search

akvo / akvo-provisioning

Server and development environment provisioning data and configurations
9 stars 2 forks source link

Remove '*' as possibility in the HTTP_HOST header #268

Closed KasperBrandt closed 8 years ago

KasperBrandt commented 8 years ago

We have another one (after the _ comes the *), see:

Invalid HTTP_HOST header: '*.akvoapp.org'. The domain name provided is not valid according to RFC 1034/1035.

Request repr(): 
<WSGIRequest
path:/,
GET:<QueryDict: {}>,
POST:<QueryDict: {}>,
COOKIES:{},
META:{'HTTP_ACCEPT': '*/*',
'HTTP_CONNECTION': 'close',
'HTTP_HOST': '*.akvoapp.org',
'HTTP_USER_AGENT': 'masscan/1.0 (https://github.com/robertdavidgraham/masscan)',
'HTTP_X_FORWARDED_FOR': '77.125.0.210',
'HTTP_X_REAL_IP': '77.125.0.210',
'PATH_INFO': u'/',
'QUERY_STRING': '',
'RAW_URI': '/',
'REMOTE_ADDR': '77.125.0.210',
'REMOTE_PORT': '80',
'REQUEST_METHOD': 'GET',
'SCRIPT_NAME': u'',
'SERVER_NAME': '*.akvoapp.org',
'SERVER_PORT': '80',
'SERVER_PROTOCOL': 'HTTP/1.0',
'SERVER_SOFTWARE': 'gunicorn/18.0',
'gunicorn.socket': <socket._socketobject object at 0x5ac2360>,
'wsgi.errors': <open file '<stderr>', mode 'w' at 0x7f0432184270>,
'wsgi.file_wrapper': <class gunicorn.http.wsgi.FileWrapper at 0x7f042f2b5d50>,
'wsgi.input': <gunicorn.http.body.Body object at 0x4cc7c50>,
'wsgi.multiprocess': True,
'wsgi.multithread': False,
'wsgi.run_once': False,
'wsgi.url_scheme': 'http',
'wsgi.version': (1, 0)}>
orifito commented 8 years ago

All RSR partner domains are a CNAME of rsr.akvo.org, so it's safe to remove those virtual hosts