Eddie Welker.com

Hahaha.

  • Blog The blog
  • About About me

October 3, 2014
Posted by Eddie

Django, ALLOWED_HOSTS, Host header, Proxying, and more!

Django tries to avoid CSRF, and thus requires a HTTP Host header be sent. Host is optional in HTTP1.0, so it therefore basically requires HTTP1.1. That Host header has to conform with RFC 1034 or RFC 1035.

A proxy sitting in front of Django will pretty much do whatever you tell it to do, so it basically needs to convert HTTP1.0 requests into HTTP1.1 requests.  To do this in Nginx, you need to know the difference between $host and $http_host, and have set $server_name.

A HTTP1.0 request, as rare as it sounds, is possible, as tools like HAProxy send HTTP1.0 requests without Host headers. This implies that Amazon ELB or OpenStack Neutron health checks are all HTTP1.0 requests.

Comments Off on Django, ALLOWED_HOSTS, Host header, Proxying, and more!

Posted Under Uncategorized

No Comments Yet

You can be the first to comment!

Sorry, comments for this entry are closed at this time.

  • Me, elsewhere
    • tweets @ twitter
    • photos @ flickr
    • music @ last.fm
    • bookmarks @ delicious
    • articles @ google reader
    • events @ upcoming
    • location @ brightkite
    • updates @ friendfeed
    • books @ goodreads
    • me @ linkedin
    • me @ facebook
    • me @ github
    • me @ columbiaorchestra
  • My photos


  • What I'm listening to
    • No recently listened tracks.

This site is using the Handgloves WordPress Theme
Designed & Developed by George Wiscombe

Subscribe via RSS