I am setting up my own Django server using this Digital Ocean tutorial. I created the Django framework following each step, and ran the server using this command:
./manage.py runserver 0.0.0.0:8000
When I tried to visit the IP at port 8000, the following error was shown:
DisallowedHost at /
Invalid HTTP_HOST header: 'XXX.XXX.XXX.XXX:8000'. You may need to add u'XXX.XXX.XXX.XXX' to ALLOWED_HOSTS.
(IP substituted with X's)
Why is this happening?
In your settings.py, there is a list called ALLOWED_HOSTS. You need to add the IP address you see in the error to that list:
ALLOWED_HOSTS = ['XX.XX.XX.XX']
Note: only add the IP address, and not the port (e.g., 127.0.0.1 and not 127.0.0.1:8000)
Django checks the Host header of the HTTP request for a url/ip address that is within the allowed hosts.
From the django website:
This is a security measure to prevent HTTP Host header attacks, which are possible even under many seemingly-safe web server configurations.
https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts