How to silence "Invalid HTTP_HOST header" error?

I know that this too late to answer this question , however I put this answer which may be useful for newcommers.

First, We should know why nginx pass the requests to my app while I set a different host name for it.

That is because nginx tries to match the requested host to the nearest defined server block, if there is no match, it will fallback to the default, if there is no default server ( my case ) it will use the first defined VPS ( strange behaviour but thus is the fact )

By knowing this, We solve the half of the problem by adding such block as follow:

server {
        listen 80 default_server; 
        return 444;
}

This block will catch all requests that dosen’t match the defined VPS.
We can improve it more by listening to 443 port also and return 444 response.

Be careful as NGINX includes a default server block in /etc/nginx/sites-available/default. Delete this file (or comment out the default server block) first and, as always, test with sudo nginx -t. If more than one default_server definition exists, nginx will fail to start with a duplicate server error.

The seond half of the puzzle is to add a line similar to this line in each server block:

 server {

     ...

      ## Deny illegal Host headers
      if ($host !~* 
           ^(yourdomain.com|www.yourdomain.com)$ ) 
            {
              return 444;
             }
   }

This will catch the sneaky requests when someone manually make request to your server & set header “host” value to another host.

This is done simply by httpie like:

 http  yourdomain.com host:another_domain.com

Or by cUrl like:

 curl --header "host: another_domain.com" -v yourdomain.com

You can reproduce the error by making requests like this to your server & compare the difference.

N.B: I don’t know what is the vulnerability they are trying to introduce by setting the host header, but the solution is mentioned above.

Finally, I don’t think that silencing the error is a good choice.

Thus answe was collected from several answers in the stackoverflow, django documentation, aws:repost & some blog articles.

Hi, can you, please, share how did you finally resolved that issue with Invalid HTTP_HOST header?
I have tried all recommendations from forums and nothing works.
Thanks

# shared/logging/filters.py
from django.core.exceptions import DisallowedHost

class IgnoreDisallowedHostFilter(logging.Filter):
    def filter(self, record):
        if record.exc_info:
            _, exc_value, _ = record.exc_info
            if isinstance(exc_value, DisallowedHost):
                return False
        return 'Invalid HTTP_HOST header' not in record.getMessage()

and in your settings;

LOGGING = {
    # ... all your other stuff,
    'filters' : {
         # ... all your other stuff,
        'ignore_disallowed_host': {
            '()': 'shared.logging.filters.IgnoreDisallowedHostFilter',
        },
    },
    # ... all your other stuff,
    'handlers': {
        'django.server': {
            # add or append this filter
            'filters': ['ignore_disallowed_host'],
            # rest of your values
        }
    }
}

also i have this (but just noticed that still appears)

'loggers': {
    'django.security.DisallowedHost': {
        'handlers': ['null'],
        'propagate': False,
    },
   # ... all your other stuff,
}