use it as reverse proxy for tasks like this one (i.e. checking domain names) and maybe, in the future, serve static files;
• configure Django logging such that these specific messages are logged to file and not sent via email.

What do you think @brainstorm?

[brainstorm]

@nimiq, for now I would just go for option 2 since you have other prios for this week, unless you think you can get the nginx alternative up in less than, say 2h of work.