Hello friends,
I’ve deployed a simple django app in fly.io. However I have observed that my application server rececives a lot of HTTP requests to funny hostnames i.e I get errors like Invalid HTTP_HOST header: ‘213.188.215.250:80’. Is there a way to configure fly.io to allow requests only to a particular hostname and drop everything else so they won’t reach my app ?
TIA,
Serafeim
We have a feature coming that will help with this, but I’m not sure when it will be ready. Hopefully soon!
For now, you can prevent a lot of this by configuring http → https redirects in your django app. We drop TLS connections that don’t match the certificate name, so a very early http redirect is a nice way to ditch bad traffic.
Thank you @kurt !
Kind regards,
Serafeim
@kurt : I continue to get these even though my Django apps have https configured and redirects set up.
Site is here https://www.reactivated.io . Note all http is redirect.
The error is the same:
[Django] ERROR (EXTERNAL IP): Invalid HTTP_HOST header: '2a09:8280:1::21ad'. The domain name provided is not valid according to RFC 1034/1035
When you say “configuring http → https”, do you mean doing so at the Django app level (that’s what I did) or at the Fly level with force_https? Because doing so at the Django app level with SECURE_SSL_REDIRECT still produces the error.
Thanks!
Hey @kurt, I also want to block these type of requests from ever reaching my Django app:
Invalid HTTP_HOST header: ‘66.241.125.70:443’.
You mentioned that you had a feature in the pipeline to solve this. Has that been deployed now?