升级到Django 1.5后,我开始出现如下错误:Traceback (most recent call last):File "/usr/local/lib/python2.7/dist-packages/django/core/handlers/base.py", line 92, in get_responseresponse = middleware_method(request)File "/usr/local/lib/python2.7/dist-packages/django/middleware/common.py", line 57, in process_requesthost = request.get_host()File "/usr/local/lib/python2.7/dist-packages/django/http/request.py", line 72, in get_host"Invalid HTTP_HOST header (you may need to set ALLOWED_HOSTS): %s" % host)SuspiciousOperation: Invalid HTTP_HOST header (you may need to set ALLOWED_HOSTS): www.google.com<WSGIRequestpath:/,GET:<QueryDict: {}>,POST:<QueryDict: {}>,COOKIES:{},META:{'CONTENT_LENGTH': '','CONTENT_TYPE': '','DOCUMENT_ROOT': '/etc/nginx/html','HTTP_ACCEPT': 'text/html','HTTP_HOST': 'www.google.com','HTTP_PROXY_CONNECTION': 'close','HTTP_USER_AGENT': 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)','PATH_INFO': u'/','QUERY_STRING': '','REMOTE_ADDR': '210.245.91.104','REMOTE_PORT': '49347','REQUEST_METHOD': 'GET','REQUEST_URI': '/',u'SCRIPT_NAME': u'','SERVER_NAME': 'www.derekkwok.net','SERVER_PORT': '80','SERVER_PROTOCOL': 'HTTP/1.0','uwsgi.node': 'derekkwok','uwsgi.version': '1.4.4','wsgi.errors': <open file 'wsgi_errors', mode 'w' at 0xb6d99c28>,'wsgi.file_wrapper': <built-in function uwsgi_sendfile>,'wsgi.input': <uwsgi._Input object at 0x953e698>,'wsgi.multiprocess': True,'wsgi.multithread': False,'wsgi.run_once': False,'wsgi.url_scheme': 'http','wsgi.version': (1, 0)}>我已经ALLOWED_HOSTS = ['.derekkwok.net'] 在settings.py文件中进行了设置。这里发生了什么?有人假装成为Google并访问我的网站吗?还是有人错误地设置了HTTP_HOST标头的情况?
3 回答
小怪兽爱吃肉
TA贡献1852条经验 获得超1个赞
如果您ALLOWED_HOSTS的设置正确,则可能有人通过欺骗标头来探测您的站点是否存在漏洞。
Django开发人员正在讨论将其从500内部服务器错误更改为400响应。
- 3 回答
- 0 关注
- 712 浏览
添加回答
举报
0/150
提交
取消