Django ALLOWED_HOSTS error

I get a Sentry Error for an ALLOWED_HOSTS error from our Django app deployed on Fly.

DisallowedHost /
Invalid HTTP_HOST header: '146.70.54.85'. You may need to add '146.70.54.85' to ALLOWED_HOSTS.

How can I know which IPs to add to our Django allowed hosts? Is there some other setting I can use so instead of the IP address the health check uses a DNS entry (we already have *.fly.dev as allowed hosts)

Thanks!

Hi @shicholas ,

For our production we can start with .fly.dev (or the provider’s subdomain you chose) and update for the dedicated URL once your app is deployed to the hosting platform.

CSRF_TRUSTED_ORIGINS should also be defined with a list of origins to perform unsafe requests (e.g. POST). We can set the subdomain https://*.fly.dev (or the provider’s subdomain you chose) until our deployment is done and we have the proper domain for our website.

# settings.py
ALLOWED_HOSTS = ['localhost', '127.0.0.1', '.fly.dev']  # <-- Updated!

CSRF_TRUSTED_ORIGINS = ['https://*.fly.dev']  # <-- Updated!

I hope that helps,
Sergio Turpín

I have the same error. The IP reported as invalid host is the main public IPv4 attached to my machines.

I don’t understand why this may be used to access my app. I don’t even understand how a request to that host could be routed to the wsgi process (as far as I know, this IP is shared…).

At some point, I thought these requests were some sort of probe designed to check if a machine is alive or not. But these requests came at totally random moments.

So I have no clue on which source perfome these calls. I am open to any suggestion :wink:

Hey @alorence :raising_hand_man:

This answer may help you to understand.

I hope that helps,
Sergio Turpín