Invalid HTTP_HOST Header

Using Django
1

Hi,
I have installed and configured weblate which is based on django. It’s configured for https only and using a letsencrypt certificate. Random attacks on the site using the IP adress as the host header are generating emails. I don’t want these emails so would like to configure so this particular exception is ignored.

The full message can be found here: https://gist.github.com/rofr/8838ce11126f987bc2de4cbcc501c4ba

I set the log level to CRITIICAL for the mail_admins logger, (see line 334) but that didn’t seem to help. Maybe I could get apache2 to deny the request based on the header so the request never reaches django, checking that out now… But if that doesn’t work how would I filter these warnings in the django config?

Regards,
Robert Friberg

2

The Django logging documentation suggests the following in your LOGGING config:

'loggers': {
    'django.security.DisallowedHost': {
        'handlers': ['null'],
        'propagate': False,
    },
},
3

Thanks, I tried that but then django failed to start. Why pass the string ‘null’? That seems very odd. But it is official documentation so what do I know. Trying with an empty handlers array now and at least I can start the app.

4

Ah, stupid of me. Just read the doc section again and there is a handler named ‘null’ defined a few lines above…

'handlers': {
    'null': {
        'class': 'logging.NullHandler',
    },
},
'loggers': {
    'django.security.DisallowedHost': {
        'handlers': ['null'],
        'propagate': False,
    },
},