Why is Django throwing error "DisallowedHost at /"?
Question:
I am setting up my own Django server using this Digital Ocean tutorial. I created the Django framework following each step, and ran the server using this command:
./manage.py runserver 0.0.0.0:8000
When I tried to visit the IP at port 8000, the following error was shown:
DisallowedHost at /
Invalid HTTP_HOST header: 'XXX.XXX.XXX.XXX:8000'. You may need to add u'XXX.XXX.XXX.XXX' to ALLOWED_HOSTS.
(IP substituted with X’s)
Why is this happening?
Answers:
In your settings.py
, there is a list called ALLOWED_HOSTS
. You need to add the IP address you see in the error to that list:
ALLOWED_HOSTS = ['XX.XX.XX.XX']
Note: only add the IP address, and not the port (e.g., 127.0.0.1
and not 127.0.0.1:8000
)
Explanation:
Django checks the Host
header of the HTTP request for a url/ip address that is within the allowed hosts.
From the django website:
This is a security measure to prevent HTTP Host header attacks, which are possible even under many seemingly-safe web server configurations.
https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts
Include both (‘www.name.com’, ‘ip.ip.ip.ip’)
Set Debug = True, then retry the IP & URL Address.
Go to the Traceback section, find the message [ raise DisallowedHost(msg) ]
click -> ▼ Local vars
It will show the incoming domain name and the settings for allowed hosts:
*Variable Value
*allowed_hosts ['ip.ip.ip.ip', 'name.com']
*domain 'something.com'
*
Copy the incoming value into your settings.py. If the you see old settings restart the servernginx
For development, you can use the *
wildcard to allow all hosts in settings.py
:
ALLOWED_HOSTS = [‘*’]
Important
Modify this configuration when you deploy your app in production environment.
For Run Django Project on localhost with free hosting by “ngrok”
run ngrok http 8000
(before run this in your project make sure your project are required to run on localhost like- python manage.py runserver)
http://563ae936.ngrok.io -> http://localhost:8000
Edit Setting.py
ALLOWED_HOSTS = [‘563ae936.ngrok.io’, ‘localhost’, ‘127.0.0.1’, ‘testserver’]
Here “563ae936.ngrok.io” Replace your Host name with removing http:// or https://
Go to setting.py
ALLOWED_HOSTS = [‘*’]
Sometimes is not enough to just add it to the host as a frustratedly tried over and over. Sometimes is stuck in cache and you’re getting the same error even if you did everything right. In that case what worked for me is change the port, from 8081 and cache problem was over.
I ran it like this:
python3 manage.py runserver 127.0.0.1:8081
I am setting up my own Django server using this Digital Ocean tutorial. I created the Django framework following each step, and ran the server using this command:
./manage.py runserver 0.0.0.0:8000
When I tried to visit the IP at port 8000, the following error was shown:
DisallowedHost at /
Invalid HTTP_HOST header: 'XXX.XXX.XXX.XXX:8000'. You may need to add u'XXX.XXX.XXX.XXX' to ALLOWED_HOSTS.
(IP substituted with X’s)
Why is this happening?
In your settings.py
, there is a list called ALLOWED_HOSTS
. You need to add the IP address you see in the error to that list:
ALLOWED_HOSTS = ['XX.XX.XX.XX']
Note: only add the IP address, and not the port (e.g., 127.0.0.1
and not 127.0.0.1:8000
)
Explanation:
Django checks the Host
header of the HTTP request for a url/ip address that is within the allowed hosts.
From the django website:
This is a security measure to prevent HTTP Host header attacks, which are possible even under many seemingly-safe web server configurations.
https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts
Include both (‘www.name.com’, ‘ip.ip.ip.ip’)
Set Debug = True, then retry the IP & URL Address.
Go to the Traceback section, find the message [ raise DisallowedHost(msg) ]
click -> ▼ Local vars
It will show the incoming domain name and the settings for allowed hosts:
*Variable Value
*allowed_hosts ['ip.ip.ip.ip', 'name.com']
*domain 'something.com'
*
Copy the incoming value into your settings.py. If the you see old settings restart the servernginx
For development, you can use the *
wildcard to allow all hosts in settings.py
:
ALLOWED_HOSTS = [‘*’]
Important
Modify this configuration when you deploy your app in production environment.
For Run Django Project on localhost with free hosting by “ngrok”
run ngrok http 8000
(before run this in your project make sure your project are required to run on localhost like- python manage.py runserver)
http://563ae936.ngrok.io -> http://localhost:8000
Edit Setting.py
ALLOWED_HOSTS = [‘563ae936.ngrok.io’, ‘localhost’, ‘127.0.0.1’, ‘testserver’]
Here “563ae936.ngrok.io” Replace your Host name with removing http:// or https://
Go to setting.py
ALLOWED_HOSTS = [‘*’]
Sometimes is not enough to just add it to the host as a frustratedly tried over and over. Sometimes is stuck in cache and you’re getting the same error even if you did everything right. In that case what worked for me is change the port, from 8081 and cache problem was over.
I ran it like this:
python3 manage.py runserver 127.0.0.1:8081