How can I drop requests with bad hostname

Hello friends,
I’ve deployed a simple django app in fly.io. However I have observed that my application server rececives a lot of HTTP requests to funny hostnames i.e I get errors like Invalid HTTP_HOST header: ‘213.188.215.250:80’. Is there a way to configure fly.io to allow requests only to a particular hostname and drop everything else so they won’t reach my app ?

TIA,
Serafeim

We have a feature coming that will help with this, but I’m not sure when it will be ready. Hopefully soon!

For now, you can prevent a lot of this by configuring http → https redirects in your django app. We drop TLS connections that don’t match the certificate name, so a very early http redirect is a nice way to ditch bad traffic.

2 Likes

Thank you @kurt !

Kind regards,
Serafeim

@kurt : I continue to get these even though my Django apps have https configured and redirects set up.

Site is here https://www.reactivated.io . Note all http is redirect.

The error is the same:

[Django] ERROR (EXTERNAL IP): Invalid HTTP_HOST header: '2a09:8280:1::21ad'. The domain name provided is not valid according to RFC 1034/1035

When you say “configuring http → https”, do you mean doing so at the Django app level (that’s what I did) or at the Fly level with force_https? Because doing so at the Django app level with SECURE_SSL_REDIRECT still produces the error.

Thanks!