I’ve deployed a simple django app in fly.io. However I have observed that my application server rececives a lot of HTTP requests to funny hostnames i.e I get errors like Invalid HTTP_HOST header: ‘18.104.22.168:80’. Is there a way to configure fly.io to allow requests only to a particular hostname and drop everything else so they won’t reach my app ?
We have a feature coming that will help with this, but I’m not sure when it will be ready. Hopefully soon!
For now, you can prevent a lot of this by configuring http → https redirects in your django app. We drop TLS connections that don’t match the certificate name, so a very early http redirect is a nice way to ditch bad traffic.
@kurt : I continue to get these even though my Django apps have https configured and redirects set up.
Site is here https://www.reactivated.io . Note all http is redirect.
The error is the same:
[Django] ERROR (EXTERNAL IP): Invalid HTTP_HOST header: '2a09:8280:1::21ad'. The domain name provided is not valid according to RFC 1034/1035
When you say “configuring http → https”, do you mean doing so at the Django app level (that’s what I did) or at the Fly level with
force_https? Because doing so at the Django app level with
SECURE_SSL_REDIRECT still produces the error.