sentry-python: Invalid HTTP_HOST header

I used raven package in Django before and it worked well so far. Recently I replaced it with latest sentry-python and getting weird error notifications continuously.

Invalid HTTP_HOST header: 'server_ip'. You may need to add 'server_ip' to ALLOWED_HOSTS.

I added server domain, 127.0.0.1 and localhost in allowed hosts.

I think there is no direct request to server IP instead of the domain.

Any help to fix the issue is appreciated.

About this issue

Original URL
State: closed
Created 4 years ago
Reactions: 3
Comments: 22 (10 by maintainers)

Commits related to this issue

feat: Add AWS Security Scanner to web crawlers (#577) See discussion at getsentry/sentry-python#641 — committed to getsentry/relay by untitaker 4 years ago
Don't send DisallowedHost errors to Sentry They were getting noisy, and they all look like security scanners. https://github.com/getsentry/sentry-python/issues/641#issuecomment-595391423 — committed to natbat/pillarpointstewards by simonw 2 years ago

Most upvoted comments

Yeah this came up a few times before. I think we should just start ignoring that logger, for now you can do:

from sentry.integrations.logging import ignore_logger
ignore_logger("django.security.DisallowedHost")

+22

untitaker on Mar 5, 2020

This is the nginx configuration that fixes the issue:

server {
    listen                      80 default_server;
    listen                      [::]:80 default_server;

    return                      444;
}

camilonova on Apr 5, 2020

One thing we could do is to add AWS Security Scanners to our list of web crawlers that we offer a filter for: https://docs.sentry.io/accounts/quotas/#inbound-data-filters

untitaker on May 5, 2020

I was investigating about that, I saw a lot of option like:

This option works perfect but It blocks google bot and crawlers to index the webpages, for that reasons I used the second option and removed this:

# you can use $host and $http_host to verify it
server {
  if ($host = yourdomain.com {
    return 301 https://$host$request_uri;
  }

  listen 80;
  listen [::]:80;

  server_name yourdomain.com;
  return 404;
}

This is perfect because don’t block crawlers for seo

from sentry_sdk.integrations.logging import ignore_logger

ignore_logger("django.security.DisallowedHost")

rbtsolis on Mar 8, 2023

@untitaker im not the original issue creator, but thanks for this 😃

pixelicous on May 21, 2020