I'm by setting two domains that point to the same IP of Django, but I can just logging in to one, on the other just will not let me, from the admin or web always redirects me to the logging box, tried everything but nothing.
In test environment I have django running on runserer and the / etc / hosts as follows:
# This if it works
127.0.0.1 talleres.host1.com
# This one does not work
127.0.0.1 talleres.host2.com
I think the problem is with django but not to start looking, anyone know about this?
Make sure your ALLOWED_HOSTS looks like this:
ALLOWED_HOSTS = ['.host1.com',
'.host2.com',]
Related
I'm runing specfic configuration. I got django runing on apache on address localhost:8001 and react app running on nginx on localhost:8005. Also I use ngingx to route proxy. My biggest problem is when I try to call DRF API by React (calling http://127.0.0.1:8001/api-token-auth/ so I got / at the end of the endpoint for sure) I'm getting POST http://127.0.0.1:8001/api-token-auth/ net::ERR_CONNECTION_REFUSED
Backend is running fine, I can use endpoint from HTTPie or POSTMAN
When I call backend by external domain name in React like 'example.com/api-token-auth/' it's working just fine. How can I solve this?
Adding ALLOWED_HOSTS = ['127.0.0.1'] or ALLOWED_HOSTS = ['*'] may solve your issue of connection refused in your django settings.py file.
https://docs.djangoproject.com/en/3.0/ref/settings/#allowed-hosts
EDIT:
http://' + require("os").hostname() + ':8001/ or
http://' + require("ip").address() + ':8001/'
Try using this while building the localhost ip. People have fixed this issue with this change.
I keep getting an Invalid HOST Header error which I am trying to find the cause of. It reads as such:
Report at /GponForm/diag_Form
Invalid HTTP_HOST header: '192.168.0.1:443'. You may need to add '192.168.0.1' to ALLOWED_HOSTS
I do not know what /GponForm/diag_Form is but from the looks of it, it may be a vulnerability attacked by malware.
I also am wondering why the IP is from a router 192.168.0.1 as well as why it is coming through SSL :443
Should I consider putting a HoneyPot and blocking this IP address? Before I do, why does the IP look like a local router?
The full Request URL in the report looks like this:
Request URL: https://192.168.0.1:443/GponForm/diag_Form?style/
I am getting this error at least ~10x/day now so I would like to stop it.
Yes, this surely represents a vulnerability - someone tried to access this url on router (which usually have ip 192.168.0.1).
It looks so because request from attacker contains HOST header with this value.
Maybe django is run locally with DEBUG=True.
You may consider running it more production wised with web-server (i.e. nginx) in front filtering unwanted requests with nginx config and further adding fail2ban to parse nginx error logs and ban ip.
Or make site available only from specific ips / ads simple authorization, i.e. Basic Auth on web-server level.
Previous irrelevant answer
ALLOWED_HOSTS option specifies domains django project can serve.
In running locally - python manage.py runserver or with DEBUG=True - it defaults to localhost, 127.0.0.1 and similar.
If you are accessing django via different url - it will complain in such a manner.
To allow access from another domains - add them to ALLOWED_HOSTS: ALLOWED_HOSTS = ['localhost', '127.0.0.1', '[::1]', '192.168.0.1'].
I have uploaded a layer to geonode using the web interface. I would now like to see the layers details.
I have debugging turned on. This is the error page.
This feels like something I would need to change in local_settings.py? I have default values except for the following:
ALLOWED_HOSTS = ['*']
DEBUG = True
Have a look at the geoserver URL which is missing a /
Make sure that your geoserver url is correctly set in settings:
https://github.com/GeoNode/geonode/blob/master/geonode/local_settings.py.geoserver.sample#L110
and correctly redirected in apache conf:
https://github.com/GeoNode/geonode-project/blob/master/scripts/misc/apache2/geonode.conf.sample#L105
I have two Django applications working on the AWS Lightsail. First one is working great with www.firstapp.com and firstapp.com, but when I try to visit the second app without www in URL, it returns 400 Bad Request. In both apps, DEBUG set to False, and I have necessary hosts in settings.py like this:
ALLOWED_HOSTS = [
'.secondapp.com'
]
I have tried with '*' and also tried to write down all possible hosts in ALLOWED_HOSTS but it didn't work. I am able to see website with www.secondapp.com but secondapp.com always return Bad Request (400)
After any update in settings.py, I always restart Apache (tried to reload also) nothing changes, still getting 400 Bad Request. Any ideas? Maybe I should set up AWS in some way, this is my first experience with Django
For anyone who will face this kind of issues, check your VirtualHost configurations. In my VirtualHost configurations I had ServerName as www.secondapp.com when I add ServerAlias secondapp.com it works. Now I am able to see my app with www.secondapp.com and secondapp.com.
P.S.: However I don't have ServerAlias for first application but it still working as www.firstapp.com and firstapp.com, not sure why this casing an issue for the second one.
When I set SESSION_COOKIE_DOMAIN = '.mysite.com' and then run the production site, the site creates the proper cross domain cookie and it's set to .mysite.com. However, if I set SESSION_COOKIE_DOMAIN = '.localhost' and run the local development server at localhost:8000 the cookie that is created is the non-cross domain cookie localhost.
Why might this be the case?
Thanks.
This has to do with how browsers and cookies work. Because you're not allowed to set cookies to something like .com, you can't set it as .localhost either.
You can check out more here: https://code.djangoproject.com/ticket/10560. Looks like there's no real solution within Django for this. I do wish they would warn us though rather than just break.
I don't have a good solution though. For testing you could set your hosts file to use something like test.com instead of localhost to point to your runserver.
for dev server, you can just use
SESSION_COOKIE_SECURE= False #default use just to override your prod setting
SESSION_COOKIE_DOMAIN= None #default use just to override your prod setting
or you can resolve domain name with the host's file
SESSION_COOKIE_DOMAIN= '.localhost'
Or something like this
SESSION_COOKIE_SECURE= False
SESSION_COOKIE_DOMAIN= "127.0.0.1"
You can't set SESSION_COOKIE_DOMAIN = '.localhost' because of browsers security features. (cf Django issue 10560)
However if you have foo.localhost:8000 and bar.localhost:8000 you can
switch to foo.dev.localhost:8000 and bar.dev.localhost:8000 and set
SESSION_COOKIE_DOMAIN = '.dev.localhost'
SESSION_COOKIE_NAME = "youcustomcookiename"