1

我是 Django 的新手,并且不断收到通过电子邮件发送给我的相同错误。这是关于允许的主机(使用 Django 1.5)。为什么它认为谷歌可疑?我应该允许谷歌,它会阻止我的网站被索引吗?

Traceback (most recent call last):

  File "/usr/local/lib/python2.7/dist-packages/django/core/handlers/base.py", line 92, in get_response
    response = middleware_method(request)

  File "/usr/local/lib/python2.7/dist-packages/newrelic-1.11.0.55/newrelic/api/object_wrapper.py", line 216, in __call__
    self._nr_instance, args, kwargs)

  File "/usr/local/lib/python2.7/dist-packages/newrelic-1.11.0.55/newrelic/hooks/framework_django.py", line 204, in wrapper
    return wrapped(*args, **kwargs)

  File "/usr/local/lib/python2.7/dist-packages/django/middleware/common.py", line 57, in process_request
    host = request.get_host()

  File "/usr/local/lib/python2.7/dist-packages/django/http/request.py", line 72, in get_host
    "Invalid HTTP_HOST header (you may need to set ALLOWED_HOSTS): %s" % host)

SuspiciousOperation: Invalid HTTP_HOST header (you may need to set ALLOWED_HOSTS): www.google.com


<WSGIRequest
path:/,
GET:<QueryDict: {}>,
POST:<QueryDict: {}>,
COOKIES:{},
META:{'DOCUMENT_ROOT': '/srv/project/sms',
'GATEWAY_INTERFACE': 'CGI/1.1',
'HTTP_ACCEPT': 'text/html',
'HTTP_HOST': 'www.google.com',
'HTTP_PROXY_CONNECTION': 'close',
'HTTP_USER_AGENT': 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)',
'PATH_INFO': u'/',
'PATH_TRANSLATED': '/srv/project/sms/apache/django.wsgi/',
'QUERY_STRING': '',
'REMOTE_ADDR': '183.91.14.60',
'REMOTE_PORT': '55739',
'REQUEST_METHOD': 'GET',
'REQUEST_URI': 'http://www.google.com/',
'SCRIPT_FILENAME': '/srv/project/sms/apache/django.wsgi',
'SCRIPT_NAME': u'',
'SERVER_ADDR': '10.229.37.116',
'SERVER_ADMIN': '[no address given]',
'SERVER_NAME': 'www.google.com',
'SERVER_PORT': '80',
'SERVER_PROTOCOL': 'HTTP/1.0',
'SERVER_SIGNATURE': '<address>Apache/2.2.22 (Ubuntu) Server at www.google.com Port 80</address>\n',
'SERVER_SOFTWARE': 'Apache/2.2.22 (Ubuntu)',
'mod_wsgi.application_group': 'www.domain.com|',
'mod_wsgi.callable_object': 'application',
'mod_wsgi.handler_script': '',
'mod_wsgi.input_chunked': '0',
'mod_wsgi.listener_host': '',
'mod_wsgi.listener_port': '80',
'mod_wsgi.process_group': 'domain.com',
'mod_wsgi.request_handler': 'wsgi-script',
'mod_wsgi.script_reloading': '1',
'mod_wsgi.version': (3, 3),
'wsgi.errors': <mod_wsgi.Log object at 0x7f348e39a6f0>,
'wsgi.file_wrapper': <built-in method file_wrapper of mod_wsgi.Adapter object at 0x7f348e3f7d50>,
'wsgi.input': <newrelic.api.web_transaction.WSGIInputWrapper object at 0x7f348de819d0>,
'wsgi.multiprocess': True,
'wsgi.multithread': True,
'wsgi.run_once': False,
'wsgi.url_scheme': 'http',
'wsgi.version': (1, 1)}>
4

2 回答 2

4

来自 183.91.14.60 (REMOTE_ADDR) 的某人正在连接到您的服务器并请求 Google 的主页 (REQUEST_URI);由于您没有托管 Google,这确实很可疑。这与 Google 索引机器人无关。

我还在我的服务器上看到了来自这个 IP 地址的这个请求(但没有看到这个错误消息)。我的猜测是有人正在扫描服务器以寻找开放代理。

我不会将 www.google.com 添加到任何允许的主机列表中。

如果您从同一个 REMOTE_ADDR 收到很多这些,我会考虑将该 IP 地址添加到 /etc/hosts.deny 或防火墙上的阻止列表中。如何做到这一点取决于您的设置,我怀疑这超出了 StackOverflow 的范围。

于 2013-05-10T13:59:33.323 回答
0

“确保您传递给应用程序服务器的主机名(可能通过 nginx)没有 _ ,否则 Django 将不会在生产中验证主机名”

来自:http ://timmyomahony.com/blog/2013/04/24/suspiciousoperation-invalid-http_host-header-django/

于 2013-05-10T13:27:52.473 回答