Django谷歌可疑行动

时间:2013-05-10 12:59:31

标签: django

我是Django的新手,并通过电子邮件向我发送同样的错误。这是关于允许的主机(使用Django 1.5)。为什么它认为谷歌是可疑的?我是否应该允许Google,是否会阻止我的网站被编入索引?

Traceback (most recent call last):

  File "/usr/local/lib/python2.7/dist-packages/django/core/handlers/base.py", line 92, in get_response
    response = middleware_method(request)

  File "/usr/local/lib/python2.7/dist-packages/newrelic-1.11.0.55/newrelic/api/object_wrapper.py", line 216, in __call__
    self._nr_instance, args, kwargs)

  File "/usr/local/lib/python2.7/dist-packages/newrelic-1.11.0.55/newrelic/hooks/framework_django.py", line 204, in wrapper
    return wrapped(*args, **kwargs)

  File "/usr/local/lib/python2.7/dist-packages/django/middleware/common.py", line 57, in process_request
    host = request.get_host()

  File "/usr/local/lib/python2.7/dist-packages/django/http/request.py", line 72, in get_host
    "Invalid HTTP_HOST header (you may need to set ALLOWED_HOSTS): %s" % host)

SuspiciousOperation: Invalid HTTP_HOST header (you may need to set ALLOWED_HOSTS): www.google.com


<WSGIRequest
path:/,
GET:<QueryDict: {}>,
POST:<QueryDict: {}>,
COOKIES:{},
META:{'DOCUMENT_ROOT': '/srv/project/sms',
'GATEWAY_INTERFACE': 'CGI/1.1',
'HTTP_ACCEPT': 'text/html',
'HTTP_HOST': 'www.google.com',
'HTTP_PROXY_CONNECTION': 'close',
'HTTP_USER_AGENT': 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)',
'PATH_INFO': u'/',
'PATH_TRANSLATED': '/srv/project/sms/apache/django.wsgi/',
'QUERY_STRING': '',
'REMOTE_ADDR': '183.91.14.60',
'REMOTE_PORT': '55739',
'REQUEST_METHOD': 'GET',
'REQUEST_URI': 'http://www.google.com/',
'SCRIPT_FILENAME': '/srv/project/sms/apache/django.wsgi',
'SCRIPT_NAME': u'',
'SERVER_ADDR': '10.229.37.116',
'SERVER_ADMIN': '[no address given]',
'SERVER_NAME': 'www.google.com',
'SERVER_PORT': '80',
'SERVER_PROTOCOL': 'HTTP/1.0',
'SERVER_SIGNATURE': '<address>Apache/2.2.22 (Ubuntu) Server at www.google.com Port 80</address>\n',
'SERVER_SOFTWARE': 'Apache/2.2.22 (Ubuntu)',
'mod_wsgi.application_group': 'www.domain.com|',
'mod_wsgi.callable_object': 'application',
'mod_wsgi.handler_script': '',
'mod_wsgi.input_chunked': '0',
'mod_wsgi.listener_host': '',
'mod_wsgi.listener_port': '80',
'mod_wsgi.process_group': 'domain.com',
'mod_wsgi.request_handler': 'wsgi-script',
'mod_wsgi.script_reloading': '1',
'mod_wsgi.version': (3, 3),
'wsgi.errors': <mod_wsgi.Log object at 0x7f348e39a6f0>,
'wsgi.file_wrapper': <built-in method file_wrapper of mod_wsgi.Adapter object at 0x7f348e3f7d50>,
'wsgi.input': <newrelic.api.web_transaction.WSGIInputWrapper object at 0x7f348de819d0>,
'wsgi.multiprocess': True,
'wsgi.multithread': True,
'wsgi.run_once': False,
'wsgi.url_scheme': 'http',
'wsgi.version': (1, 1)}>

2 个答案:

答案 0 :(得分:4)

来自183.91.14.60(REMOTE_ADDR)的某人正在连接到您的服务器并要求使用Google的主页(REQUEST_URI);因为你没有托管谷歌这确实是可疑的。这与Google索引机器人无关。

我也在此IP地址的服务器上看到了此请求(但不是此错误消息)。我的猜测是有人正在扫描寻找开放代理的服务器。

我不会将www.google.com添加到任何允许的主机列表中。

如果您从同一个REMOTE_ADDR收到大量这些内容,我会考虑将该IP地址添加到/etc/hosts.deny或防火墙上的阻止列表中。如何执行此操作取决于您的设置,我怀疑,这超出了StackOverflow的范围。

答案 1 :(得分:0)

“确保您传递给应用程序服务器的主机名(可能是通过nginx)中没有_或Django不会在生产中验证主机名”

来自:http://timmyomahony.com/blog/2013/04/24/suspiciousoperation-invalid-http_host-header-django/